Red Hat Security Advisory 2024-4499-03 - An update for ruby is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4499.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: ruby security updateAdvisory ID:        RHSA-2024:4499-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4499Issue date:         2024-07-11Revision:           03CVE Names:          CVE-2023-36617====================================================================Summary: An update for ruby is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.Security Fix(es):* rubygem-uri: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)* ruby: Buffer overread vulnerability in StringIO (CVE-2024-27280)* ruby: RCE vulnerability with .rdoc_options in RDoc (CVE-2024-27281)* ruby: Arbitrary memory address read vulnerability with Regex search (CVE-2024-27282)* REXML: DoS parsing an XML with many `<`s in an attribute value (CVE-2024-35176)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-36617References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2218614https://bugzilla.redhat.com/show_bug.cgi?id=2270749https://bugzilla.redhat.com/show_bug.cgi?id=2270750https://bugzilla.redhat.com/show_bug.cgi?id=2276810https://bugzilla.redhat.com/show_bug.cgi?id=2280894

Red Hat Security Advisory 2024-4499-03

Red Hat Security Advisory 2024-4464-03 - Red Hat Advanced Cluster Management for Kubernetes 2.10.4 General Availability release images, which apply security fixes and fix bugs. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4464.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Low: Red Hat Advanced Cluster Management 2.10.4 security updates and bug fixes  
Advisory ID:        RHSA-2024:4464-03  
Product:            Red Hat ACM  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4464  
Issue date:         2024-07-11  
Revision:           03  
CVE Names:          CVE-2023-45288  
====================================================================

Summary: 

Red Hat Advanced Cluster Management for Kubernetes 2.10.4 General  
Availability release images, which apply security fixes and fix bugs.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

Description:

Red Hat Advanced Cluster Management for Kubernetes 2.10.4 images

Red Hat Advanced Cluster Management for Kubernetes provides the  
capabilities to address common challenges that administrators and site  
reliability engineers face as they work across a range of public and  
private cloud environments. Clusters and applications are all visible and  
managed from a single console—with security policy built in.

This advisory contains the container images for Red Hat Advanced Cluster  
Management for Kubernetes, which fix several bugs. See the following  
Release Notes documentation, which will be updated shortly for this  
release, for additional details about this release:

https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/release_notes/index

Security fix:

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

Jira issues addressed:

* ACM-11006: Trying to edit an Application from ACM console fails with error: 'Cannot read properties of undefined'

* ACM-11662 endpoint-observability-operator has an extra replicaset that keeps spawning pods that gets killed constantly, causing alerts to fire

* ACM-11961: Auto import of managed clusters remains stuck on switching hubs

* ACM-11986: Managed clusters created by RHACM do not reconnect to an AODP restored ACM on their own

* ACM-12133: Edit an existing appsub results on creating another subscription with errors

* ACM-12405: Unable to deploy Latest OCP 4.16 - generating manifests fails with 'GLIBC_2.34' not found

* ACM-12436: \"Could not start a watch request\" error when using OperatorPolicy

Solution:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html-single/install/index#installing

CVEs:

CVE-2023-45288

References:

https://access.redhat.com/security/updates/classification/#low  
https://issues.redhat.com/browse/ACM-11006  
https://issues.redhat.com/browse/ACM-11662  
https://issues.redhat.com/browse/ACM-11961  
https://issues.redhat.com/browse/ACM-11986  
https://issues.redhat.com/browse/ACM-12028  
https://issues.redhat.com/browse/ACM-12091  
https://issues.redhat.com/browse/ACM-12133  
https://issues.redhat.com/browse/ACM-12258  
https://issues.redhat.com/browse/ACM-12405  
https://issues.redhat.com/browse/ACM-12436

Red Hat Security Advisory 2024-4464-03

Red Hat Security Advisory 2024-4462-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4462.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: ghostscript security updateAdvisory ID:        RHSA-2024:4462-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4462Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-33871====================================================================Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.Security Fix(es):* ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-33871References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2283508

Red Hat Security Advisory 2024-4462-03

Red Hat Security Advisory 2024-4460-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4460.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Red Hat Data Grid 8.5.0 security updateAdvisory ID:        RHSA-2024:4460-03Product:            Red Hat JBoss Data GridAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4460Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-29025====================================================================Summary: An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.5.0 replaces Data Grid 8.4.8 and includes bug fixes and enhancements. Find out more about Data Grid 8.5.0 in the Release Notes[3].Security Fix(es):* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak [jdg-8] (CVE-2024-29180)* CVE-2024-29025 netty-codec-http: Allocation of Resources Without Limits or Throttling [jdg-8] (CVE-2024-29025)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-29025References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/documentation/en-us/red_hat_data_grid/8.5/html-single/red_hat_data_grid_8.5_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2270863https://bugzilla.redhat.com/show_bug.cgi?id=2272907

Red Hat Security Advisory 2024-4460-03

Red Hat Security Advisory 2024-4457-03 - An update for openssh is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4457.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: openssh security updateAdvisory ID:        RHSA-2024:4457-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4457Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-6409====================================================================Summary: An update for openssh is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.Security Fix(es):* openssh: Possible remote code execution due to a race condition in signal handling affecting Red Hat Enterprise Linux 9 (CVE-2024-6409)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6409References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2295085

Red Hat Security Advisory 2024-4457-03

Red Hat Security Advisory 2024-4456-03 - An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a traversal vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4456.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python3 security updateAdvisory ID:        RHSA-2024:4456-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4456Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2023-6597====================================================================Summary: An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6597References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2276518

Red Hat Security Advisory 2024-4456-03

Red Hat Security Advisory 2024-4455-03 - Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4455.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Virtualization 4.16.0 Images security update  
Advisory ID:        RHSA-2024:4455-03  
Product:            OpenShift Virtualization  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4455  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2023-45857  
====================================================================

Summary: 

Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.16.0 images.

Security Fix(es):

* axios: exposure of confidential data stored in cookies (CVE-2023-45857)

* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

* jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-45857

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2248979  
https://bugzilla.redhat.com/show_bug.cgi?id=2268046  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854  
https://issues.redhat.com/browse/CNV-18671  
https://issues.redhat.com/browse/CNV-23541  
https://issues.redhat.com/browse/CNV-23927  
https://issues.redhat.com/browse/CNV-28040  
https://issues.redhat.com/browse/CNV-29298  
https://issues.redhat.com/browse/CNV-29431  
https://issues.redhat.com/browse/CNV-29476  
https://issues.redhat.com/browse/CNV-29869  
https://issues.redhat.com/browse/CNV-30877  
https://issues.redhat.com/browse/CNV-31319  
https://issues.redhat.com/browse/CNV-31828  
https://issues.redhat.com/browse/CNV-32664  
https://issues.redhat.com/browse/CNV-32812  
https://issues.redhat.com/browse/CNV-32997  
https://issues.redhat.com/browse/CNV-33184  
https://issues.redhat.com/browse/CNV-33527  
https://issues.redhat.com/browse/CNV-33529  
https://issues.redhat.com/browse/CNV-33701  
https://issues.redhat.com/browse/CNV-33836  
https://issues.redhat.com/browse/CNV-34072  
https://issues.redhat.com/browse/CNV-34180  
https://issues.redhat.com/browse/CNV-34488  
https://issues.redhat.com/browse/CNV-34884  
https://issues.redhat.com/browse/CNV-35213  
https://issues.redhat.com/browse/CNV-35452  
https://issues.redhat.com/browse/CNV-35728  
https://issues.redhat.com/browse/CNV-35729  
https://issues.redhat.com/browse/CNV-35763  
https://issues.redhat.com/browse/CNV-35782  
https://issues.redhat.com/browse/CNV-35859  
https://issues.redhat.com/browse/CNV-36130  
https://issues.redhat.com/browse/CNV-36208  
https://issues.redhat.com/browse/CNV-36209  
https://issues.redhat.com/browse/CNV-36210  
https://issues.redhat.com/browse/CNV-36211  
https://issues.redhat.com/browse/CNV-36271  
https://issues.redhat.com/browse/CNV-36299  
https://issues.redhat.com/browse/CNV-36837  
https://issues.redhat.com/browse/CNV-37111  
https://issues.redhat.com/browse/CNV-37373  
https://issues.redhat.com/browse/CNV-37376  
https://issues.redhat.com/browse/CNV-37377  
https://issues.redhat.com/browse/CNV-37378  
https://issues.redhat.com/browse/CNV-37382  
https://issues.redhat.com/browse/CNV-37383  
https://issues.redhat.com/browse/CNV-37412  
https://issues.redhat.com/browse/CNV-37462  
https://issues.redhat.com/browse/CNV-37501  
https://issues.redhat.com/browse/CNV-37629  
https://issues.redhat.com/browse/CNV-37667  
https://issues.redhat.com/browse/CNV-37685  
https://issues.redhat.com/browse/CNV-37788  
https://issues.redhat.com/browse/CNV-37857  
https://issues.redhat.com/browse/CNV-37859  
https://issues.redhat.com/browse/CNV-38129  
https://issues.redhat.com/browse/CNV-38270  
https://issues.redhat.com/browse/CNV-38375  
https://issues.redhat.com/browse/CNV-38404  
https://issues.redhat.com/browse/CNV-38450  
https://issues.redhat.com/browse/CNV-38568  
https://issues.redhat.com/browse/CNV-38596  
https://issues.redhat.com/browse/CNV-38608  
https://issues.redhat.com/browse/CNV-38609  
https://issues.redhat.com/browse/CNV-38655  
https://issues.redhat.com/browse/CNV-38700  
https://issues.redhat.com/browse/CNV-38707  
https://issues.redhat.com/browse/CNV-38724  
https://issues.redhat.com/browse/CNV-38883  
https://issues.redhat.com/browse/CNV-38887  
https://issues.redhat.com/browse/CNV-38902  
https://issues.redhat.com/browse/CNV-39028  
https://issues.redhat.com/browse/CNV-39030  
https://issues.redhat.com/browse/CNV-39034  
https://issues.redhat.com/browse/CNV-39056  
https://issues.redhat.com/browse/CNV-39101  
https://issues.redhat.com/browse/CNV-39371  
https://issues.redhat.com/browse/CNV-39418  
https://issues.redhat.com/browse/CNV-39421  
https://issues.redhat.com/browse/CNV-39425  
https://issues.redhat.com/browse/CNV-39469  
https://issues.redhat.com/browse/CNV-39558  
https://issues.redhat.com/browse/CNV-39618  
https://issues.redhat.com/browse/CNV-39659  
https://issues.redhat.com/browse/CNV-39682  
https://issues.redhat.com/browse/CNV-39685  
https://issues.redhat.com/browse/CNV-39722  
https://issues.redhat.com/browse/CNV-39727  
https://issues.redhat.com/browse/CNV-39752  
https://issues.redhat.com/browse/CNV-39753  
https://issues.redhat.com/browse/CNV-39878  
https://issues.redhat.com/browse/CNV-39880  
https://issues.redhat.com/browse/CNV-39893  
https://issues.redhat.com/browse/CNV-39940  
https://issues.redhat.com/browse/CNV-39941  
https://issues.redhat.com/browse/CNV-39946  
https://issues.redhat.com/browse/CNV-39978  
https://issues.redhat.com/browse/CNV-39995  
https://issues.redhat.com/browse/CNV-40006  
https://issues.redhat.com/browse/CNV-40120  
https://issues.redhat.com/browse/CNV-40136  
https://issues.redhat.com/browse/CNV-40161  
https://issues.redhat.com/browse/CNV-40162  
https://issues.redhat.com/browse/CNV-40164  
https://issues.redhat.com/browse/CNV-40196  
https://issues.redhat.com/browse/CNV-40200  
https://issues.redhat.com/browse/CNV-40242  
https://issues.redhat.com/browse/CNV-40258  
https://issues.redhat.com/browse/CNV-40334  
https://issues.redhat.com/browse/CNV-40335  
https://issues.redhat.com/browse/CNV-40336  
https://issues.redhat.com/browse/CNV-40341  
https://issues.redhat.com/browse/CNV-40344  
https://issues.redhat.com/browse/CNV-40419  
https://issues.redhat.com/browse/CNV-40445  
https://issues.redhat.com/browse/CNV-40455  
https://issues.redhat.com/browse/CNV-40457  
https://issues.redhat.com/browse/CNV-40598  
https://issues.redhat.com/browse/CNV-40682  
https://issues.redhat.com/browse/CNV-40776  
https://issues.redhat.com/browse/CNV-40846  
https://issues.redhat.com/browse/CNV-40886  
https://issues.redhat.com/browse/CNV-40903  
https://issues.redhat.com/browse/CNV-41084  
https://issues.redhat.com/browse/CNV-41139  
https://issues.redhat.com/browse/CNV-41195  
https://issues.redhat.com/browse/CNV-41199  
https://issues.redhat.com/browse/CNV-41200  
https://issues.redhat.com/browse/CNV-41203  
https://issues.redhat.com/browse/CNV-41206  
https://issues.redhat.com/browse/CNV-41209  
https://issues.redhat.com/browse/CNV-41210  
https://issues.redhat.com/browse/CNV-41224  
https://issues.redhat.com/browse/CNV-41286  
https://issues.redhat.com/browse/CNV-41355  
https://issues.redhat.com/browse/CNV-41385  
https://issues.redhat.com/browse/CNV-41386  
https://issues.redhat.com/browse/CNV-41402  
https://issues.redhat.com/browse/CNV-41474  
https://issues.redhat.com/browse/CNV-41494  
https://issues.redhat.com/browse/CNV-41495  
https://issues.redhat.com/browse/CNV-41503  
https://issues.redhat.com/browse/CNV-41507  
https://issues.redhat.com/browse/CNV-41522  
https://issues.redhat.com/browse/CNV-41526  
https://issues.redhat.com/browse/CNV-41550  
https://issues.redhat.com/browse/CNV-41579  
https://issues.redhat.com/browse/CNV-41590  
https://issues.redhat.com/browse/CNV-41600  
https://issues.redhat.com/browse/CNV-41604  
https://issues.redhat.com/browse/CNV-41632  
https://issues.redhat.com/browse/CNV-41640  
https://issues.redhat.com/browse/CNV-41772  
https://issues.redhat.com/browse/CNV-41804  
https://issues.redhat.com/browse/CNV-41844  
https://issues.redhat.com/browse/CNV-41846  
https://issues.redhat.com/browse/CNV-41959  
https://issues.redhat.com/browse/CNV-42015  
https://issues.redhat.com/browse/CNV-42052  
https://issues.redhat.com/browse/CNV-42087  
https://issues.redhat.com/browse/CNV-42363  
https://issues.redhat.com/browse/CNV-42622  
https://issues.redhat.com/browse/CNV-42786  
https://issues.redhat.com/browse/CNV-42844  
https://issues.redhat.com/browse/CNV-42853  
https://issues.redhat.com/browse/CNV-42884  
https://issues.redhat.com/browse/CNV-43024  
https://issues.redhat.com/browse/CNV-43027  
https://issues.redhat.com/browse/CNV-43033  
https://issues.redhat.com/browse/CNV-43039  
https://issues.redhat.com/browse/CNV-43041  
https://issues.redhat.com/browse/CNV-43069  
https://issues.redhat.com/browse/CNV-43194  
https://issues.redhat.com/browse/CNV-43205

Red Hat Security Advisory 2024-4455-03

Red Hat Security Advisory 2024-4321-03 - Red Hat OpenShift Container Platform release 4.15.21 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4321.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.15.21 bug fix and security update  
Advisory ID:        RHSA-2024:4321-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4321  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2024-6104  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.21 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.21. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:4324

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-6104

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://issues.redhat.com/browse/OCPBUGS-27221  
https://issues.redhat.com/browse/OCPBUGS-33619  
https://issues.redhat.com/browse/OCPBUGS-34156  
https://issues.redhat.com/browse/OCPBUGS-34665  
https://issues.redhat.com/browse/OCPBUGS-34912  
https://issues.redhat.com/browse/OCPBUGS-34949  
https://issues.redhat.com/browse/OCPBUGS-35552  
https://issues.redhat.com/browse/OCPBUGS-35736  
https://issues.redhat.com/browse/OCPBUGS-35749  
https://issues.redhat.com/browse/OCPBUGS-35935  
https://issues.redhat.com/browse/OCPBUGS-35988  
https://issues.redhat.com/browse/OCPBUGS-36150  
https://issues.redhat.com/browse/OCPBUGS-36151  
https://issues.redhat.com/browse/OCPBUGS-36225  
https://issues.redhat.com/browse/OCPBUGS-36258  
https://issues.redhat.com/browse/OCPBUGS-36279  
https://issues.redhat.com/browse/OCPBUGS-36287  
https://issues.redhat.com/browse/OCPBUGS-36306  
https://issues.redhat.com/browse/OCPBUGS-36312  
https://issues.redhat.com/browse/OCPBUGS-36374  
https://issues.redhat.com/browse/OCPBUGS-36377

Red Hat Security Advisory 2024-4321-03

Red Hat Security Advisory 2024-2096-03 - Moderate: Logging for Red Hat OpenShift - 5.9.1.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2096.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: security update Logging for Red Hat OpenShift - 5.9.1  
Advisory ID:        RHSA-2024:2096-03  
Product:            logging for Red Hat OpenShift  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2096  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2023-45289  
====================================================================

Summary: 

Moderate: Logging for Red Hat OpenShift - 5.9.1

Description:

Logging for Red Hat OpenShift - 5.9.1

Solution:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

https://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html

CVEs:

CVE-2023-45289

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://issues.redhat.com/browse/LOG-4672  
https://issues.redhat.com/browse/LOG-5062  
https://issues.redhat.com/browse/LOG-5268  
https://issues.redhat.com/browse/LOG-5278  
https://issues.redhat.com/browse/LOG-5307  
https://issues.redhat.com/browse/LOG-5309  
https://issues.redhat.com/browse/LOG-5322  
https://issues.redhat.com/browse/LOG-5323  
https://issues.redhat.com/browse/LOG-5395  
https://issues.redhat.com/browse/LOG-5397  
https://issues.redhat.com/browse/LOG-5401

Red Hat Security Advisory 2024-2096-03

The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 -- setting up thousands of websites mimicking a range of media and technology companies -- with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia.

The Russia-based cybercrime group dubbed “**Fin7**,” known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 — setting up thousands of websites mimicking a range of media and technology companies — with the help of **Stark Industries Solutions**, a sprawling hosting provider that is a persistent source of cyberattacks against enemies of Russia.

In May 2023, the U.S. attorney for Washington state declared “Fin7 is an entity no more,” after prosecutors secured convictions and prison sentences against three men found to be high-level Fin7 hackers or managers. This was a bold declaration against a group that the U.S. Department of Justice described as a criminal enterprise with more than 70 people organized into distinct business units and teams.

The first signs of Fin7’s revival came in April 2024, when **Blackberry** wrote about an intrusion at a large automotive firm that began with malware served by a typosquatting attack targeting people searching for a popular free network scanning tool.

Now, researchers at security firm **Silent Push** say they have devised a way to map out Fin7’s rapidly regrowing cybercrime infrastructure, which includes more than 4,000 hosts that employ a range of exploits, from typosquatting and booby-trapped ads to malicious browser extensions and spearphishing domains.

Silent Push said it found Fin7 domains targeting or spoofing brands including **American Express**, **Affinity Energy**, **Airtable**, **Alliant**, **Android Developer**, **Asana**, **Bitwarden**, **Bloomberg**, **Cisco (Webex)**, **CNN**, **Costco**, **Dropbox**, **Grammarly**, **Google,** **Goto.com**, **Harvard**, **Lexis Nexis**, **Meta**, **Microsoft 365**, **Midjourney**, **Netflix**, **Paycor**, **Quickbooks**, **Quicken**, **Reuters**, **Regions Bank Onepass**, **RuPay**, **SAP (Ariba)**, **Trezor**, **Twitter/X**, **Wall Street Journal**, **Westlaw**, and **Zoom**, among others.

**Zach Edwards**, senior threat analyst at Silent Push, said many of the Fin7 domains are innocuous-looking websites for generic businesses that sometimes include text from default website templates (the content on these sites often has nothing to do with the entity’s stated business or mission).

Edwards said Fin7 does this to “age” the domains and to give them a positive or at least benign reputation before they’re eventually converted for use in hosting brand-specific phishing pages.

“It took them six to nine months to ramp up, but ever since January of this year they have been humming, building a giant phishing infrastructure and aging domains,” Edwards said of the cybercrime group.

In typosquatting attacks, Fin7 registers domains that are similar to those for popular free software tools. Those look-alike domains are then advertised on Google so that sponsored links to them show up prominently in search results, which is usually above the legitimate source of the software in question.

A malicious site spoofing FreeCAD showed up prominently as a sponsored result in Google search results earlier this year.

According to Silent Push, the software currently being targeted by Fin7 includes **7-zip**, **PuTTY**, **ProtectedPDFViewer**, **AIMP**, **Notepad++**, **Advanced IP Scanner**, **AnyDesk**, **pgAdmin**, **AutoDesk**, **Bitwarden**, **Rest Proxy**, **Python**, **Sublime Text**, and **Node.js**.

In May 2024, security firm **eSentire** warned that Fin7 was spotted using sponsored Google ads to serve pop-ups prompting people to download phony browser extensions that install malware. **Malwarebytes** blogged about a similar campaign in April, but did not attribute the activity to any particular group.

A pop-up at a Thomson Reuters typosquatting domain telling visitors they need to install a browser extension to view the news content.

Edwards said Silent Push discovered the new Fin7 domains after a hearing from an organization that was targeted by Fin7 in years past and suspected the group was once again active. Searching for hosts that matched Fin7’s known profile revealed just one active site. But Edwards said that one site pointed to many other Fin7 properties at Stark Industries Solutions, a large hosting provider that materialized just two weeks before Russia invaded Ukraine.

As KrebsOnSecurity wrote in May, Stark Industries Solutions is being used as a staging ground for wave after wave of cyberattacks against Ukraine that have been tied to Russian military and intelligence agencies.

“FIN7 rents a large amount of dedicated IP on Stark Industries,” Edwards said. “Our analysts have discovered numerous Stark Industries IPs that are solely dedicated to hosting FIN7 infrastructure.”

Fin7 once famously operated behind fake cybersecurity companies — with names like **Combi Security** and **Bastion Secure** — which they used for hiring security experts to aid in ransomware attacks. One of the new Fin7 domains identified by Silent Push is **cybercloudsec\[.\]com**, which promises to “grow your business with our IT, cyber security and cloud solutions.”

The fake Fin7 security firm Cybercloudsec.

Like other phishing groups, Fin7 seizes on current events, and at the moment it is targeting tourists visiting France for the Summer Olympics later this month. Among the new Fin7 domains Silent Push found are several sites phishing people seeking tickets at the Louvre.

“We believe this research makes it clear that Fin7 is back and scaling up quickly,” Edwards said. “It’s our hope that the law enforcement community takes notice of this and puts Fin7 back on their radar for additional enforcement actions, and that quite a few of our competitors will be able to take this pool and expand into all or a good chunk of their infrastructure.”

Further reading:

Stark Industries Solutions: An Iron Hammer in the Cloud.

A 2022 deep dive on Fin7 from the Swiss threat intelligence firm Prodaft (PDF).

Tag

#js