#linux

Red Hat Security Advisory 2024-3837-03 - An update for 389-ds-base is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-3835-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-3834-03 - An update for gdk-pixbuf2 is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-3831-03 - An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-3830-03 - An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-3827-03 - An update for buildah is now available for Red Hat Enterprise Linux 9. Issues addressed include memory exhaustion and resource exhaustion vulnerabilities.

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

VSCode when opening a Jupyter notebook (.ipynb) file bypasses the trust model. On versions v1.4.0 through v1.71.1, its possible for the Jupyter notebook to embed HTML and javascript, which can then open new terminal windows within VSCode. Each of these new windows can then execute arbitrary code at startup. During testing, the first open of the Jupyter notebook resulted in pop-ups displaying errors of unable to find the payload exe file. The second attempt at opening the Jupyter notebook would result in successful execution. Successfully tested against VSCode 1.70.2 on Windows 10.

Oracle Database versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c allows for unauthorized access to password hashes by an account with the DBA role.

Ubuntu Security Notice 6817-2 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service.