Debian Linux Security Advisory 5712-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5712-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
June 15, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : ffmpeg  
CVE ID         : CVE-2023-50010 CVE-2023-51793 CVE-2023-51794  
                 CVE-2023-51795 CVE-2023-51798 CVE-2024-31585

Several vulnerabilities have been discovered in the FFmpeg multimedia  
framework, which could result in denial of service or potentially the  
execution of arbitrary code if malformed files/streams are processed.

For the stable distribution (bookworm), these problems have been fixed in  
version 7:5.1.5-0+deb12u1.

We recommend that you upgrade your ffmpeg packages.

For the detailed security status of ffmpeg please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/ffmpeg

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZt3FoACgkQEMKTtsN8  
TjZddQ/+M8SG7jUGvMp5yfB+cMC8/ycNNpZBVObPfxJPg8XYTEXq+ayMd0uGdQO8  
AjaLh+Z7/OOJQ5ZpVHTMcE+bmCV+vAAoYyprz/uX8QstMKkiHZ2/SE/1zNrYuAMC  
JnmX8jTPNDMjFxoXYH/a2+QVmH5/Wo5GmCHStYRfIdVqkG11s76bcrVdYQ99zhek  
NfOErXzd70z6zdk6KIMHLpFHbJCDSsWlHQPPvDidaMrGyVIs6mfh6tfcBfmTTB3m  
wpsTs/Z9prDRFMZUsph4AkMncYO9vfgWwervOckVDMosfuoSMo26DvaKqDUho20s  
Ej5S4tcgzzJ+L68itXoAfMLIc7ErjX+sMNPQB7Q4HnXwKH5fXkPIhmMoOC6NUPoe  
6DQpg0rabcJajdZM2wfnvpnyLf7dzCHjjTQD4CBL6vQp9U6MNK5nme/P5EjJAcI7  
TdT3VfLsi0QCZRnX0B71meCTUzg1BXThnhUriAaLF2QIpFuJs0qMwos7GLFtGXAD  
06WY6ctpiZ8F38v4y9W3O+FXOat8BBW3kOYc/FETEYXtjt9nnCy2AuwWrJ3oKNpE  
qaOI9ikfBbLxCXSW/G9RBSId6vK5tQeeypKY1sYwHRmVOeY8v7rtgi6x7uXHBktV  
sWTXFqtF3HlA8jLpJQjemMGNvLpGaOTK331IRNkSGygtcUrGAGQ=  
=nhZN  
-----END PGP SIGNATURE-----

Debian Security Advisory 5712-1

Debian Linux Security Advisory 5710-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5710-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonJune 14, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-5830 CVE-2024-5831 CVE-2024-5832 CVE-2024-5833                  CVE-2024-5834 CVE-2024-5835 CVE-2024-5836 CVE-2024-5837                  CVE-2024-5838 CVE-2024-5839 CVE-2024-5840 CVE-2024-5841                  CVE-2024-5842 CVE-2024-5843 CVE-2024-5844 CVE-2024-5845                  CVE-2024-5846 CVE-2024-5847Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 126.0.6478.56-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZsdK8ACgkQZF0CR8NudjdfEg//VIIK1hEPZju418flr9luWXi/NKh1PcwFVhDusF5V4q5zBIsqb/5oTuwo5dmZtj5muKUmC4WVhnSqwNtA+ctpr9HPxEcRrOORl2QCeYvdDQYOAFQR4StDAjOPFn196YlDrJ58b5mLez+6f6CpsrCV9XNH37v+nxB3FjwfGSUeLT2GcdArRdfxlFuMp7uKZ5Cg9jID2LeOf86sjIYMxZSMQ7lsqtQYFsXwYsHDCUzGqaQR1qS5IF1eQjTveHwKySMpe3HX9A3mkSZz05cgrmJNvuTbiD3DF5MiwiBxS+zH3pkfrE5OJjahmcw0lUHhvpd3zD2+4uuotIGWJ0OdfbOvbO+r4g2K3CoKFVoyBut1Mu721maoQ51fLsSlHBNu/jirIUi8TgZtOiSbNPAV4O6B8qOznnaeGic4uGFhg3R/lfrQSVSxrJG3NYBCBDjd5P4WrT8VkCCmkwVN3MTEuLRCA6Xj7O1h1GZrxsWxn0ySDzyl2aQCOiZXbxYGae3GzivetQyf8fpjZ2r4zCIxXZ58E+j9Xa32mpl/2xecazaYOv3QXSWO/zaRONCc0JoS5t3V5TU/p9jwDqV+DVYTd8unm7OcAumpQ7K8rPOZ24tjQjLg+wO5d6rFF80Vnz4RFKYsIJukoHJHb1R9DOzF/ufsj7//XzsaYc30Y6ni1HCivNU==p6S/-----END PGP SIGNATURE-----

Debian Security Advisory 5710-1

Red Hat Security Advisory 2024-3939-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3939.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: linux-firmware security update  
Advisory ID:        RHSA-2024:3939-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3939  
Issue date:         2024-06-17  
Revision:           03  
CVE Names:          CVE-2022-27635  
====================================================================

Summary: 

An update for linux-firmware is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The linux-firmware packages contain all of the firmware files that are required by various devices to operate.

Security Fix(es):

* hw: intel: Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi (CVE-2022-46329)

* hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-27635)

* hw: intel: Improper access control for some Intel(R) PROSet/Wireless WiFi (CVE-2022-40964)

* hw: intel: Improper input validation in some Intel(R) PROSet/Wireless WiFi (CVE-2022-36351)

* hw: intel: Improper input validation in some Intel(R) PROSet/Wireless WiFi (CVE-2022-38076)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-27635

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2238960  
https://bugzilla.redhat.com/show_bug.cgi?id=2238961  
https://bugzilla.redhat.com/show_bug.cgi?id=2238962  
https://bugzilla.redhat.com/show_bug.cgi?id=2238963  
https://bugzilla.redhat.com/show_bug.cgi?id=2238964

Red Hat Security Advisory 2024-3939-03

Red Hat Security Advisory 2024-3925-03 - An update is now available for Red Hat Ceph Storage 7.1.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3925.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: Red Hat Ceph Storage 7.1 security, enhancements, and bug fix updateAdvisory ID:        RHSA-2024:3925-03Product:            Red Hat Ceph StorageAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3925Issue date:         2024-06-14Revision:           03CVE Names:          CVE-2023-3128====================================================================Summary: An update is now available for Red Hat Ceph Storage 7.1Description:Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.These new packages include numerous enhancements, bug fixes, and known issues. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7.1/html/release_notes/indexSolution:https://access.redhat.com/articles/1548993https://access.redhat.com/articles/11258CVEs:CVE-2023-3128References:https://access.redhat.com/security/updates/classification/#criticalhttps://access.redhat.com/security/cve/CVE-2023-3128https://access.redhat.com/security/cve/CVE-2023-49568https://access.redhat.com/security/cve/CVE-2023-49569https://access.redhat.com/security/cve/CVE-2023-4822https://bugzilla.redhat.com/show_bug.cgi?id=1871333https://bugzilla.redhat.com/show_bug.cgi?id=1954461https://bugzilla.redhat.com/show_bug.cgi?id=1954463https://bugzilla.redhat.com/show_bug.cgi?id=1995152https://bugzilla.redhat.com/show_bug.cgi?id=2009599https://bugzilla.redhat.com/show_bug.cgi?id=2029585https://bugzilla.redhat.com/show_bug.cgi?id=2061627https://bugzilla.redhat.com/show_bug.cgi?id=2068026https://bugzilla.redhat.com/show_bug.cgi?id=2068030https://bugzilla.redhat.com/show_bug.cgi?id=2079815https://bugzilla.redhat.com/show_bug.cgi?id=2079897https://bugzilla.redhat.com/show_bug.cgi?id=2089167https://bugzilla.redhat.com/show_bug.cgi?id=2107014https://bugzilla.redhat.com/show_bug.cgi?id=2112325https://bugzilla.redhat.com/show_bug.cgi?id=2125107https://bugzilla.redhat.com/show_bug.cgi?id=2130292https://bugzilla.redhat.com/show_bug.cgi?id=2134786https://bugzilla.redhat.com/show_bug.cgi?id=2136766https://bugzilla.redhat.com/show_bug.cgi?id=2144472https://bugzilla.redhat.com/show_bug.cgi?id=2148831https://bugzilla.redhat.com/show_bug.cgi?id=2149450https://bugzilla.redhat.com/show_bug.cgi?id=2153468https://bugzilla.redhat.com/show_bug.cgi?id=2166576https://bugzilla.redhat.com/show_bug.cgi?id=2172162https://bugzilla.redhat.com/show_bug.cgi?id=2176297https://bugzilla.redhat.com/show_bug.cgi?id=2185792https://bugzilla.redhat.com/show_bug.cgi?id=2190366https://bugzilla.redhat.com/show_bug.cgi?id=2207713https://bugzilla.redhat.com/show_bug.cgi?id=2213626https://bugzilla.redhat.com/show_bug.cgi?id=2213766https://bugzilla.redhat.com/show_bug.cgi?id=2217499https://bugzilla.redhat.com/show_bug.cgi?id=2227309https://bugzilla.redhat.com/show_bug.cgi?id=2227314https://bugzilla.redhat.com/show_bug.cgi?id=2233659https://bugzilla.redhat.com/show_bug.cgi?id=2235753https://bugzilla.redhat.com/show_bug.cgi?id=2237038https://bugzilla.redhat.com/show_bug.cgi?id=2237574https://bugzilla.redhat.com/show_bug.cgi?id=2238301https://bugzilla.redhat.com/show_bug.cgi?id=2238537https://bugzilla.redhat.com/show_bug.cgi?id=2238926https://bugzilla.redhat.com/show_bug.cgi?id=2239726https://bugzilla.redhat.com/show_bug.cgi?id=2240138https://bugzilla.redhat.com/show_bug.cgi?id=2240583https://bugzilla.redhat.com/show_bug.cgi?id=2241030https://bugzilla.redhat.com/show_bug.cgi?id=2241056https://bugzilla.redhat.com/show_bug.cgi?id=2241104https://bugzilla.redhat.com/show_bug.cgi?id=2241165https://bugzilla.redhat.com/show_bug.cgi?id=2242431https://bugzilla.redhat.com/show_bug.cgi?id=2243105https://bugzilla.redhat.com/show_bug.cgi?id=2243626https://bugzilla.redhat.com/show_bug.cgi?id=2244417https://bugzilla.redhat.com/show_bug.cgi?id=2245261https://bugzilla.redhat.com/show_bug.cgi?id=2247074https://bugzilla.redhat.com/show_bug.cgi?id=2247140https://bugzilla.redhat.com/show_bug.cgi?id=2247183https://bugzilla.redhat.com/show_bug.cgi?id=2247531https://bugzilla.redhat.com/show_bug.cgi?id=2247586https://bugzilla.redhat.com/show_bug.cgi?id=2247718https://bugzilla.redhat.com/show_bug.cgi?id=2248639https://bugzilla.redhat.com/show_bug.cgi?id=2248855https://bugzilla.redhat.com/show_bug.cgi?id=2249003https://bugzilla.redhat.com/show_bug.cgi?id=2249068https://bugzilla.redhat.com/show_bug.cgi?id=2249518https://bugzilla.redhat.com/show_bug.cgi?id=2249573https://bugzilla.redhat.com/show_bug.cgi?id=2249651https://bugzilla.redhat.com/show_bug.cgi?id=2249744https://bugzilla.redhat.com/show_bug.cgi?id=2249812https://bugzilla.redhat.com/show_bug.cgi?id=2251004https://bugzilla.redhat.com/show_bug.cgi?id=2251192https://bugzilla.redhat.com/show_bug.cgi?id=2252048https://bugzilla.redhat.com/show_bug.cgi?id=2252396https://bugzilla.redhat.com/show_bug.cgi?id=2253313https://bugzilla.redhat.com/show_bug.cgi?id=2254121https://bugzilla.redhat.com/show_bug.cgi?id=2254122https://bugzilla.redhat.com/show_bug.cgi?id=2254125https://bugzilla.redhat.com/show_bug.cgi?id=2254480https://bugzilla.redhat.com/show_bug.cgi?id=2254582https://bugzilla.redhat.com/show_bug.cgi?id=2255030https://bugzilla.redhat.com/show_bug.cgi?id=2255255https://bugzilla.redhat.com/show_bug.cgi?id=2255938https://bugzilla.redhat.com/show_bug.cgi?id=2256560https://bugzilla.redhat.com/show_bug.cgi?id=2256967https://bugzilla.redhat.com/show_bug.cgi?id=2257978https://bugzilla.redhat.com/show_bug.cgi?id=2258143https://bugzilla.redhat.com/show_bug.cgi?id=2258165https://bugzilla.redhat.com/show_bug.cgi?id=2258542https://bugzilla.redhat.com/show_bug.cgi?id=2258879https://bugzilla.redhat.com/show_bug.cgi?id=2258940https://bugzilla.redhat.com/show_bug.cgi?id=2258951https://bugzilla.redhat.com/show_bug.cgi?id=2258997https://bugzilla.redhat.com/show_bug.cgi?id=2259179https://bugzilla.redhat.com/show_bug.cgi?id=2259461https://bugzilla.redhat.com/show_bug.cgi?id=2259938https://bugzilla.redhat.com/show_bug.cgi?id=2260003https://bugzilla.redhat.com/show_bug.cgi?id=2260835https://bugzilla.redhat.com/show_bug.cgi?id=2261239https://bugzilla.redhat.com/show_bug.cgi?id=2262094https://bugzilla.redhat.com/show_bug.cgi?id=2262400https://bugzilla.redhat.com/show_bug.cgi?id=2262469https://bugzilla.redhat.com/show_bug.cgi?id=2262650https://bugzilla.redhat.com/show_bug.cgi?id=2262741https://bugzilla.redhat.com/show_bug.cgi?id=2262919https://bugzilla.redhat.com/show_bug.cgi?id=2262984https://bugzilla.redhat.com/show_bug.cgi?id=2263813https://bugzilla.redhat.com/show_bug.cgi?id=2263898https://bugzilla.redhat.com/show_bug.cgi?id=2263990https://bugzilla.redhat.com/show_bug.cgi?id=2264141https://bugzilla.redhat.com/show_bug.cgi?id=2264142https://bugzilla.redhat.com/show_bug.cgi?id=2264145https://bugzilla.redhat.com/show_bug.cgi?id=2264158https://bugzilla.redhat.com/show_bug.cgi?id=2264168https://bugzilla.redhat.com/show_bug.cgi?id=2264177https://bugzilla.redhat.com/show_bug.cgi?id=2264212https://bugzilla.redhat.com/show_bug.cgi?id=2264213https://bugzilla.redhat.com/show_bug.cgi?id=2264222https://bugzilla.redhat.com/show_bug.cgi?id=2264348https://bugzilla.redhat.com/show_bug.cgi?id=2264812https://bugzilla.redhat.com/show_bug.cgi?id=2264836https://bugzilla.redhat.com/show_bug.cgi?id=2265059https://bugzilla.redhat.com/show_bug.cgi?id=2265148https://bugzilla.redhat.com/show_bug.cgi?id=2265262https://bugzilla.redhat.com/show_bug.cgi?id=2265322https://bugzilla.redhat.com/show_bug.cgi?id=2265415https://bugzilla.redhat.com/show_bug.cgi?id=2265558https://bugzilla.redhat.com/show_bug.cgi?id=2265574https://bugzilla.redhat.com/show_bug.cgi?id=2265890https://bugzilla.redhat.com/show_bug.cgi?id=2265994https://bugzilla.redhat.com/show_bug.cgi?id=2266020https://bugzilla.redhat.com/show_bug.cgi?id=2266092https://bugzilla.redhat.com/show_bug.cgi?id=2266223https://bugzilla.redhat.com/show_bug.cgi?id=2266227https://bugzilla.redhat.com/show_bug.cgi?id=2266248https://bugzilla.redhat.com/show_bug.cgi?id=2266256https://bugzilla.redhat.com/show_bug.cgi?id=2266411https://bugzilla.redhat.com/show_bug.cgi?id=2266529https://bugzilla.redhat.com/show_bug.cgi?id=2266530https://bugzilla.redhat.com/show_bug.cgi?id=2266579https://bugzilla.redhat.com/show_bug.cgi?id=2267040https://bugzilla.redhat.com/show_bug.cgi?id=2267624https://bugzilla.redhat.com/show_bug.cgi?id=2267625https://bugzilla.redhat.com/show_bug.cgi?id=2267715https://bugzilla.redhat.com/show_bug.cgi?id=2267763https://bugzilla.redhat.com/show_bug.cgi?id=2267814https://bugzilla.redhat.com/show_bug.cgi?id=2267957https://bugzilla.redhat.com/show_bug.cgi?id=2268036https://bugzilla.redhat.com/show_bug.cgi?id=2268039https://bugzilla.redhat.com/show_bug.cgi?id=2268040https://bugzilla.redhat.com/show_bug.cgi?id=2268059https://bugzilla.redhat.com/show_bug.cgi?id=2268414https://bugzilla.redhat.com/show_bug.cgi?id=2268560https://bugzilla.redhat.com/show_bug.cgi?id=2268567https://bugzilla.redhat.com/show_bug.cgi?id=2268996https://bugzilla.redhat.com/show_bug.cgi?id=2269038https://bugzilla.redhat.com/show_bug.cgi?id=2269321https://bugzilla.redhat.com/show_bug.cgi?id=2269337https://bugzilla.redhat.com/show_bug.cgi?id=2269347https://bugzilla.redhat.com/show_bug.cgi?id=2269374https://bugzilla.redhat.com/show_bug.cgi?id=2269381https://bugzilla.redhat.com/show_bug.cgi?id=2269526https://bugzilla.redhat.com/show_bug.cgi?id=2269662https://bugzilla.redhat.com/show_bug.cgi?id=2269664https://bugzilla.redhat.com/show_bug.cgi?id=2269687https://bugzilla.redhat.com/show_bug.cgi?id=2270211https://bugzilla.redhat.com/show_bug.cgi?id=2270237https://bugzilla.redhat.com/show_bug.cgi?id=2270245https://bugzilla.redhat.com/show_bug.cgi?id=2270334https://bugzilla.redhat.com/show_bug.cgi?id=2270402https://bugzilla.redhat.com/show_bug.cgi?id=2270442https://bugzilla.redhat.com/show_bug.cgi?id=2270625https://bugzilla.redhat.com/show_bug.cgi?id=2270645https://bugzilla.redhat.com/show_bug.cgi?id=2270656https://bugzilla.redhat.com/show_bug.cgi?id=2270785https://bugzilla.redhat.com/show_bug.cgi?id=2271096https://bugzilla.redhat.com/show_bug.cgi?id=2271110https://bugzilla.redhat.com/show_bug.cgi?id=2271135https://bugzilla.redhat.com/show_bug.cgi?id=2271399https://bugzilla.redhat.com/show_bug.cgi?id=2271806https://bugzilla.redhat.com/show_bug.cgi?id=2271835https://bugzilla.redhat.com/show_bug.cgi?id=2271938https://bugzilla.redhat.com/show_bug.cgi?id=2272031https://bugzilla.redhat.com/show_bug.cgi?id=2272038https://bugzilla.redhat.com/show_bug.cgi?id=2272157https://bugzilla.redhat.com/show_bug.cgi?id=2272437https://bugzilla.redhat.com/show_bug.cgi?id=2272468https://bugzilla.redhat.com/show_bug.cgi?id=2272621https://bugzilla.redhat.com/show_bug.cgi?id=2272622https://bugzilla.redhat.com/show_bug.cgi?id=2272632https://bugzilla.redhat.com/show_bug.cgi?id=2272647https://bugzilla.redhat.com/show_bug.cgi?id=2272661https://bugzilla.redhat.com/show_bug.cgi?id=2272662https://bugzilla.redhat.com/show_bug.cgi?id=2272979https://bugzilla.redhat.com/show_bug.cgi?id=2273000https://bugzilla.redhat.com/show_bug.cgi?id=2273608https://bugzilla.redhat.com/show_bug.cgi?id=2273693https://bugzilla.redhat.com/show_bug.cgi?id=2273836https://bugzilla.redhat.com/show_bug.cgi?id=2273837https://bugzilla.redhat.com/show_bug.cgi?id=2273927https://bugzilla.redhat.com/show_bug.cgi?id=2273935https://bugzilla.redhat.com/show_bug.cgi?id=2273936https://bugzilla.redhat.com/show_bug.cgi?id=2273938https://bugzilla.redhat.com/show_bug.cgi?id=2274305https://bugzilla.redhat.com/show_bug.cgi?id=2274703https://bugzilla.redhat.com/show_bug.cgi?id=2274704https://bugzilla.redhat.com/show_bug.cgi?id=2275103https://bugzilla.redhat.com/show_bug.cgi?id=2275323https://bugzilla.redhat.com/show_bug.cgi?id=2275459https://bugzilla.redhat.com/show_bug.cgi?id=2275463https://bugzilla.redhat.com/show_bug.cgi?id=2275506https://bugzilla.redhat.com/show_bug.cgi?id=2275861https://bugzilla.redhat.com/show_bug.cgi?id=2276031https://bugzilla.redhat.com/show_bug.cgi?id=2276034https://bugzilla.redhat.com/show_bug.cgi?id=2276038https://bugzilla.redhat.com/show_bug.cgi?id=2276340https://bugzilla.redhat.com/show_bug.cgi?id=2276361https://bugzilla.redhat.com/show_bug.cgi?id=2276379https://bugzilla.redhat.com/show_bug.cgi?id=2276498https://bugzilla.redhat.com/show_bug.cgi?id=2276636https://bugzilla.redhat.com/show_bug.cgi?id=2276900https://bugzilla.redhat.com/show_bug.cgi?id=2276989https://bugzilla.redhat.com/show_bug.cgi?id=2277099https://bugzilla.redhat.com/show_bug.cgi?id=2277143https://bugzilla.redhat.com/show_bug.cgi?id=2277692https://bugzilla.redhat.com/show_bug.cgi?id=2277699https://bugzilla.redhat.com/show_bug.cgi?id=2277830https://bugzilla.redhat.com/show_bug.cgi?id=2277944https://bugzilla.redhat.com/show_bug.cgi?id=2277945https://bugzilla.redhat.com/show_bug.cgi?id=2277947https://bugzilla.redhat.com/show_bug.cgi?id=2278166https://bugzilla.redhat.com/show_bug.cgi?id=2278326https://bugzilla.redhat.com/show_bug.cgi?id=2278778https://bugzilla.redhat.com/show_bug.cgi?id=2279339https://bugzilla.redhat.com/show_bug.cgi?id=2279352https://bugzilla.redhat.com/show_bug.cgi?id=2279461https://bugzilla.redhat.com/show_bug.cgi?id=2279530https://bugzilla.redhat.com/show_bug.cgi?id=2279607https://bugzilla.redhat.com/show_bug.cgi?id=2279862https://bugzilla.redhat.com/show_bug.cgi?id=2280205https://bugzilla.redhat.com/show_bug.cgi?id=2280332https://bugzilla.redhat.com/show_bug.cgi?id=2280742https://bugzilla.redhat.com/show_bug.cgi?id=2280954https://bugzilla.redhat.com/show_bug.cgi?id=2281465https://bugzilla.redhat.com/show_bug.cgi?id=2281471https://bugzilla.redhat.com/show_bug.cgi?id=2282364https://bugzilla.redhat.com/show_bug.cgi?id=2282533https://bugzilla.redhat.com/show_bug.cgi?id=2283630

Red Hat Security Advisory 2024-3925-03

Red Hat Security Advisory 2024-3868-03 - Network Observability 1.6 for Red Hat OpenShift. Issues addressed include code execution, denial of service, memory exhaustion, and password leak vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3868.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Network Observability 1.6.0 for OpenShiftAdvisory ID:        RHSA-2024:3868-03Product:            Network ObservabilityAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3868Issue date:         2024-06-17Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: Network Observability 1.6 for Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Network Observability 1.6.0Security Fix(es):* CVE-2024-29180 webpack-dev-middleware: lack of URL validation may lead to file leak* CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON* CVE-2023-42282 nodejs-ip: arbitrary code execution via the isPublic() function* CVE-2023-39326 golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests* CVE-2024-28849 follow-redirects: Possible credential leak* CVE-2024-24783 golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm* CVE-2023-45289 golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect* CVE-2023-45290 golang: net/http: memory exhaustion in Request.ParseMultipartForm* CVE-2024-24785 golang: html/template: errors returned from MarshalJSON methods may break template escaping* CVE-2024-29041 express: cause malformed URLs to be evaluated [noo-1]For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2253330https://bugzilla.redhat.com/show_bug.cgi?id=2265161https://bugzilla.redhat.com/show_bug.cgi?id=2268017https://bugzilla.redhat.com/show_bug.cgi?id=2268018https://bugzilla.redhat.com/show_bug.cgi?id=2268019https://bugzilla.redhat.com/show_bug.cgi?id=2268022https://bugzilla.redhat.com/show_bug.cgi?id=2268046https://bugzilla.redhat.com/show_bug.cgi?id=2269576https://bugzilla.redhat.com/show_bug.cgi?id=2270863https://bugzilla.redhat.com/show_bug.cgi?id=2290901https://issues.redhat.com/browse/NETOBSERV-1279https://issues.redhat.com/browse/NETOBSERV-1408https://issues.redhat.com/browse/NETOBSERV-1424https://issues.redhat.com/browse/NETOBSERV-1453https://issues.redhat.com/browse/NETOBSERV-1459https://issues.redhat.com/browse/NETOBSERV-1462https://issues.redhat.com/browse/NETOBSERV-1544https://issues.redhat.com/browse/NETOBSERV-1598https://issues.redhat.com/browse/NETOBSERV-1606https://issues.redhat.com/browse/NETOBSERV-1607https://issues.redhat.com/browse/NETOBSERV-1621https://issues.redhat.com/browse/NETOBSERV-1630https://issues.redhat.com/browse/NETOBSERV-1647

Red Hat Security Advisory 2024-3868-03

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates.
"The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system," German

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed **BadSpace** under the guise of fake browser updates.

"The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser update, and a JScript downloader to deploy a backdoor into the victim's system," German cybersecurity company G DATA said in a report.

Details of the malware were first shared by researchers kevross33 and Gi7w0rm last month.

It all starts with a compromised website, including those built on WordPress, to inject code that incorporates logic to determine if a user has visited the site before.

Should it be the user's first visit, the code collects information about the device, IP address, user-agent, and location, and transmits it to a hard-coded domain via an HTTP GET request.

The response from the server subsequently overlays the contents of the web page with a phony Google Chrome update pop-up window to either directly drop the malware or a JavaScript downloader that, in turn, downloads and executes BadSpace.

An analysis of the C2 servers used in the campaign has uncovered connections to a known malware called SocGholish (aka FakeUpdates), a JavaScript-based downloader malware that's propagated via the same mechanism.

BadSpace, in addition to employing anti-sandbox checks and setting up persistence using scheduled tasks, is capable of harvesting system information and processing commands that allow it to take screenshots, execute instructions using cmd.exe, read and write files, and delete the scheduled task.

The disclosure comes as both eSentire and Sucuri have warned different campaigns leveraging bogus browser update lures in compromised sites to distribute information stealers and remote access trojans.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Red Hat Security Advisory 2024-3929-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3929.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: dnsmasq security updateAdvisory ID:        RHSA-2024:3929-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3929Issue date:         2024-06-13Revision:           03CVE Names:          CVE-2023-50387====================================================================Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.Security Fix(es):* bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-50387References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263914https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Red Hat Security Advisory 2024-3929-03

Red Hat Security Advisory 2024-3927-03 - A new container image for Red Hat Ceph Storage 7.1 is now available in the Red Hat Ecosystem Catalog.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3927.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat Ceph Storage 7.1 container image security, and bug fix update  
Advisory ID:        RHSA-2024:3927-03  
Product:            Red Hat Ceph Storage  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3927  
Issue date:         2024-06-13  
Revision:           03  
CVE Names:          CVE-2023-39325  
====================================================================

Summary: 

A new container image for Red Hat Ceph Storage 7.1 is now available in the  
Red Hat Ecosystem Catalog.

Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.

This new container image is based on Red Hat Ceph Storage 7.0 and Red Hat Enterprise Linux 9.2.

Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7.1/html/release_notes/index

All users of Red Hat Ceph Storage are advised to pull these new images from  
the Red Hat Ecosystem catalog, which provides numerous enhancements and bug  
fixes.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7

https://access.redhat.com/articles/1548993

CVEs:

CVE-2023-39325

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/security/cve/CVE-2023-39325  
https://access.redhat.com/security/cve/CVE-2024-22195  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://bugzilla.redhat.com/show_bug.cgi?id=2257854  
https://bugzilla.redhat.com/show_bug.cgi?id=2268114

Red Hat Security Advisory 2024-3927-03

Red Hat Security Advisory 2024-3926-03 - An update for expat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3926.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: expat security updateAdvisory ID:        RHSA-2024:3926-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3926Issue date:         2024-06-13Revision:           03CVE Names:          CVE-2023-52425====================================================================Summary: An update for expat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Expat is a C library for parsing XML documents.Security Fix(es):* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)* expat: XML Entity Expansion (CVE-2024-28757)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-52425References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2262877https://bugzilla.redhat.com/show_bug.cgi?id=2268766

Red Hat Security Advisory 2024-3926-03

Red Hat Security Advisory 2024-3920-03 - Migration Toolkit for Runtimes 1.2.6 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a password leak vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3920.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Migration Toolkit for Runtimes security, bug fix and enhancement updateAdvisory ID:        RHSA-2024:3920-03Product:            Migration Toolkit for RuntimesAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3920Issue date:         2024-06-13Revision:           03CVE Names:          CVE-2023-45857====================================================================Summary: Migration Toolkit for Runtimes 1.2.6 releaseRed Hat Product Security has rated this update as having a security impact of Important.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Migration Toolkit for Runtimes 1.2.6 ZIP artifactsSecurity Fix(es):* axios: exposure of confidential data stored in cookies (CVE-2023-45857)* follow-redirects: Possible credential leak (CVE-2024-28849)* commons-configuration2: various flaws (CVE-2024-29131)* commons-configuration2: various flaws (CVE-2024-29133)* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:CVE-2023-45857References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributionshttps://issues.redhat.com/browse/WINDUPRULE-1049

Tag

#js