#linux

Red Hat Security Advisory 2024-3323-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-3322-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-3321-03 - An update for pcp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Ubuntu Security Notice 6777-4 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Red Hat Security Advisory 2024-3319-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.

Red Hat Security Advisory 2024-3318-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-3313-03 - An update for postgresql-jdbc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

## Impact Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the [`dangerousRemoteDomainIpcAccess`](https://v1.tauri.app/api/config/#securityconfig.dangerousremotedomainipcaccess) in v1 and in the [`capabilities`](https://v2.tauri.app/security/capabilities/#remote-api-access) in v2. This bypasses the origin check and allows iFrames to access the IPC endpoints exposed to the parent window. For this to be exploitable, an attacker must have script execution (e.g. XSS) in a script-enabled iFrame of a Tauri application. ## Patches The patches include changes to wry and the behaviour of Tauri applications using iFrames. Previously, we injected the Tauri IPC initialization script into iFrames on MacOS, which was unintended. This is now also disabled to be consistent with all other supported operating systems. This means that the Tauri invoke functionality is no longer accessible from iFrames, except on Windows when the origi...

Red Hat Security Advisory 2024-3312-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-3309-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.