Debian Linux Security Advisory 5726-1 - Two vulnerabilities were discovered in the GSS message token handling in krb5, the MIT implementation of Kerberos. An attacker can take advantage of these flaws to bypass integrity protections or cause a denial of service.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5726-1                   security@debian.org  
https://www.debian.org/security/                     Salvatore Bonaccorso  
July 05, 2024                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : krb5  
CVE ID         : CVE-2024-37370 CVE-2024-37371

Two vulnerabilities were discovered in the GSS message token handling in  
krb5, the MIT implementation of Kerberos. An attacker can take advantage  
of these flaws to bypass integrity protections or cause a denial of  
service.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1.18.3-6+deb11u5.

For the stable distribution (bookworm), these problems have been fixed in  
version 1.20.1-2+deb12u2.

We recommend that you upgrade your krb5 packages.

For the detailed security status of krb5 please refer to its security  
tracker page at:  
https://security-tracker.debian.org/tracker/krb5

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaIYgxfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2  
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND  
z0QlXw//Zxf+qU8sOJoolWJrkNtWA4QXSkbSqPzzufgxH97Tac6qgYEo9KIDMZzS  
eThOW0r1OqqPS3131lMRgRpzDpJd502vHylsAOyKp9zUloVr9dSK0R1W1ALp0tOp  
I55xB9KnNxRwmuaXqpDbs/g9eBX+oLcbaLyq9krT4baQg/f4sfWd+mBFkPEAbVcH  
tvUzuGL34ANUaSwIaJ7pcCBjUWZtqL9XNC0DsB7n3xyuKk193/dASajAopsOavBR  
6imyxmxNduO9F+MxSd7IELCyRqRZ7YkM30ZCmKgYM4velc8fFYSLmdT8lzvogBbc  
rCnH161JkSy2mxLS5MjmdbY8V/Pu37xL3lcejoYmq4RM5eceZuGOr6LYk3Xp3nzV  
ytVrZ852Az2KZa0EwZQ7Haz2csStbmKwTDQRbHkq21+BMZ5ZkWF6Lj0jeCx/UsSY  
gpWDDsKbSsrioIMM5W9q6avf1O0h/xUTy/S2k1+kY0RrAnI49NIivSc9J9ZwoRvV  
5ygq7Cu7K/cYU4KxrmRQB0Us2EEUY9TCAOKNXXu9h/YpV3WQUzfBlkw+o0OYQ6vG  
poxo0kOR2bzfCwT2aKSbtq3uXMaeg64rHhMG1PrsO1gDn8NczoQ1nsWnZQ4rdeUj  
lEbzC7NBzPQNVpbCt+NvaXdZjI7CIB3kfrgRfwQSGji/VlSVhVk=  
=oNDx  
-----END PGP SIGNATURE-----

Debian Security Advisory 5726-1

Gentoo Linux Security Advisory 202407-21 - Multiple vulnerabilities have been discovered in the X.Org X11 library, the worst of which could lead to a denial of service. Versions greater than or equal to 1.8.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-21  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: X.Org X11 library: Multiple Vulnerabilities  
     Date: July 06, 2024  
     Bugs: #877461, #908549, #915129  
       ID: 202407-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in the X.Org X11 library,  
the worst of which could lead to a denial of service.

Background  
==========

X.Org is an implementation of the X Window System. The X.Org X11 library  
provides the X11 protocol library files.

Affected packages  
=================

Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
x11-libs/libX11  < 1.8.7       >= 1.8.7

Description  
===========

Multiple vulnerabilities have been discovered in X.Org X11 library.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All X.Org X11 library users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=x11-libs/libX11-1.8.7"

References  
==========

[ 1 ] CVE-2022-3554  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3554  
[ 2 ] CVE-2022-3555  
      https://nvd.nist.gov/vuln/detail/CVE-2022-3555  
[ 3 ] CVE-2023-3138  
      https://nvd.nist.gov/vuln/detail/CVE-2023-3138  
[ 4 ] CVE-2023-43785  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43785  
[ 5 ] CVE-2023-43786  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43786  
[ 6 ] CVE-2023-43787  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43787

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-21

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-21

Gentoo Linux Security Advisory 202407-20 - A vulnerability has been discovered in KDE Plasma Workspaces, which can lead to privilege escalation. Versions greater than or equal to 5.27.11.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-20  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: KDE Plasma Workspaces: Privilege Escalation  
     Date: July 06, 2024  
     Bugs: #933342  
       ID: 202407-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in KDE Plasma Workspaces, which can  
lead to privilege escalation.

Background  
==========

KDE Plasma workspace is a widget based desktop environment designed to  
be fast and efficient.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
kde-plasma/plasma-workspace  < 5.27.11.1   >= 5.27.11.1

Description  
===========

Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.  
Please review the CVE identifiers referenced below for details.

Impact  
======

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE  
based purely on the host, allowing all local connections. This allows  
another user on the same machine to gain access to the session  
manager.

A well crafted client could use the session restore feature to execute  
arbitrary code as the user on the next boot.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All KDE Plasma Workspaces users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=kde-plasma/plasma-workspace-5.27.11.1"

References  
==========

[ 1 ] CVE-2024-36041  
      https://nvd.nist.gov/vuln/detail/CVE-2024-36041

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-20

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-20

This whitepaper discusses eBPF technology in the Linux kernel and introduces the BPF Runtime Fuzzer (BRF), a fuzzer that can satisfy the semantics and dependencies required by the verifier and the eBPF subsystem.

BRF: eBPF Runtime Fuzzer

Gentoo Linux Security Advisory 202407-19 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.11.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-19  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Thunderbird: Multiple Vulnerabilities  
     Date: July 06, 2024  
     Bugs: #932375  
       ID: 202407-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird,  
the worst of which could lead to remote code execution.

Background  
==========

Mozilla Thunderbird is a popular open-source email client from the  
Mozilla project.

Affected packages  
=================

Package                      Vulnerable    Unaffected  
---------------------------  ------------  ------------  
mail-client/thunderbird      < 115.11.0    >= 115.11.0  
mail-client/thunderbird-bin  < 115.11.0    >= 115.11.0

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Thunderbird.  
Please review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Thunderbird binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-bin-115.11.0"

All Mozilla Thunderbird users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-115.11.0"

References  
==========

[ 1 ] CVE-2024-2609  
      https://nvd.nist.gov/vuln/detail/CVE-2024-2609  
[ 2 ] CVE-2024-3302  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3302  
[ 3 ] CVE-2024-3854  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3854  
[ 4 ] CVE-2024-3857  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3857  
[ 5 ] CVE-2024-3859  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3859  
[ 6 ] CVE-2024-3861  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3861  
[ 7 ] CVE-2024-3864  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3864

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-19

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-19

Gentoo Linux Security Advisory 202407-18 - A vulnerability has been discovered in Stellarium, which can lead to arbitrary file writes. Versions greater than or equal to 23.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-18  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Stellarium: Arbitrary File Write  
     Date: July 05, 2024  
     Bugs: #905300  
       ID: 202407-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Stellarium, which can lead to  
arbitrary file writes.

Background  
==========

Stellarium is a free open source planetarium for your computer. It shows  
a realistic sky in 3D, just like what you see with the naked eye,  
binoculars or a telescope.

Affected packages  
=================

Package                   Vulnerable    Unaffected  
------------------------  ------------  ------------  
sci-astronomy/stellarium  < 23.1        >= 23.1

Description  
===========

A vulnerability has been discovered in Stellarium. Please review the CVE  
identifier referenced below for details.

Impact  
======

Attackers can write to files that are typically unintended, such as ones  
with absolute pathnames or .. directory traversal.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Stellarium users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sci-astronomy/stellarium-23.1"

References  
==========

[ 1 ] CVE-2023-28371  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28371

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-18

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-18

Red Hat Security Advisory 2024-4353-03 - An update for the nodejs:16 package is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4353.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: nodejs:16 security updateAdvisory ID:        RHSA-2024:4353-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4353Issue date:         2024-07-08Revision:           03CVE Names:          CVE-2024-27983====================================================================Summary: An update for the nodejs:16 package is now available for Red Hat EnterpriseLinux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Node.js is a software development platform for building fast and scalablenetwork applications in the JavaScript programming language.Security Fix(es):* nodejs/16: CONTINUATION frames DoS (CVE-2024-27983)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-27983References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2272764

Red Hat Security Advisory 2024-4353-03

Red Hat Security Advisory 2024-4352-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4352.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security and bug fix update  
Advisory ID:        RHSA-2024:4352-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4352  
Issue date:         2024-07-08  
Revision:           03  
CVE Names:          CVE-2020-26555  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

[Updated 03 July 2024]

The text of this advisory has been updated with the correct product name (Red  
Hat Enterprise Linux 8) in the Topics section. In the Problem Description  
section, CVEs of the same sub-components have been grouped together. The  
packages included in this revised update have not been changed in any way from  
the packages included in the original advisory.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: tls (CVE-2024-26585,CVE-2024-26584, CVE-2024-26583

* kernel-rt: kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909)

* kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069)

* kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615)

* kernel-rt: kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)

* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset CVE-2024-26801)

* kernel: Squashfs: check the inode number is not the invalid value of zero  (CVE-2024-26982)

* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

* kernel: wifi: mac80211: (CVE-2024-35789, CVE-2024-35838, CVE-2024-35845)

* kernel: wifi: nl80211: reject iftype change with mesh ID change (CVE-2024-27410)

* kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835)

* kernel:TCP-spoofed ghost ACKs and leak initial sequence number (CVE-2023-52881)

* kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)

* kernel: ovl: fix leaked dentry (CVE-2021-46972)

* kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073)

* kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560)

* kernel: ppp_async: limit MRU to 64K (CVE-2024-26675)

* kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759)

* kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907)

* kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)

* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

* kernel: net/usb: kalmia: avoid printing uninitialized value on error path (CVE-2023-52703)

* kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090)

* kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464)

* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859)

* kernel: crypto: (CVE-2024-26974, CVE-2023-52813)

* kernel: can: (CVE-2023-52878, CVE-2021-47456)

* kernel: usb: (CVE-2023-52781, CVE-2023-52877)

* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)

* kernel: usbnet: sanity check for maxpacket (CVE-2021-47495)

* kernel: gro: fix ownership transfer (CVE-2024-35890)

* kernel: erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888)

* kernel: tipc: fix kernel warning when sending SYN message (CVE-2023-52700)

* kernel: net/mlx5/mlxsw: (CVE-2024-35960, CVE-2024-36007, CVE-2024-35855)

* kernel: net/mlx5e: (CVE-2024-35959, CVE-2023-52626, CVE-2024-35835)

* kernel: mlxsw: (CVE-2024-35854, CVE-2024-35853, CVE-2024-35852)

* kernel: net: (CVE-2024-35958, CVE-2021-47311, CVE-2021-47236, CVE-2021-47310)

* kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004)

* kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356)

* kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353)

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-8.10.z kernel (JIRA:RHEL-40882)

* [rhel8.9][cxgb4]BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/54735 (JIRA:RHEL-8779)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2020-26555

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=1918601  
https://bugzilla.redhat.com/show_bug.cgi?id=2248122  
https://bugzilla.redhat.com/show_bug.cgi?id=2258875  
https://bugzilla.redhat.com/show_bug.cgi?id=2265517  
https://bugzilla.redhat.com/show_bug.cgi?id=2265519  
https://bugzilla.redhat.com/show_bug.cgi?id=2265520  
https://bugzilla.redhat.com/show_bug.cgi?id=2265800  
https://bugzilla.redhat.com/show_bug.cgi?id=2266408  
https://bugzilla.redhat.com/show_bug.cgi?id=2266831  
https://bugzilla.redhat.com/show_bug.cgi?id=2267513  
https://bugzilla.redhat.com/show_bug.cgi?id=2267518  
https://bugzilla.redhat.com/show_bug.cgi?id=2267730  
https://bugzilla.redhat.com/show_bug.cgi?id=2270093  
https://bugzilla.redhat.com/show_bug.cgi?id=2271680  
https://bugzilla.redhat.com/show_bug.cgi?id=2272692  
https://bugzilla.redhat.com/show_bug.cgi?id=2272829  
https://bugzilla.redhat.com/show_bug.cgi?id=2273204  
https://bugzilla.redhat.com/show_bug.cgi?id=2273278  
https://bugzilla.redhat.com/show_bug.cgi?id=2273423  
https://bugzilla.redhat.com/show_bug.cgi?id=2273429  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2275633  
https://bugzilla.redhat.com/show_bug.cgi?id=2275635  
https://bugzilla.redhat.com/show_bug.cgi?id=2275733  
https://bugzilla.redhat.com/show_bug.cgi?id=2278337  
https://bugzilla.redhat.com/show_bug.cgi?id=2278354  
https://bugzilla.redhat.com/show_bug.cgi?id=2280434  
https://bugzilla.redhat.com/show_bug.cgi?id=2281057  
https://bugzilla.redhat.com/show_bug.cgi?id=2281113  
https://bugzilla.redhat.com/show_bug.cgi?id=2281157  
https://bugzilla.redhat.com/show_bug.cgi?id=2281165  
https://bugzilla.redhat.com/show_bug.cgi?id=2281251  
https://bugzilla.redhat.com/show_bug.cgi?id=2281253  
https://bugzilla.redhat.com/show_bug.cgi?id=2281255  
https://bugzilla.redhat.com/show_bug.cgi?id=2281257  
https://bugzilla.redhat.com/show_bug.cgi?id=2281272  
https://bugzilla.redhat.com/show_bug.cgi?id=2281350  
https://bugzilla.redhat.com/show_bug.cgi?id=2281689  
https://bugzilla.redhat.com/show_bug.cgi?id=2281693  
https://bugzilla.redhat.com/show_bug.cgi?id=2281920  
https://bugzilla.redhat.com/show_bug.cgi?id=2281923  
https://bugzilla.redhat.com/show_bug.cgi?id=2281925  
https://bugzilla.redhat.com/show_bug.cgi?id=2281953  
https://bugzilla.redhat.com/show_bug.cgi?id=2281986  
https://bugzilla.redhat.com/show_bug.cgi?id=2282394  
https://bugzilla.redhat.com/show_bug.cgi?id=2282400  
https://bugzilla.redhat.com/show_bug.cgi?id=2282471  
https://bugzilla.redhat.com/show_bug.cgi?id=2282472  
https://bugzilla.redhat.com/show_bug.cgi?id=2282581  
https://bugzilla.redhat.com/show_bug.cgi?id=2282609  
https://bugzilla.redhat.com/show_bug.cgi?id=2282612  
https://bugzilla.redhat.com/show_bug.cgi?id=2282653  
https://bugzilla.redhat.com/show_bug.cgi?id=2282680  
https://bugzilla.redhat.com/show_bug.cgi?id=2282698  
https://bugzilla.redhat.com/show_bug.cgi?id=2282712  
https://bugzilla.redhat.com/show_bug.cgi?id=2282735  
https://bugzilla.redhat.com/show_bug.cgi?id=2282902  
https://bugzilla.redhat.com/show_bug.cgi?id=2282920

Red Hat Security Advisory 2024-4352-03

Red Hat Security Advisory 2024-4351-03 - An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4351.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Low: virt:rhel and virt-devel:rhel security and bug fix update  
Advisory ID:        RHSA-2024:4351-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4351  
Issue date:         2024-07-08  
Revision:           03  
CVE Names:          CVE-2024-4418  
====================================================================

Summary: 

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Description:

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix:

* virt:rhel/libvirt: stack use-after-free in virNetClientIOEventLoop (CVE-2024-4418) 

Bug fix:

* virsh destroy with --graceful destroyed a paused guest (qemu process paused by SIGSTOP) (JIRA:RHEL-36064)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-4418

References:

https://access.redhat.com/security/updates/classification/#low  
https://bugzilla.redhat.com/show_bug.cgi?id=2278616  
https://issues.redhat.com/browse/RHEL-36064

Red Hat Security Advisory 2024-4351-03

An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems.
Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.
The cybersecurity firm, which infiltrated the ransomware group, noted that its

An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems.

Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said.

The cybersecurity firm, which infiltrated the ransomware group, noted that its representative is a Russian speaker and that the malware does not overlap with previously leaked strains such as LockBit or Babuk.

"The Eldorado ransomware uses Golang for cross-platform capabilities, employing Chacha20 for file encryption and Rivest Shamir Adleman-Optimal Asymmetric Encryption Padding (RSA-OAEP) for key encryption," researchers Nikolay Kichatov and Sharmine Low said. "It can encrypt files on shared networks using Server Message Block (SMB) protocol."

The encryptor for Eldorado comes in four formats, namely esxi, esxi\_64, win, and win\_64, with its data leak site already listing 16 victims of June 2024. Thirteen of the targets are located in the U.S., two in Italy, and one in Croatia.

These companies span various industry verticals such as real estate, education, professional services, healthcare, and manufacturing, among others.

Further analysis of the Windows version of artifacts has revealed the use of a PowerShell command to overwrite the locker with random bytes before deleting the file in an attempt to clean up the traces.

Eldorado is the latest in the list of new double-extortion ransomware players that have sprung up in recent times, including Arcus Media, AzzaSec, dan0n, Limpopo (aka SOCOTRA, FORMOSA, SEXi), LukaLocker, Shinra, and Space Bears once again highlighting the enduring and persistent nature of the threat.

LukaLocker, linked to an operator dubbed Volcano Demon by Halcyon, is notable for the fact that it does not make use of a data leak site and instead calls the victim over the phone to extort and negotiate payment after encrypting Windows workstations and servers.

The development coincides with the discovery of new Linux variants of Mallox (aka Fargo, TargetCompany, Mawahelper) ransomware as well as decryptors associated with seven different builds.

Mallox is known to be propagated by brute-forcing Microsoft SQL servers and phishing emails to target Windows systems, with recent intrusions also making use of a .NET-based loader named PureCrypter.

"The attackers are using custom python scripts for the purpose of payload delivery and victim's information exfiltration," Uptycs researchers Tejaswini Sandapolla and Shilpesh Trivedi said. "The malware encrypts user data and appends .locked extension to the encrypted files."

A decryptor has also been made available for DoNex and its predecessors (Muse, fake LockBit 3.0, and DarkRace) by Avast by taking advantage of a flaw in the cryptographic scheme. The Czech cybersecurity company said it has been "silently providing the decryptor" to victims since March 2024 in partnership with law enforcement organizations.

"Despite law enforcement efforts and increased security measures, ransomware groups continue to adapt and thrive," Group-IB said.

Data shared by Malwarebytes and NCC Group based on victims listed on the leak sites show that 470 ransomware attacks were recorded in May 2024, up from 356 in April. A majority of the attacks were claimed by LockBit, Play, Medusa, Akira, 8Base, Qilin, and RansomHub.

"The ongoing development of new ransomware strains and the emergence of sophisticated affiliate programs demonstrate that the threat is far from being contained," Group-IB noted. "Organizations must remain vigilant and proactive in their cybersecurity efforts to mitigate the risks posed by these ever-evolving threats."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#linux