#js

Red Hat Security Advisory 2024-8969-03 - An update is now available for Red Hat Ansible Automation Platform Execution Environments.

Welcome to the third installment in our series on transparency at the Microsoft Security Response Center (MSRC). In this ongoing discussion, we talk about our commitment to providing comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers, communities, and Microsoft, from current and emerging threats to security and privacy.

Red Hat Security Advisory 2024-8974-03 - Red Hat Advanced Cluster Management for Kubernetes 2.12.0 GA release images are now available, which contain security and bug fixes.

Red Hat Security Advisory 2024-8697-03 - Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8692-03 - Red Hat OpenShift Container Platform release 4.12.68 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8688-03 - Red Hat OpenShift Container Platform release 4.13.53 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-8700-03 - Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

### Summary _Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server._ Atlantis logs contains GitHub credentials (tokens `ghs_...`) when they are rotated. This enables an attacker able to read these logs to impersonate Atlantis application and to perform actions on GitHub. When Atlantis is used to administer a GitHub organization, this enables getting administration privileges on the organization. This was reported in https://github.com/runatlantis/atlantis/issues/4060 and fixed in https://github.com/runatlantis/atlantis/pull/4667 . The fix was included in [Atlantis v0.30.0](https://github.com/runatlantis/atlantis/releases/tag/v0.30.0). ### Details _Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._ While auditing the Kubernetes/Argo CD/Atlantis deployment of some comp...

Debian Linux Security Advisory 5804-1 - The following vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher, Q1IQ (@q1iqF) and P1umer discovered that processing maliciously crafted web content may lead to an unexpected process crash. Narendra Bhati discovered that processing maliciously crafted web content may prevent Content Security Policy from being enforced.

Red Hat Security Advisory 2024-9019-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.