#js

Red Hat Security Advisory 2024-2394-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, double free, integer overflow, memory exhaustion, memory leak, null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2387-03 - An update for mod_jk and mod_proxy_cluster is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting and information leakage vulnerabilities.

Red Hat Security Advisory 2024-2377-03 - An update for zziplib is now available for Red Hat Enterprise Linux 9.

### Impact On CRI-O, an arbitrary systemd property can be injected via a Pod annotation: ``` --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: # I believe that ExecStart with an arbitrary command works here too, # but I haven't figured out how to marshalize the ExecStart struct to gvariant string. org.systemd.property.SuccessAction: "'poweroff-force'" spec: containers: - name: hello image: [quay.io/podman/hello](http://quay.io/podman/hello) ``` This means that any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system. Tested with CRI-O v1.24 on minikube. Thanks to Cédric Clerget (GitHub ID @cclerget) for finding out that CRI-O just passes pod annotations to OCI annotations: https://github.com/opencontainers/runc/pull/3923#discussion_r1532292536 CRI-O has to filter out annotations that have the prefix "org.systend.property." See also: - https://github.com...

The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files.

Debian Linux Security Advisory 5675-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Red Hat Security Advisory 2024-2098-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-2097-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-2088-03 - An update is now available for the Red Hat build of Cryostat 2 on RHEL 8. Issues addressed include denial of service, memory exhaustion, and memory leak vulnerabilities.

Red Hat Security Advisory 2024-2086-03 - An update for shim is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.