#dos

Red Hat Security Advisory 2024-4118-03 - An update is now available for Red Hat Ceph Storage 5.3. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-4092-03 - An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 for RHEL 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4081-03 - An update for the quarkus-mandrel-java and quarkus-mandrel-23 packages is now available for the Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4079-03 - An update for the quarkus-mandrel-java and quarkus-mandrel-231 packages is now available for the Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4078-03 - An update for python3.9 is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and traversal vulnerabilities.

There is a denial-of-service vulnerability in sequoia-openpgp, our crate providing a low-level interface to our OpenPGP implementation. When triggered, the process will enter an infinite loop. Many thanks to Andrew Gallagher for disclosing the issue to us. ## Impact Any software directly or indirectly using the interface `sequoia_openpgp::cert::raw::RawCertParser`. Notably, this includes all software using the `sequoia_cert_store` crate. ## Details The `RawCertParser` does not advance the input stream when encountering unsupported cert (primary key) versions, resulting in an infinite loop. The fix introduces a new raw-cert-specific `cert::raw::Error::UnuspportedCert`. ## Affected software - sequoia-openpgp 1.13.0 - sequoia-openpgp 1.14.0 - sequoia-openpgp 1.15.0 - sequoia-openpgp 1.16.0 - sequoia-openpgp 1.17.0 - sequoia-openpgp 1.18.0 - sequoia-openpgp 1.19.0 - sequoia-openpgp 1.20.0 - Any software built against a vulnerable version of sequoia-openpgp which is directly or i...

Affected devices could include wireless access points, routers, switches and VPNs.

Debian Linux Security Advisory 5720-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ubuntu Security Notice 6847-1 - It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Reza Mirzazade Farkhani discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS.

Ubuntu Security Notice 6819-4 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.