Red Hat Security Advisory 2024-4160-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4160.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: java-1.8.0-ibm security updateAdvisory ID:        RHSA-2024:4160-03Product:            Red Hat Enterprise Linux SupplementaryAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4160Issue date:         2024-06-27Revision:           03CVE Names:          CVE-2023-38264====================================================================Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.Security Fix(es):* IBM JDK: Object Request Broker (ORB) denial of service (CVE-2023-38264)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-38264References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2279963

Red Hat Security Advisory 2024-4160-03

Red Hat Security Advisory 2024-4146-03 - An update for golang is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include denial of service and memory leak vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4146.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: golang security updateAdvisory ID:        RHSA-2024:4146-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4146Issue date:         2024-06-27Revision:           03CVE Names:          CVE-2023-45288====================================================================Summary: An update for golang is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The golang packages provide the Go programming language compiler.Security Fix(es):* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45288References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2262921https://bugzilla.redhat.com/show_bug.cgi?id=2268273

Red Hat Security Advisory 2024-4146-03

Red Hat Security Advisory 2024-4144-03 - VolSync v0.9.2 general availability release images provide the following: enhancements, security fixes, and updated container images.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4144.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: VolSync 0.9.2 for RHEL 9  
Advisory ID:        RHSA-2024:4144-03  
Product:            Red Hat ACM  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4144  
Issue date:         2024-06-26  
Revision:           03  
CVE Names:          CVE-2024-22189  
====================================================================

Summary: 

VolSync v0.9.2 general availability release images provide the following:  
enhancements, security fixes, and updated container images.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE links in the References section.

Description:

VolSync v0.9.2 is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying  
the VolSync operator, you can create and maintain copies of your persistent  
data.

For more information about VolSync, see:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/business_continuity/business-cont-overview#volsync

or the VolSync open source community website at:  
https://volsync.readthedocs.io/en/stable/.

This advisory contains enhancements and updates to the VolSync  
container images.

Security fix(es):  
* CVE-2024-24786 - golang-protobuf: encoding/protojson,  
internal/encoding/json: infinite loop in protojson.Unmarshal when  
unmarshaling certain forms of invalid JSON

Solution:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/business_continuity/business-cont-overview#volsync

CVEs:

CVE-2024-22189

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://issues.redhat.com/browse/ACM-12028  
https://issues.redhat.com/browse/ACM-12021  
https://issues.redhat.com/browse/ACM-11528

Red Hat Security Advisory 2024-4144-03

Red Hat Security Advisory 2024-4126-03 - This is release 1.4 of the container images for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4126.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat Service Interconnect 1.4.5 Release security update  
Advisory ID:        RHSA-2024:4126-03  
Product:            Red Hat Service Interconnect  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4126  
Issue date:         2024-06-26  
Revision:           03  
CVE Names:          CVE-2024-2961  
====================================================================

Summary: 

This is release 1.4 of the container images for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud.  
A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site.

Red Hat Product Security has rated this update as having a security impact of  
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a  
detailed severity rating, is available for each vulnerability from the CVE  
link(s) in the References section.

Description:

As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-2961

References:

https://access.redhat.com/security/updates/classification/#important  
https://docs.redhat.com/en/documentation/red_hat_service_interconnect/1.4  
https://bugzilla.redhat.com/show_bug.cgi?id=2268019  
https://bugzilla.redhat.com/show_bug.cgi?id=2268273

Red Hat Security Advisory 2024-4126-03

Red Hat Security Advisory 2024-4119-03 - Updated rhceph-5.3 container image is now available in the Red Hat Ecosystem Catalog. Issues addressed include a code execution vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4119.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Updated rhceph-5.3 container image and security update  
Advisory ID:        RHSA-2024:4119-03  
Product:            Red Hat Ceph Storage  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4119  
Issue date:         2024-06-26  
Revision:           03  
CVE Names:          CVE-2023-24540  
====================================================================

Summary: 

Updated rhceph-5.3 container image is now available in the Red Hat Ecosystem Catalog.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

The rhceph-5.3 image is based on Red Hat Ceph Storage 5.3 and Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9.

Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes: 

 https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index 

All users of the rhceph-5.3 image are advised to pull this updated image from the Red Hat Ecosystem Catalog.

Security Fix(es):  
* golang: cmd/cgo: Arbitrary code execution triggered by linker flags (CVE-2023-29405)  
* golang: cmd/go: go command may execute arbitrary code at build time when using cgo  (CVE-2023-29404)  
* golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)  
* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

Solution:

https://access.redhat.com/articles/2789521

https://access.redhat.com/articles/1548993

CVEs:

CVE-2023-24540

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/cve/CVE-2023-29405  
https://access.redhat.com/security/cve/CVE-2023-29404  
https://access.redhat.com/security/cve/CVE-2023-29402  
https://access.redhat.com/security/cve/CVE-2023-24540  
https://bugzilla.redhat.com/show_bug.cgi?id=2196027  
https://bugzilla.redhat.com/show_bug.cgi?id=2217562  
https://bugzilla.redhat.com/show_bug.cgi?id=2217565  
https://bugzilla.redhat.com/show_bug.cgi?id=2217569  
https://bugzilla.redhat.com/show_bug.cgi?id=2273325  
https://bugzilla.redhat.com/show_bug.cgi?id=2293103  
https://bugzilla.redhat.com/show_bug.cgi?id=2293104  
https://bugzilla.redhat.com/show_bug.cgi?id=2293105  
https://bugzilla.redhat.com/show_bug.cgi?id=2293106

Red Hat Security Advisory 2024-4119-03

Red Hat Security Advisory 2024-4118-03 - An update is now available for Red Hat Ceph Storage 5.3. Issues addressed include denial of service and traversal vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4118.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat Ceph Storage 5.3 security, bug fix, and enhancement updateAdvisory ID:        RHSA-2024:4118-03Product:            Red Hat Ceph StorageAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4118Issue date:         2024-06-26Revision:           03CVE Names:          CVE-2023-39325====================================================================Summary: An update is now available for Red Hat Ceph Storage 5.3.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.Security Fix(es):* CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)*  grafana-container: go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients (CVE-2023-49569)* opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)These new packages include numerous security updates, enhancements, and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:  https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/indexSolution:https://access.redhat.com/articles/1548993https://access.redhat.com/articles/11258CVEs:CVE-2023-39325References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003https://access.redhat.com/security/cve/CVE-2023-39325https://access.redhat.com/security/cve/CVE-2023-45142https://access.redhat.com/security/cve/CVE-2023-49569https://bugzilla.redhat.com/show_bug.cgi?id=2243296https://bugzilla.redhat.com/show_bug.cgi?id=2245180https://bugzilla.redhat.com/show_bug.cgi?id=2257733https://bugzilla.redhat.com/show_bug.cgi?id=2258143https://bugzilla.redhat.com/show_bug.cgi?id=2259054https://bugzilla.redhat.com/show_bug.cgi?id=2260356https://bugzilla.redhat.com/show_bug.cgi?id=2264991https://bugzilla.redhat.com/show_bug.cgi?id=2279946https://bugzilla.redhat.com/show_bug.cgi?id=2281592https://bugzilla.redhat.com/show_bug.cgi?id=2291136https://bugzilla.redhat.com/show_bug.cgi?id=2292323https://bugzilla.redhat.com/show_bug.cgi?id=2292327

Red Hat Security Advisory 2024-4118-03

Red Hat Security Advisory 2024-4108-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4108.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security and bug fix update  
Advisory ID:        RHSA-2024:4108-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4108  
Issue date:         2024-06-26  
Revision:           03  
CVE Names:          CVE-2021-47400  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

* kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393)

* kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403)

* kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)

* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)

* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)

* kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400)

* kernel: octeontx2-af: avoid off-by-one read from userspace (CVE-2024-36957)

Bug Fix(es):

* lpfc updates for rh9.4 - (14.2.0.15 14.2.0.16 patches) (JIRA:RHEL-35144)

* cifs - kernel panic with cifs_put_smb_ses (JIRA:RHEL-25787)

* Rhel-9.2- observed \"vas: Failed reconfig VAS capabilities with DLPAR \" message while running proc add rem mix operations in shared mode[5.14.0-252.el9.ppc64le][P9] (JIRA:RHEL-34086)

* CNB95: dpll: rebase DPLL to upstream v6.8 (JIRA:RHEL-36570)

* Boot process stalls during initial loading of RHEL9.2 between the 59th and 100th AC cycle (JIRA:RHEL-36681)

* ice: DPLL-related fixes (JIRA:RHEL-36714)

* [HPE RHEL 9.2 BUG] x86/platform/uv: UV support for sub-NUMA clustering (JIRA:RHEL-37595)

* CNB95: net/sched: update TC core to upstream v6.8 (JIRA:RHEL-37640)

* [ice] Entering Safe Mode because DDP package could not be loaded and hit panic then (JIRA:RHEL-38906)

* [ice] Add automatic VF reset on Tx MDD events (JIRA:RHEL-39082)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47400

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2280434  
https://bugzilla.redhat.com/show_bug.cgi?id=2280745  
https://bugzilla.redhat.com/show_bug.cgi?id=2281127  
https://bugzilla.redhat.com/show_bug.cgi?id=2281740  
https://bugzilla.redhat.com/show_bug.cgi?id=2281920  
https://bugzilla.redhat.com/show_bug.cgi?id=2281925  
https://bugzilla.redhat.com/show_bug.cgi?id=2282336  
https://bugzilla.redhat.com/show_bug.cgi?id=2284581

Red Hat Security Advisory 2024-4108-03

Red Hat Security Advisory 2024-4107-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4107.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: kernel security and bug fix updateAdvisory ID:        RHSA-2024:4107-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4107Issue date:         2024-06-26Revision:           03CVE Names:          CVE-2022-1048====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)Bug Fix(es):* core: backport rps_default_mask support (JIRA:RHEL-26427)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-1048References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2066706https://bugzilla.redhat.com/show_bug.cgi?id=2270881https://bugzilla.redhat.com/show_bug.cgi?id=2278314

Red Hat Security Advisory 2024-4107-03

Red Hat Security Advisory 2024-4106-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4106.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security update  
Advisory ID:        RHSA-2024:4106-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4106  
Issue date:         2024-06-26  
Revision:           03  
CVE Names:          CVE-2021-47400  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

* kernel: xen-netfront: Add missing skb_mark_for_recycle (CVE-2024-27393)

* kernel: netfilter: nft_flow_offload: reset dst in route object after setting up flow (CVE-2024-27403)

* kernel: smb: client: fix UAF in smb2_reconnect_server() (CVE-2024-35870)

* kernel: net/mlx5: Properly link new fs rules into the tree (CVE-2024-35960)

* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)

* kernel: net: hns3: do not allow call hns3_nic_net_open repeatedly (CVE-2021-47400)

* kernel: octeontx2-af: avoid off-by-one read from userspace (CVE-2024-36957)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47400

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2280434  
https://bugzilla.redhat.com/show_bug.cgi?id=2280745  
https://bugzilla.redhat.com/show_bug.cgi?id=2281127  
https://bugzilla.redhat.com/show_bug.cgi?id=2281740  
https://bugzilla.redhat.com/show_bug.cgi?id=2281920  
https://bugzilla.redhat.com/show_bug.cgi?id=2281925  
https://bugzilla.redhat.com/show_bug.cgi?id=2282336  
https://bugzilla.redhat.com/show_bug.cgi?id=2284581

Red Hat Security Advisory 2024-4106-03

Red Hat Security Advisory 2024-4101-03 - An update for samba is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4101.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: samba security updateAdvisory ID:        RHSA-2024:4101-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4101Issue date:         2024-06-25Revision:           03CVE Names:          CVE-2023-34966====================================================================Summary: An update for samba is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.Security Fix(es):* samba: infinite loop in mdssvc RPC service for spotlight (CVE-2023-34966)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-34966References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2222793

Tag

#js