Apple Security Advisory 05-13-2024-3 - iOS 16.7.8 and iPadOS 16.7.8 addresses bypass vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-05-13-2024-3 iOS 16.7.8 and iPadOS 16.7.8iOS 16.7.8 and iPadOS 16.7.8 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT214100.Apple maintains a Security Releases page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.FoundationAvailable for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generationImpact: An app may be able to access user-sensitive dataDescription: A logic issue was addressed with improved checks.CVE-2024-27789: Mickey Jin (@patch1t)RTKitAvailable for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generationImpact: An attacker with arbitrary kernel read and write capability maybe able to bypass kernel memory protections. Apple is aware of a reportthat this issue may have been exploited.Description: A memory corruption issue was addressed with improvedvalidation.CVE-2024-23296This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 16.7.8 and iPadOS 16.7.8".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCrxIACgkQX+5d1TXaIvrKgxAAjiI4N+H3dHj/1ev1GXuaZRhbSicl8Uv0H/zXt/7dmQVgzdie4YnFehUioBcx4E17yecsCV1fcg8jFui7vYuxxxwbVRCZbJ6757rVoFLadDOkbHi3F6pIIza5oaOfmNsriL8pHBjIalwWsZGlUPNGU9LTykaQA5cUjdA0xzFSd8u5H7DSKfND2aoi8q/5xhFaH3txr61FVqpsdcvsyWSfLRKjaB7i+rNijrgVQnFTSrMiiAOYA9HRNM9JGPFO6BDF/wfVJz55bD0MB0nHtRiDc7LzhhhnPtl6fbjMDLO+k3T7x0pxlZDd0k4Vxy93deTaBiLlTa0UdnBzPmMbTUZXxlICzPeAqnWZXwwDqzu+LAxLcNtKI7IZrWqr4FCQpgkIsrM1LP7Zuc1bXyx5Hflw2vg/eBGwnjH+zxoYqQnjGVy5S7JMan2PRYkeShP8JhHC4ZY3RC3Ta2oQFwOfK6wxIgM0+0zHlOA4bj0AppmzxJqcMmK4XOAbe1alIErzPS43CofElYSBswiCPVPCgQ2qrgP3pHrQFCqnVh37YEdCpc1ocB3ZUYgsURzIxruf6MVbUOrXhvQ8DwH53A/zopEcvdnYgI+nfS9G1cyTPil8FnV6XSCEBcdwov8HctE2V+84WaM/GfBMIY1gXJtVXuNz/GhBJEvDCzvKFBuIaV0H1bw==YjT5-----END PGP SIGNATURE-----

Apple Security Advisory 05-13-2024-3

Apple Security Advisory 05-13-2024-2 - iOS 17.5 and iPadOS 17.5 addresses bypass and code execution vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-05-13-2024-2 iOS 17.5 and iPadOS 17.5iOS 17.5 and iPadOS 17.5 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT214101.Apple maintains a Security Releases page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.AppleAVDAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to execute arbitrary code with kernelprivilegesDescription: The issue was addressed with improved memory handling.CVE-2024-27804: Meysam Firouzi (@R00tkitSMM)AppleMobileFileIntegrityAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker may be able to access user dataDescription: A logic issue was addressed with improved checks.CVE-2024-27816: Mickey Jin (@patch1t)AVEVideoEncoderAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to disclose kernel memoryDescription: The issue was addressed with improved memory handling.CVE-2024-27841: an anonymous researcherFind MyAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: A malicious application may be able to determine a user'scurrent locationDescription: A privacy issue was addressed by moving sensitive data to amore secure location.CVE-2024-27839: Alexander Heinrich, SEEMOO, TU Darmstadt (@Sn0wfreeze),and Shai Mishali (@freak4pc)KernelAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker may be able to cause unexpected app termination orarbitrary code executionDescription: The issue was addressed with improved memory handling.CVE-2024-27818: pattern-f (@pattern_F_) of Ant Security Light-Year LabLibsystemAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to access protected user dataDescription: A permissions issue was addressed by removing vulnerablecode and adding additional checks.CVE-2023-42893: an anonymous researcherMapsAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to read sensitive location informationDescription: A path handling issue was addressed with improvedvalidation.CVE-2024-27810: LFY@secsys of Fudan UniversityMarketplaceKitAvailable for: iPhone XS and laterImpact: A maliciously crafted webpage may be able to distribute a scriptthat tracks users on other webpagesDescription: A privacy issue was addressed with improved client IDhandling for alternative app marketplaces.CVE-2024-27852: Talal Haj Bakry and Tommy Mysk of Mysk Inc. (@mysk_co)NotesAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker with physical access to an iOS device may be able toaccess notes from the lock screenDescription: This issue was addressed through improved state management.CVE-2024-27835: Andr.EssRemoteViewServicesAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker may be able to access user dataDescription: A logic issue was addressed with improved checks.CVE-2024-27816: Mickey Jin (@patch1t)ScreenshotsAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker with physical access may be able to share items fromthe lock screenDescription: A permissions issue was addressed with improved validation.CVE-2024-27803: an anonymous researcherShortcutsAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: A shortcut may output sensitive user data without consentDescription: A path handling issue was addressed with improvedvalidation.CVE-2024-27821: Kirin (@Pwnrin), zbleet, and Csaba Fitzl (@theevilbit)of KandjiSync ServicesAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: This issue was addressed with improved checksCVE-2024-27847: Mickey Jin (@patch1t)Voice ControlAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker may be able to elevate privilegesDescription: The issue was addressed with improved checks.CVE-2024-27796: ajajfxhjWebKitAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: An attacker with arbitrary read and write capability may be ableto bypass Pointer AuthenticationDescription: The issue was addressed with improved checks.WebKit Bugzilla: 272750CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro's ZeroDay InitiativeAdditional recognitionApp StoreWe would like to acknowledge an anonymous researcher for theirassistance.CoreHAPWe would like to acknowledge Adrian Cable for their assistance.Face IDWe would like to acknowledge Lucas Monteiro, Daniel Monteiro, and FelipeMonteiro for their assistance.HearingCoreWe would like to acknowledge an anonymous researcher for theirassistance.Managed ConfigurationWe would like to acknowledge 遥遥领先 (@晴天组织) for their assistance.Safari DownloadsWe would like to acknowledge Arsenii Kostromin (0x3c3e) for theirassistance.Status BarWe would like to acknowledge Abhay Kailasia (@abhay_kailasia) of LakshmiNarain College of Technology Bhopal for their assistance.This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 17.5 and iPadOS 17.5".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCru4ACgkQX+5d1TXaIvrSLxAAnqj3N4PyUOrHm+zOFx2kEM5qVOwxJVlqbH9Q6DMG2L54N2iTmyR4X0W85uOA9hmHW9TdR+OT85zMXSXdNWn16BMzUtYQjXTk4pU4dEpcD/V5Vjs8dq+LX6YH1Y9/M8K/wh7oAmPfnRQbCitEvwMRpXglHQbfeydUKhri67LeNRYKpYu7KRZrFP+XSfFfqJOI4a1FM/xDgFALCsDVws/qdk1K9o0NoxEjKcwvTplCoNtHajjW1l3QT4nMxgcueMqfJL99nbCzisEmwovbhD17UQDA4zrxrRejCjY233g7uDB6vIkQDCUzSqo82lb+HO0uCMG3rkMQs1jt6iCNYpop4n+tvpLz9DLB+H5PqXXZYQe9dHsEgnuhsMCRlpJ7MGgAxEaIs/bZQLVJKa3UEZXbd4s5OUz3kE8tRx5faFj4zIj+8++W+2vI8q8qZNm2hA/APket6twiTDOxjO4uFdo/TGQUtVI+RSAToKAA3k31wNhKXUTTssUb8at9Sto+BA3p/fJ0fZhGWunJ3kABacSuZcp9lQsCB2mIs6f1fBidCCZD+257uaQfNe9bhPaiRJj8JIkbNII07U7Yat+86RVNqZemascU5zZJxsV2vLsOTreptkJ4Wot8ghnhrozRvGjqYPgmsXV350+6tL651rbbQAJbf8APIohEjUIXFQkg6DI==3eb1-----END PGP SIGNATURE-----

Apple Security Advisory 05-13-2024-2

Apple Security Advisory 05-13-2024-1 - Safari 17.5 addresses a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-05-13-2024-1 Safari 17.5

Safari 17.5 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT214103.

Apple maintains a Security Releases page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

WebKit  
Available for: macOS Monterey and macOS Ventura  
Impact: An attacker with arbitrary read and write capability may be able  
to bypass Pointer Authentication  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 272750  
CVE-2024-27834: Manfred Paul (@_manfp) working with Trend Micro's Zero  
Day Initiative

Additional recognition

Safari Downloads  
We would like to acknowledge Arsenii Kostromin (0x3c3e) for their  
assistance.

Safari 17.5 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZCrkgACgkQX+5d1TXa  
Ivparg//cfUi2Ylya0hfHUzbXtVdoWnbLApJOXFxAQM/DgKBGg+dtJnVyMNN+I1D  
lN8SOuVIxVK+WedX4OKIdKgFlj48ucLdBAIExRqBq6VdSmlL6JK6WVSa3Vrw2ihC  
U7DH0EtREotFgHPiJQMvmxORIUYONAoWHmgqaYNIcKfO6LByp4nN+VcQLjWmlQmn  
jwXigd6pho/+udTEZesFmBNMnTMoRXiR5v+2kBmFj4BOFkZG1oMXqdPtF8MJDVaW  
McjQBqGHs/ijyyAAd96swKZSvnCFEUQcgV888aJFjHFjyhNz1VC+AsaPT8bHnWh7  
UvkWKgyyMdWMXpC0P9Et2Su4OddCQ/8Z7PI2M3rLL8V75Zq//l7q7wqpkEPFv/BM  
LRcEHP5bWSRFWV57mFLsb44WAxEzl1R1ezroW8oh78gHd5s1upms4fhu6aohO6/E  
jyd9OLwshu8jmEkeJXbcnZh1qiKauaLGoYP/kxFNoEKmexoWMxOrP+d599BgaMvw  
tgGwvuENUE7pnRUWLBqc3T8rtDktUjdSEFBn74bzycc+GNzqbbrQTPm7SlG7t7fJ  
jKQU7gbzViA/P32vLkwwrLMk0w0HsCuyJ8YdRd5tBcegIxZ6z2hLsiUtiHCSF5Wu  
lZZ+QLteehEkHYqafuV4vbCqYeySJveKwi6+TFVI73u/XzsYGcc=  
=Ypt5  
-----END PGP SIGNATURE-----

Apple Security Advisory 05-13-2024-1

Red Hat Security Advisory 2024-2846-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2846.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security and bug fix update  
Advisory ID:        RHSA-2024:2846-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2846  
Issue date:         2024-05-15  
Revision:           03  
CVE Names:          CVE-2023-52628  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744)

* kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628)

Bug Fix(es):

* kernel-rt: kernel: untrusted VMM can trigger int80 syscall handling (JIRA:RHEL-30421)

* kernel-rt: kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (JIRA:RHEL-31093)

* kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-34746)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-52628

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2263875  
https://bugzilla.redhat.com/show_bug.cgi?id=2272041

Red Hat Security Advisory 2024-2846-03

Red Hat Security Advisory 2024-2845-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2845.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security and bug fix update  
Advisory ID:        RHSA-2024:2845-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2845  
Issue date:         2024-05-15  
Revision:           03  
CVE Names:          CVE-2023-52628  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: untrusted VMM can trigger int80 syscall handling (CVE-2024-25744)

* kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (CVE-2023-52628)

Bug Fix(es):

* kernel: untrusted VMM can trigger int80 syscall handling (JIRA:RHEL-30266)

* kernel: netfilter: nftables: exthdr: fix 4-byte stack OOB write (JIRA:RHEL-31090)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-52628

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2263875  
https://bugzilla.redhat.com/show_bug.cgi?id=2272041

Red Hat Security Advisory 2024-2845-03

Red Hat Security Advisory 2024-2843-03 - An update for.NET 7.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2843.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: .NET 7.0 security updateAdvisory ID:        RHSA-2024:2843-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2843Issue date:         2024-05-15Revision:           03CVE Names:          CVE-2024-30045====================================================================Summary: An update for .NET 7.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.119 and .NET Runtime 7.0.19.Security Fix(es):* dotnet: stack buffer overrun in Double Parse (CVE-2024-30045)* dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-30045References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2279695https://bugzilla.redhat.com/show_bug.cgi?id=2279697

Red Hat Security Advisory 2024-2843-03

Red Hat Security Advisory 2024-2842-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2842.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: .NET 8.0 security updateAdvisory ID:        RHSA-2024:2842-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2842Issue date:         2024-05-14Revision:           03CVE Names:          CVE-2024-30045====================================================================Summary: An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5.Security Fix(es):* dotnet: stack buffer overrun in Double Parse (CVE-2024-30045)* dotnet: denial of service in ASP.NET Core due to deadlock in Http2OutputProducer.Stop() (CVE-2024-30046)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-30045References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2279695https://bugzilla.redhat.com/show_bug.cgi?id=2279697

Red Hat Security Advisory 2024-2842-03

Red Hat Security Advisory 2024-2839-03 - An update for expat is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2839.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: expat security updateAdvisory ID:        RHSA-2024:2839-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2839Issue date:         2024-05-14Revision:           03CVE Names:          CVE-2023-52425====================================================================Summary: An update for expat is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact ofModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Expat is a C library for parsing XML documents.Security Fix(es):* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-52425References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2262877

Red Hat Security Advisory 2024-2839-03

Ubuntu Security Notice 6767-2 - Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6767-2May 14, 2024linux-bluefield vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-bluefield: Linux kernel for NVIDIA BlueField platformsDetails:Chenyuan Yang discovered that the RDS Protocol implementation in the Linuxkernel contained an out-of-bounds read vulnerability. An attacker could usethis to possibly cause a denial of service (system crash). (CVE-2024-23849)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM64 architecture;   - PowerPC architecture;   - S390 architecture;   - Block layer subsystem;   - Android drivers;   - Hardware random number generator core;   - GPU drivers;   - Hardware monitoring drivers;   - I2C subsystem;   - IIO Magnetometer sensors drivers;   - InfiniBand drivers;   - Network drivers;   - PCI driver for MicroSemi Switchtec;   - PHY drivers;   - Ceph distributed file system;   - Ext4 file system;   - JFS file system;   - NILFS2 file system;   - Pstore file system;   - Core kernel;   - Memory management;   - CAN network layer;   - Networking core;   - IPv4 networking;   - Logical Link layer;   - Netfilter;   - NFC subsystem;   - SMC sockets;   - Sun RPC protocol;   - TIPC protocol;   - Realtek audio codecs;(CVE-2024-26696, CVE-2023-52583, CVE-2024-26720, CVE-2023-52615,CVE-2023-52599, CVE-2023-52587, CVE-2024-26635, CVE-2024-26704,CVE-2024-26625, CVE-2024-26825, CVE-2023-52622, CVE-2023-52435,CVE-2023-52617, CVE-2023-52598, CVE-2024-26645, CVE-2023-52619,CVE-2024-26593, CVE-2024-26685, CVE-2023-52602, CVE-2023-52486,CVE-2024-26697, CVE-2024-26675, CVE-2024-26600, CVE-2023-52604,CVE-2024-26664, CVE-2024-26606, CVE-2023-52594, CVE-2024-26671,CVE-2024-26598, CVE-2024-26673, CVE-2024-26920, CVE-2024-26722,CVE-2023-52601, CVE-2024-26602, CVE-2023-52637, CVE-2023-52623,CVE-2024-26702, CVE-2023-52597, CVE-2024-26684, CVE-2023-52606,CVE-2024-26679, CVE-2024-26663, CVE-2024-26910, CVE-2024-26615,CVE-2023-52595, CVE-2023-52607, CVE-2024-26636)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS   linux-image-5.4.0-1084-bluefield  5.4.0-1084.91   linux-image-bluefield           5.4.0.1084.80After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6767-2   https://ubuntu.com/security/notices/USN-6767-1   CVE-2023-52435, CVE-2023-52486, CVE-2023-52583, CVE-2023-52587,   CVE-2023-52594, CVE-2023-52595, CVE-2023-52597, CVE-2023-52598,   CVE-2023-52599, CVE-2023-52601, CVE-2023-52602, CVE-2023-52604,   CVE-2023-52606, CVE-2023-52607, CVE-2023-52615, CVE-2023-52617,   CVE-2023-52619, CVE-2023-52622, CVE-2023-52623, CVE-2023-52637,   CVE-2024-23849, CVE-2024-26593, CVE-2024-26598, CVE-2024-26600,   CVE-2024-26602, CVE-2024-26606, CVE-2024-26615, CVE-2024-26625,   CVE-2024-26635, CVE-2024-26636, CVE-2024-26645, CVE-2024-26663,   CVE-2024-26664, CVE-2024-26671, CVE-2024-26673, CVE-2024-26675,   CVE-2024-26679, CVE-2024-26684, CVE-2024-26685, CVE-2024-26696,   CVE-2024-26697, CVE-2024-26702, CVE-2024-26704, CVE-2024-26720,   CVE-2024-26722, CVE-2024-26825, CVE-2024-26910, CVE-2024-26920Package Information:   https://launchpad.net/ubuntu/+source/linux-bluefield/5.4.0-1084.91

Ubuntu Security Notice USN-6767-2

Ubuntu Security Notice 6772-1 - Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue to bypass access controls.

    ==========================================================================Ubuntu Security Notice USN-6772-1May 14, 2024strongswan vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Fraudulent security certificates could allow access controls to bebypassed.Software Description:- strongswan: IPsec VPN solutionDetails:Jan Schermer discovered that strongSwan incorrectly validated clientcertificates in certain configurations. A remote attacker could possiblyuse this issue to bypass access controls.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   libstrongswan                   5.9.5-2ubuntu2.3   strongswan                      5.9.5-2ubuntu2.3In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6772-1   CVE-2022-4967Package Information:   https://launchpad.net/ubuntu/+source/strongswan/5.9.5-2ubuntu2.3

Source

Packet Storm