Red Hat Security Advisory 2024-4035-03 - An update for ovn-2021 is now available in Fast Datapath for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4035.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: ovn-2021 security updateAdvisory ID:        RHSA-2024:4035-03Product:            Fast DatapathAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4035Issue date:         2024-06-20Revision:           03CVE Names:          CVE-2024-2182====================================================================Summary: An update for ovn-2021 is now available in Fast Datapath for Red HatEnterprise Linux 8.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:OVN, the Open Virtual Network, is a system to support virtual networkabstraction.  OVN complements the existing capabilities of OVS to addnative support for virtual network abstractions, such as virtual L2 and L3overlays and security groups.Security fix(es):* ovn-2021: insufficient validation of BFD packets may lead to denial of service (CVE-2024-2182)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-2182References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2267840

Red Hat Security Advisory 2024-4035-03

Red Hat Security Advisory 2024-4023-03 - Red Hat openshift-serverless-clients kn 1.33.0 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4023.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: Release of openshift-serverless-clients kn 1.33.0 security update & enhancementsAdvisory ID:        RHSA-2024:4023-03Product:            Red Hat OpenShift ServerlessAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4023Issue date:         2024-06-20Revision:           03CVE Names:          CVE-2023-45288====================================================================Summary: Red Hat openshift-serverless-clients kn 1.33.0 is now available.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Red Hat OpenShift Serverless Client kn 1.33.0 provides a CLI to interact withRed Hat OpenShift Serverless 1.33.0. The kn CLI is delivered as an RPM packagefor installation on RHEL platforms, and as binaries for non-Linux platforms.This release includes security, bug fixes, and enhancements.Security Fix(es):* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)* golang: net/mail: comments in display names are incorrectly handled (CVE-2024-24784)* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)* golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (CVE-2023-45289)* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)A Red Hat Security Bulletin, which addresses further details about the RapidReset flaw is available in the References section.For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1CVEs:CVE-2023-45288References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/documentation/en-us/red_hat_openshift_serverless/1https://bugzilla.redhat.com/show_bug.cgi?id=2268017https://bugzilla.redhat.com/show_bug.cgi?id=2268018https://bugzilla.redhat.com/show_bug.cgi?id=2268019https://bugzilla.redhat.com/show_bug.cgi?id=2268021https://bugzilla.redhat.com/show_bug.cgi?id=2268022https://bugzilla.redhat.com/show_bug.cgi?id=2268273https://bugzilla.redhat.com/show_bug.cgi?id=2277862

Red Hat Security Advisory 2024-4023-03

Red Hat Security Advisory 2024-4018-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4018.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:4018-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4018  
Issue date:         2024-06-20  
Revision:           03  
CVE Names:          CVE-2024-5688  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.12.1.

Security Fix(es):

* thunderbird: Use-after-free in networking (CVE-2024-5702)

* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)

* thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)

* thunderbird:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)

* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)

* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-5688

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2291394  
https://bugzilla.redhat.com/show_bug.cgi?id=2291395  
https://bugzilla.redhat.com/show_bug.cgi?id=2291396  
https://bugzilla.redhat.com/show_bug.cgi?id=2291397  
https://bugzilla.redhat.com/show_bug.cgi?id=2291399  
https://bugzilla.redhat.com/show_bug.cgi?id=2291400  
https://bugzilla.redhat.com/show_bug.cgi?id=2291401

Red Hat Security Advisory 2024-4018-03

Debian Linux Security Advisory 5717-1 - It was discovered that user validation was incorrectly implemented for filter_var(FILTER_VALIDATE_URL) for php8.2.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5717-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
June 20, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : php8.2  
CVE ID         : CVE-2024-5458

It was discovered that user validation was incorrectly implemented  
for filter_var(FILTER_VALIDATE_URL).

For the stable distribution (bookworm), this problem has been fixed in  
version 8.2.20-1~deb12u1.

We recommend that you upgrade your php8.2 packages.

For the detailed security status of php8.2 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/php8.2

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ0dO4ACgkQEMKTtsN8  
TjZE3w/+MqMgfCFODFOJynqDrcdQ4cycenVYZc3LhR9Als8W1OViYT/oyXGGlCIY  
iETylmEKhZfm9jUDCLKu0wdFWPkUrpbABUZMGgIW4PG4F4eBxDCaLbtqoaQgyOJ5  
wcx2f9MDtg+ST1NOpjRYUDoDaXapfSNefegUedXdapXgA3IrYFt2XnTo7su7eO5i  
2lBCguFY2errAUqsM9IDrmryYVu43BelVVsxnL+qQ3WUeIxL8tQDBXTmB1g+cQRk  
wC1dHrXWok5op0cRR8Wv9gVW0hDugLt7r+mhOMPgo3AyB1eOKdvRvrUWEveLeH1P  
Mozki0nWfjKW0V5cE/0vKFY0Oxo9WJHo8lvWnx1S2Bd3Grrxps2oRT6NRGN8nsBM  
WcViPXZwAIu2Q+1vQUAnWB48zExV3vOOMdzoUw6ROy+N4fIfXH7GjycENOPb0jYi  
Ty94WeOLQcTAcjtlBZaa5YuZjPZBdsf98n0NC+NtK61pERD8wio8OLm7RtMcGy8T  
GgUQzMXDpkhaEceUA+k1HQiqOVGgq+GxXrAdOHBkElhwZ7/Oq0660T1hV3yDleJz  
hRbMLIXDbG/jTmbpHc3faGgY8PlYE8NPaHou61e1OA8Mn2dlZEJAn1pSPgJibIz0  
MvGNx1AZPBF4TQg+qxbPzZjEO3xHoYyfQs7OOk87V5pVlSdoW1c=  
=th5l  
-----END PGP SIGNATURE-----

Debian Security Advisory 5717-1

The "Markopolo" threat actors built a convincing brand and Web presence for fake software to deliver the dangerous Atomic macOS stealer, among other malware, to carry out cryptocurrency heists.

Source: Klaus Ohlenschlaeger via Alamy Stock Photo

A widespread campaign aimed at stealing cryptocurrency is spreading a wave of infostealers through fake virtual meeting software for both macOS and Windows platforms, particularly targeting the former with the dangerous Atomic stealer.

Discovered by Recorded Future's Insikt Group, the campaign attributed to a threat actor dubbed "Markopolo" is responsible for an elaborate Web and social media presence for a fake app called Vortax, according to a report (PDF) published this week.

Vortax is purported to be virtual meeting software for various platforms but actually is a delivery mechanism for three infostealers: Rhadamanthys, Stealc, and Atomic, the researchers found. Attackers target cryptocurrency users in the campaign through social media and Telegram channels for the purpose of stealing credentials, so they can in turn steal crypto from them, according to Insikt.

The campaign is connected to a previously reported attack by Markopolo, identified then only as a Russian-speaking threat group, that previously targeted the Web3 gaming community. The group is known for using shared hosting and command-and-control (C2) infrastructure in order to be able to pivot agilely to new scams when detected, according to Insikt.

"The campaign indicates a widespread credential-harvesting operation, potentially positioning Markopolo as an initial access broker or 'log vendor' on Dark Web shops like Russian Market or 2easy Shop," Insikt Group wrote in a blog post associated with the report.

The activity also demonstrates an uptick in infostealers that target macOS, which traditionally have been less prevalent than their Windows counterparts, Insikt Group noted in its report. Reports of Atomic stealer in particular have been on the rise based on recent research.

"The high volume of \[Atomic\] activity observed in this campaign builds on previous Insikt Group reporting, which found that mentions of macOS malware and exploit kits increased by 79% year-on-year from 2022 to 2023," according to the report. This "may indicate" a link between the overall number of references to macOS malware and the increased frequency of Atomic stealer campaigns observed in the wild, the researchers noted.

**Vortax: Threats Hiding Behind a Convincing Brand**

The foundation of the campaign is in Vortax, a fake "self-proclaimed" virtual meeting software marketed as cross-platform and AI-enhanced for which attackers built a convincing online brand. All major search engines index Vortax, which has a presence (@VortaxSpace) on social media platforms and even maintains a Medium blog using what are likely AI-generated articles.

The company behind the software claims to operate out of an address in Toronto that is actually an apartment building, and even boasts online about bogus awards from respected publications such as Forbes. However, closer inspection revealed that Vortax is a fraud, particularly shown by related website domains, vortax.io and vortax.space — the latter of which has since been suspended — that are rife with spelling and grammatical errors, according to Insikt.

Vortax advertises applications for Windows, Linux, macOS, iOS, and Android on its sites, though users cannot actually download the applications without a “Room ID," which functions as a meeting invitation.

Accounts associated with Vortax have four primary methods for sharing Room IDs — the most common of which are R12307012, R39264552, R87103129, and R71231209. These methods include: replies to the Vortax account on social media; direct messages on social media; posting in cryptocurrency-related Telegram channels; and posting in cryptocurrency-themed Discord channels.

These IDs ultimately lead to an installer for downloading Vortax, which as described just a front for delivering infostealing malware. On Windows platforms, the fake software delivers Rhadamanthys and Stealc, while it loads the Atomic stealer on macOS platforms.

To the user, it appears that Vortax is never actually installed, with the installation process "claiming that it encounters critical errors that impede it from running," while the software is actually "running many malicious processes" in the background, according to the report.

**Mitigation Against Malware-Hiding Software**

Insikt made a number of suggestions for mitigating the campaign, particularly across the macOS platform — which increasingly is being targeted and thus demands new vigilance and "robust defense strategies," according to the report.

Indeed, the distribution of Atomic stealer, previously distributed via fake software updates, demonstrates a pivot by by infostealing threat actors to macOS. One mitigation for the campaign, then, is to ensure that detection systems for Atomic infostealer are regularly updated to prevent infections, according to Insikt.

Organizations also should educate users on the risks of downloading unapproved software, especially from social media or search engines, and implement strict security controls to prevent employees from doing so. They also should encourage corporate network users to report suspicious activities encountered on social media and other platforms.

According to Insikt Group, using intelligence and monitoring platforms that scan for malicious domains and IP addresses associated with Atomic stealer and other macOS malware also can help prevent infection.

**About the Author(s)**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

'Vortax' Meeting Software Builds Elaborate Branding, Spreads Infostealers

Debian Linux Security Advisory 5716-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5716-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonJune 19, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-6100 CVE-2024-6101 CVE-2024-6102 CVE-2024-6103Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 126.0.6478.114-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmZzIpkACgkQZF0CR8Nudjdx6g/6Au2ftR6rzms9kC3GBwAwD7cpWWIqFPvCYTwuLidwwAma7Z8yWT19PWgHqDUUn0rA1PSHjUII9ZSDcMmvlRcYrZniqXbXQHibn1WhHJpfsInY2ddcBiQzywyTfFUXpQpQlaUEte0qry9fQ5c1Orr8YUc/w7dWThtZIXAEdjLXndvS5ToXKPqM8d6PLKgKDSF+TKhIwC8ft7vxdAW3APupwVolLiqGvkO+b6qLOURg2UHhG+oTf1RG8Klsl4dtm8e8tZPzkKWMv1KjnK4PUxOhHAMO512ZaCDlJNKWbVS/aoc96N+xWXUPOXPWeilXKgd6fsDOYSvofQ8iPwPBZjM+E92nJhXA1dpB7odkh4BRAiyV73txrb5NiOkyWMjo2MDADBhzLJq3oCSnST1V54Mgu81QCK0NdX6vPk1K3UXbFUmIB701GXi740S/ZyAdxO13F3d4SRqASLhMwIyhmHxHQImKRNH6IMeuW2fKaEyrxAvR0mUIkNrNNR/4YxFlWeOgZBvjI5HCk4lwZoHzcBbEQ0txTEkcJOe9KG0Bl36360MEW1U1W/XPNUmWzldnS+AYsnTeJqtNFB0bTKdED9CjW/0KCYIueJ/s4iI+qjVDsAYW9F9TC868gkQ5tiuuTm2Ss1cifvx8QbiGcwTVuIar5zKyZlG9gBvz0pRar6lcDt8==+zlS-----END PGP SIGNATURE-----

Debian Security Advisory 5716-1

Red Hat Security Advisory 2024-4016-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 7. Issues addressed include bypass and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4016.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:4016-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4016  
Issue date:         2024-06-20  
Revision:           03  
CVE Names:          CVE-2024-5688  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.12.1.

Security Fix(es):

* thunderbird: Use-after-free in networking (CVE-2024-5702)

* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)

* thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)

* thunderbird:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)

* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)

* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-5688

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2291394  
https://bugzilla.redhat.com/show_bug.cgi?id=2291395  
https://bugzilla.redhat.com/show_bug.cgi?id=2291396  
https://bugzilla.redhat.com/show_bug.cgi?id=2291397  
https://bugzilla.redhat.com/show_bug.cgi?id=2291399  
https://bugzilla.redhat.com/show_bug.cgi?id=2291400  
https://bugzilla.redhat.com/show_bug.cgi?id=2291401

Red Hat Security Advisory 2024-4016-03

Red Hat Security Advisory 2024-4015-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include bypass and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4015.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:4015-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4015  
Issue date:         2024-06-20  
Revision:           03  
CVE Names:          CVE-2024-5688  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.12.1.

Security Fix(es):

* thunderbird: Use-after-free in networking (CVE-2024-5702)

* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)

* thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)

* thunderbird:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)

* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)

* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-5688

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2291394  
https://bugzilla.redhat.com/show_bug.cgi?id=2291395  
https://bugzilla.redhat.com/show_bug.cgi?id=2291396  
https://bugzilla.redhat.com/show_bug.cgi?id=2291397  
https://bugzilla.redhat.com/show_bug.cgi?id=2291399  
https://bugzilla.redhat.com/show_bug.cgi?id=2291400  
https://bugzilla.redhat.com/show_bug.cgi?id=2291401

Red Hat Security Advisory 2024-4015-03

Red Hat Security Advisory 2024-4014-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4014.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: ghostscript security updateAdvisory ID:        RHSA-2024:4014-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4014Issue date:         2024-06-20Revision:           03CVE Names:          CVE-2024-33871====================================================================Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.Security Fix(es):* ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-33871References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2283508

Red Hat Security Advisory 2024-4014-03

Red Hat Security Advisory 2024-4004-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4004.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:4004-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4004  
Issue date:         2024-06-20  
Revision:           03  
CVE Names:          CVE-2024-5688  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.12.1.

Security Fix(es):

* thunderbird: Use-after-free in networking (CVE-2024-5702)

* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)

* thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)

* thunderbird:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)

* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)

* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-5688

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2291394  
https://bugzilla.redhat.com/show_bug.cgi?id=2291395  
https://bugzilla.redhat.com/show_bug.cgi?id=2291396  
https://bugzilla.redhat.com/show_bug.cgi?id=2291397  
https://bugzilla.redhat.com/show_bug.cgi?id=2291399  
https://bugzilla.redhat.com/show_bug.cgi?id=2291400  
https://bugzilla.redhat.com/show_bug.cgi?id=2291401

Tag

#linux