Ubuntu Security Notice 7021-5 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7021-5October 31, 2024linux-azure-fde vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - BTRFS file system;  - F2FS file system;  - GFS2 file system;  - BPF subsystem;  - Netfilter;  - RxRPC session sockets;  - Integrity Measurement Architecture(IMA) framework;(CVE-2024-27012, CVE-2024-38570, CVE-2024-42228, CVE-2024-41009,CVE-2024-39494, CVE-2024-42160, CVE-2024-39496, CVE-2024-26677)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1073-azure-fde  5.15.0-1073.82.1  linux-image-azure-fde-lts-22.04  5.15.0.1073.82.50After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7021-5  https://ubuntu.com/security/notices/USN-7021-4  https://ubuntu.com/security/notices/USN-7021-3  https://ubuntu.com/security/notices/USN-7021-2  https://ubuntu.com/security/notices/USN-7021-1  CVE-2024-26677, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,  CVE-2024-39496, CVE-2024-41009, CVE-2024-42160, CVE-2024-42228Package Information:  https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1073.82.1

Ubuntu Security Notice USN-7021-5

Ubuntu Security Notice 7086-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-7086-1October 31, 2024firefox vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Firefox.Software Description:- firefox: Mozilla Open Source web browserDetails:Multiple security issues were discovered in Firefox. If a user weretricked into opening a specially crafted website, an attacker couldpotentially exploit these to cause a denial of service, obtain sensitiveinformation across domains, or execute arbitrary code. (CVE-2024-10458CVE-2024-10459, CVE-2024-10460, CVE-2024-10461, CVE-2024-10462,CVE-2024-10463, CVE-2024-10464, CVE-2024-10465, CVE-2024-10466,CVE-2024-10467, CVE-2024-10468)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  firefox                         132.0+build1-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-7086-1  CVE-2024-10458, CVE-2024-10459, CVE-2024-10460, CVE-2024-10461,  CVE-2024-10462, CVE-2024-10463, CVE-2024-10464, CVE-2024-10465,  CVE-2024-10466, CVE-2024-10467, CVE-2024-10468Package Information:  https://launchpad.net/ubuntu/+source/firefox/132.0+build1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-7086-1

Ubuntu Security Notice 7087-1 - It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-7087-1  
October 31, 2024

libarchive vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

libarchive could be made to crash or run programs as your login if it  
opened a specially crafted file.

Software Description:  
- libarchive: Library to read/write archive files

Details:

It was discovered that libarchive incorrectly handled certain RAR archive  
files. If a user or automated system were tricked into processing a  
specially crafted RAR archive, an attacker could use this issue to cause  
libarchive to crash, resulting in a denial of service, or possibly execute  
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  libarchive13t64                 3.7.4-1ubuntu0.1

Ubuntu 24.04 LTS  
  libarchive13t64                 3.7.2-2ubuntu0.3

Ubuntu 22.04 LTS  
  libarchive13                    3.6.0-1ubuntu1.3

Ubuntu 20.04 LTS  
  libarchive13                    3.4.0-2ubuntu1.4

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7087-1  
  CVE-2024-20696

Package Information:  
  https://launchpad.net/ubuntu/+source/libarchive/3.7.4-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/libarchive/3.7.2-2ubuntu0.3  
  https://launchpad.net/ubuntu/+source/libarchive/3.6.0-1ubuntu1.3  
  https://launchpad.net/ubuntu/+source/libarchive/3.4.0-2ubuntu1.4

Ubuntu Security Notice USN-7087-1

Ubuntu Security Notice 7085-2 - USN-7085-1 fixed a vulnerability in X.Org. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations in the X Keyboard Extension. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-7085-2  
October 30, 2024

xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

X.Org X Server could be made to crash or run programs if it received  
specially crafted data.

Software Description:  
- xorg-server: X.Org X11 server  
- xorg-server-hwe-18.04: X.Org X11 server  
- xorg-server-hwe-16.04: X.Org X11 server

Details:

USN-7085-1 fixed a vulnerability in X.Org. This update provides  
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

 Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
 certain memory operations in the X Keyboard Extension. An attacker could  
 use this issue to cause the X Server to crash, leading to a denial of  
 service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS  
  xserver-xorg-core               2:1.19.6-1ubuntu4.15+esm9  
                                  Available with Ubuntu Pro  
  xserver-xorg-core-hwe-18.04     2:1.20.8-2ubuntu2.2~18.04.11+esm1  
                                  Available with Ubuntu Pro  
  xwayland                        2:1.19.6-1ubuntu4.15+esm9  
                                  Available with Ubuntu Pro  
  xwayland-hwe-18.04              2:1.20.8-2ubuntu2.2~18.04.11+esm1  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  xserver-xorg-core               2:1.18.4-0ubuntu0.12+esm14  
                                  Available with Ubuntu Pro  
  xserver-xorg-core-hwe-16.04     2:1.19.6-1ubuntu4.1~16.04.6+esm6  
                                  Available with Ubuntu Pro  
  xwayland                        2:1.18.4-0ubuntu0.12+esm14  
                                  Available with Ubuntu Pro  
  xwayland-hwe-16.04              2:1.19.6-1ubuntu4.1~16.04.6+esm6  
                                  Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7085-2  
  https://ubuntu.com/security/notices/USN-7085-1  
  CVE-2024-9632

Ubuntu Security Notice USN-7085-2

Ubuntu Security Notice 7084-2 - USN-7084-1 fixed vulnerability in urllib3. This update provides the corresponding update for the urllib3 module bundled into pip. It was discovered that urllib3 didn't strip HTTP Proxy-Authorization header on cross-origin redirects. A remote attacker could possibly use this issue to obtain sensitive information.

==========================================================================  
Ubuntu Security Notice USN-7084-2  
October 30, 2024

python-pip vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

urllib3 could leak sensitive information.

Software Description:  
- python-pip: Python package installer

Details:

USN-7084-1 fixed vulnerability in urllib3. This update provides the  
corresponding update for the urllib3 module bundled into pip.

Original advisory details:

 It was discovered that urllib3 didn't strip HTTP Proxy-Authorization  
 header on cross-origin redirects. A remote attacker could possibly use  
 this issue to obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  python3-pip                     24.2+dfsg-1ubuntu0.1  
  python3-pip-whl                 24.2+dfsg-1ubuntu0.1

Ubuntu 24.04 LTS  
  python3-pip                     24.0+dfsg-1ubuntu1.1  
  python3-pip-whl                 24.0+dfsg-1ubuntu1.1

Ubuntu 22.04 LTS  
  python3-pip                     22.0.2+dfsg-1ubuntu0.5  
  python3-pip-whl                 22.0.2+dfsg-1ubuntu0.5

Ubuntu 20.04 LTS  
  python-pip-whl                  20.0.2-5ubuntu1.11  
  python3-pip                     20.0.2-5ubuntu1.11

Ubuntu 18.04 LTS  
  python-pip                      9.0.1-2.3~ubuntu1.18.04.8+esm6  
                                  Available with Ubuntu Pro  
  python-pip-whl                  9.0.1-2.3~ubuntu1.18.04.8+esm6  
                                  Available with Ubuntu Pro  
  python3-pip                     9.0.1-2.3~ubuntu1.18.04.8+esm6  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  python-pip                      8.1.1-2ubuntu0.6+esm10  
                                  Available with Ubuntu Pro  
  python-pip-whl                  8.1.1-2ubuntu0.6+esm10  
                                  Available with Ubuntu Pro  
  python3-pip                     8.1.1-2ubuntu0.6+esm10  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7084-2  
  https://ubuntu.com/security/notices/USN-7084-1  
  CVE-2024-37891

Package Information:  
https://launchpad.net/ubuntu/+source/python-pip/24.2+dfsg-1ubuntu0.1  
https://launchpad.net/ubuntu/+source/python-pip/24.0+dfsg-1ubuntu1.1  
https://launchpad.net/ubuntu/+source/python-pip/22.0.2+dfsg-1ubuntu0.5  
https://launchpad.net/ubuntu/+source/python-pip/20.0.2-5ubuntu1.11

Ubuntu Security Notice USN-7084-2

Red Hat Security Advisory 2024-8680-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and null pointer vulnerabilities.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8680.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: mod_http2 security updateAdvisory ID:        RHSA-2024:8680-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8680Issue date:         2024-10-31Revision:           03CVE Names:          CVE-2024-36387====================================================================Summary: An update for mod_http2 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers.Security Fix(es):* mod_http2: DoS by null pointer in websocket over HTTP/2 (CVE-2024-36387)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-36387References:https://access.redhat.com/security/updates/classification/#lowhttps://bugzilla.redhat.com/show_bug.cgi?id=2295006

Red Hat Security Advisory 2024-8680-03

Red Hat Security Advisory 2024-8679-03 - An update for podman is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8679.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: podman security updateAdvisory ID:        RHSA-2024:8679-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8679Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-9675====================================================================Summary: An update for podman is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fix(es):* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9675References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2317458

Red Hat Security Advisory 2024-8679-03

Red Hat Security Advisory 2024-8678-03 - An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a cross site scripting vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8678.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: grafana security updateAdvisory ID:        RHSA-2024:8678-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8678Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-9355====================================================================Summary: An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es):* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)* dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9355References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315719https://bugzilla.redhat.com/show_bug.cgi?id=2318052

Red Hat Security Advisory 2024-8678-03

Red Hat Security Advisory 2024-8676-03 - Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.17.0 on Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8676.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift Data Foundation 4.17.0 Security, Enhancement, & Bug Fix Update  
Advisory ID:        RHSA-2024:8676-03  
Product:            Red Hat OpenShift Data Foundation  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8676  
Issue date:         2024-10-30  
Revision:           03  
CVE Names:          CVE-2023-26136  
====================================================================

Summary: 

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.17.0 on Red Hat Enterprise Linux 9.

Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:

https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.17/html/4.17_release_notes/index

All Red Hat OpenShift Data Foundation users are advised to upgrade to these packages that provide these bug fixes and enhancements.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-26136

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2059669  
https://bugzilla.redhat.com/show_bug.cgi?id=2190161  
https://bugzilla.redhat.com/show_bug.cgi?id=2219310  
https://bugzilla.redhat.com/show_bug.cgi?id=2241329  
https://bugzilla.redhat.com/show_bug.cgi?id=2245068  
https://bugzilla.redhat.com/show_bug.cgi?id=2250364  
https://bugzilla.redhat.com/show_bug.cgi?id=2253013  
https://bugzilla.redhat.com/show_bug.cgi?id=2257271  
https://bugzilla.redhat.com/show_bug.cgi?id=2259668  
https://bugzilla.redhat.com/show_bug.cgi?id=2262777  
https://bugzilla.redhat.com/show_bug.cgi?id=2268046  
https://bugzilla.redhat.com/show_bug.cgi?id=2268820  
https://bugzilla.redhat.com/show_bug.cgi?id=2271773  
https://bugzilla.redhat.com/show_bug.cgi?id=2272597  
https://bugzilla.redhat.com/show_bug.cgi?id=2275225  
https://bugzilla.redhat.com/show_bug.cgi?id=2275965  
https://bugzilla.redhat.com/show_bug.cgi?id=2276393  
https://bugzilla.redhat.com/show_bug.cgi?id=2276672  
https://bugzilla.redhat.com/show_bug.cgi?id=2279751  
https://bugzilla.redhat.com/show_bug.cgi?id=2279876  
https://bugzilla.redhat.com/show_bug.cgi?id=2280308  
https://bugzilla.redhat.com/show_bug.cgi?id=2280608  
https://bugzilla.redhat.com/show_bug.cgi?id=2280637  
https://bugzilla.redhat.com/show_bug.cgi?id=2283994  
https://bugzilla.redhat.com/show_bug.cgi?id=2292435  
https://bugzilla.redhat.com/show_bug.cgi?id=2292668  
https://bugzilla.redhat.com/show_bug.cgi?id=2294234  
https://bugzilla.redhat.com/show_bug.cgi?id=2294723  
https://bugzilla.redhat.com/show_bug.cgi?id=2297265  
https://bugzilla.redhat.com/show_bug.cgi?id=2297295  
https://bugzilla.redhat.com/show_bug.cgi?id=2297447  
https://bugzilla.redhat.com/show_bug.cgi?id=2297454  
https://bugzilla.redhat.com/show_bug.cgi?id=2299630  
https://bugzilla.redhat.com/show_bug.cgi?id=2299639  
https://bugzilla.redhat.com/show_bug.cgi?id=2300021  
https://bugzilla.redhat.com/show_bug.cgi?id=2300312  
https://bugzilla.redhat.com/show_bug.cgi?id=2300331  
https://bugzilla.redhat.com/show_bug.cgi?id=2300499  
https://bugzilla.redhat.com/show_bug.cgi?id=2301889  
https://bugzilla.redhat.com/show_bug.cgi?id=2302201  
https://bugzilla.redhat.com/show_bug.cgi?id=2302257  
https://bugzilla.redhat.com/show_bug.cgi?id=2302448  
https://bugzilla.redhat.com/show_bug.cgi?id=2302507  
https://bugzilla.redhat.com/show_bug.cgi?id=2302575  
https://bugzilla.redhat.com/show_bug.cgi?id=2302774  
https://bugzilla.redhat.com/show_bug.cgi?id=2302841  
https://bugzilla.redhat.com/show_bug.cgi?id=2302842  
https://bugzilla.redhat.com/show_bug.cgi?id=2303028  
https://bugzilla.redhat.com/show_bug.cgi?id=2303342  
https://bugzilla.redhat.com/show_bug.cgi?id=2303403  
https://bugzilla.redhat.com/show_bug.cgi?id=2303619  
https://bugzilla.redhat.com/show_bug.cgi?id=2303820  
https://bugzilla.redhat.com/show_bug.cgi?id=2303821  
https://bugzilla.redhat.com/show_bug.cgi?id=2303822  
https://bugzilla.redhat.com/show_bug.cgi?id=2303823  
https://bugzilla.redhat.com/show_bug.cgi?id=2303824  
https://bugzilla.redhat.com/show_bug.cgi?id=2303825  
https://bugzilla.redhat.com/show_bug.cgi?id=2303829  
https://bugzilla.redhat.com/show_bug.cgi?id=2304073  
https://bugzilla.redhat.com/show_bug.cgi?id=2304231  
https://bugzilla.redhat.com/show_bug.cgi?id=2304232  
https://bugzilla.redhat.com/show_bug.cgi?id=2304235  
https://bugzilla.redhat.com/show_bug.cgi?id=2304238  
https://bugzilla.redhat.com/show_bug.cgi?id=2304799  
https://bugzilla.redhat.com/show_bug.cgi?id=2304810  
https://bugzilla.redhat.com/show_bug.cgi?id=2304815  
https://bugzilla.redhat.com/show_bug.cgi?id=2304993  
https://bugzilla.redhat.com/show_bug.cgi?id=2305274  
https://bugzilla.redhat.com/show_bug.cgi?id=2305295  
https://bugzilla.redhat.com/show_bug.cgi?id=2305660  
https://bugzilla.redhat.com/show_bug.cgi?id=2305880  
https://bugzilla.redhat.com/show_bug.cgi?id=2306026  
https://bugzilla.redhat.com/show_bug.cgi?id=2306387  
https://bugzilla.redhat.com/show_bug.cgi?id=2306577  
https://bugzilla.redhat.com/show_bug.cgi?id=2307823  
https://bugzilla.redhat.com/show_bug.cgi?id=2307835  
https://bugzilla.redhat.com/show_bug.cgi?id=2307909  
https://bugzilla.redhat.com/show_bug.cgi?id=2308091  
https://bugzilla.redhat.com/show_bug.cgi?id=2308101  
https://bugzilla.redhat.com/show_bug.cgi?id=2308144  
https://bugzilla.redhat.com/show_bug.cgi?id=2308193  
https://bugzilla.redhat.com/show_bug.cgi?id=2308304  
https://bugzilla.redhat.com/show_bug.cgi?id=2308442  
https://bugzilla.redhat.com/show_bug.cgi?id=2308446  
https://bugzilla.redhat.com/show_bug.cgi?id=2309191  
https://bugzilla.redhat.com/show_bug.cgi?id=2309195  
https://bugzilla.redhat.com/show_bug.cgi?id=2309485  
https://bugzilla.redhat.com/show_bug.cgi?id=2309486  
https://bugzilla.redhat.com/show_bug.cgi?id=2309487  
https://bugzilla.redhat.com/show_bug.cgi?id=2309488  
https://bugzilla.redhat.com/show_bug.cgi?id=2309489  
https://bugzilla.redhat.com/show_bug.cgi?id=2309700  
https://bugzilla.redhat.com/show_bug.cgi?id=2310369  
https://bugzilla.redhat.com/show_bug.cgi?id=2310385  
https://bugzilla.redhat.com/show_bug.cgi?id=2310841  
https://bugzilla.redhat.com/show_bug.cgi?id=2310908  
https://bugzilla.redhat.com/show_bug.cgi?id=2311042  
https://bugzilla.redhat.com/show_bug.cgi?id=2311043  
https://bugzilla.redhat.com/show_bug.cgi?id=2311152  
https://bugzilla.redhat.com/show_bug.cgi?id=2311153  
https://bugzilla.redhat.com/show_bug.cgi?id=2311154  
https://bugzilla.redhat.com/show_bug.cgi?id=2311171  
https://bugzilla.redhat.com/show_bug.cgi?id=2311468  
https://bugzilla.redhat.com/show_bug.cgi?id=2311551  
https://bugzilla.redhat.com/show_bug.cgi?id=2311790  
https://bugzilla.redhat.com/show_bug.cgi?id=2311867  
https://bugzilla.redhat.com/show_bug.cgi?id=2311885  
https://bugzilla.redhat.com/show_bug.cgi?id=2311893  
https://bugzilla.redhat.com/show_bug.cgi?id=2312137  
https://bugzilla.redhat.com/show_bug.cgi?id=2312442  
https://bugzilla.redhat.com/show_bug.cgi?id=2313178  
https://bugzilla.redhat.com/show_bug.cgi?id=2313203  
https://bugzilla.redhat.com/show_bug.cgi?id=2313515  
https://bugzilla.redhat.com/show_bug.cgi?id=2313717  
https://bugzilla.redhat.com/show_bug.cgi?id=2313736  
https://bugzilla.redhat.com/show_bug.cgi?id=2314200  
https://bugzilla.redhat.com/show_bug.cgi?id=2314211  
https://bugzilla.redhat.com/show_bug.cgi?id=2314404  
https://bugzilla.redhat.com/show_bug.cgi?id=2314454  
https://bugzilla.redhat.com/show_bug.cgi?id=2314636  
https://bugzilla.redhat.com/show_bug.cgi?id=2315624  
https://bugzilla.redhat.com/show_bug.cgi?id=2315651  
https://bugzilla.redhat.com/show_bug.cgi?id=2315666  
https://bugzilla.redhat.com/show_bug.cgi?id=2315709  
https://bugzilla.redhat.com/show_bug.cgi?id=2315733  
https://bugzilla.redhat.com/show_bug.cgi?id=2315846  
https://bugzilla.redhat.com/show_bug.cgi?id=2318490  
https://bugzilla.redhat.com/show_bug.cgi?id=2319102  
https://bugzilla.redhat.com/show_bug.cgi?id=2319238

Red Hat Security Advisory 2024-8676-03

Red Hat Security Advisory 2024-8675-03 - An update for buildah is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8675.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: buildah security updateAdvisory ID:        RHSA-2024:8675-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8675Issue date:         2024-10-30Revision:           03CVE Names:          CVE-2024-9675====================================================================Summary: An update for buildah is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es):* buildah: Buildah allows arbitrary directory mount (CVE-2024-9675)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9675References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2317458