Gentoo Linux Security Advisory 202409-10 - Multiple vulnerabilities have been discovered in Xen, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.17.4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Xen: Multiple Vulnerabilities  
     Date: September 22, 2024  
     Bugs: #918669, #921355, #923741, #928620, #929038  
       ID: 202409-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Xen, the worst of which  
could lead to privilege escalation.

Background  
==========

Xen is a bare-metal hypervisor.

Affected packages  
=================

Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
app-emulation/xen  < 4.17.4      >= 4.17.4

Description  
===========

Multiple vulnerabilities have been discovered in Xen. Please review the  
CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Xen users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.17.4"

References  
==========

[ 1 ] CVE-2022-4949  
      https://nvd.nist.gov/vuln/detail/CVE-2022-4949  
[ 2 ] CVE-2022-42336  
      https://nvd.nist.gov/vuln/detail/CVE-2022-42336  
[ 3 ] CVE-2023-28746  
      https://nvd.nist.gov/vuln/detail/CVE-2023-28746  
[ 4 ] CVE-2023-34319  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34319  
[ 5 ] CVE-2023-34320  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34320  
[ 6 ] CVE-2023-34321  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34321  
[ 7 ] CVE-2023-34322  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34322  
[ 8 ] CVE-2023-34323  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34323  
[ 9 ] CVE-2023-34324  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34324  
[ 10 ] CVE-2023-34325  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34325  
[ 11 ] CVE-2023-34327  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34327  
[ 12 ] CVE-2023-34328  
      https://nvd.nist.gov/vuln/detail/CVE-2023-34328  
[ 13 ] CVE-2023-46835  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46835  
[ 14 ] CVE-2023-46836  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46836  
[ 15 ] CVE-2023-46837  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46837  
[ 16 ] CVE-2023-46839  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46839  
[ 17 ] CVE-2023-46840  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46840  
[ 18 ] CVE-2023-46841  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46841  
[ 19 ] CVE-2023-46842  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46842  
[ 20 ] CVE-2024-2193  
      https://nvd.nist.gov/vuln/detail/CVE-2024-2193  
[ 21 ] CVE-2024-31142  
      https://nvd.nist.gov/vuln/detail/CVE-2024-31142  
[ 22 ] XSA-431  
      https://xenbits.xen.org/xsa/advisory-431.html  
[ 23 ] XSA-432  
      https://xenbits.xen.org/xsa/advisory-432.html  
[ 24 ] XSA-436  
      https://xenbits.xen.org/xsa/advisory-436.html  
[ 25 ] XSA-437  
      https://xenbits.xen.org/xsa/advisory-437.html  
[ 26 ] XSA-438  
      https://xenbits.xen.org/xsa/advisory-438.html  
[ 27 ] XSA-439  
      https://xenbits.xen.org/xsa/advisory-439.html  
[ 28 ] XSA-440  
      https://xenbits.xen.org/xsa/advisory-440.html  
[ 29 ] XSA-441  
      https://xenbits.xen.org/xsa/advisory-441.html  
[ 30 ] XSA-442  
      https://xenbits.xen.org/xsa/advisory-442.html  
[ 31 ] XSA-447  
      https://xenbits.xen.org/xsa/advisory-447.html  
[ 32 ] XSA-449  
      https://xenbits.xen.org/xsa/advisory-449.html  
[ 33 ] XSA-450  
      https://xenbits.xen.org/xsa/advisory-450.html  
[ 34 ] XSA-451  
      https://xenbits.xen.org/xsa/advisory-451.html  
[ 35 ] XSA-452  
      https://xenbits.xen.org/xsa/advisory-452.html  
[ 36 ] XSA-453  
      https://xenbits.xen.org/xsa/advisory-453.html  
[ 37 ] XSA-454  
      https://xenbits.xen.org/xsa/advisory-454.html  
[ 38 ] XSA-455  
      https://xenbits.xen.org/xsa/advisory-455.html

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-10

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-10

Gentoo Linux Security Advisory 202409-9 - A vulnerability has been discovered in Exo, which can lead to arbitrary code execution. Versions greater than or equal to 4.17.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Exo: Arbitrary Code Execution  
     Date: September 22, 2024  
     Bugs: #851201  
       ID: 202409-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Exo, which can lead to arbitrary  
code execution.

Background  
==========

Exo is an Xfce library targeted at application development, originally  
developed by os-cillation. It contains various custom widgets and APIs  
extending the functionality of GLib and GTK. It also has some helper  
applications that are used throughout the entire Xfce desktop to manage  
preferred applications and edit .desktop files.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
xfce-base/exo  < 4.17.2      >= 4.17.2

Description  
===========

A vulnerability has been discovered in Exo. Please review the CVE  
identifiers referenced below for details.

Impact  
======

Exo executes remote desktop files which may lead to unexpected arbitrary  
code execution.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Exo users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=xfce-base/exo-4.17.2"

References  
==========

[ 1 ] CVE-2022-32278  
      https://nvd.nist.gov/vuln/detail/CVE-2022-32278

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-09

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-09

Gentoo Linux Security Advisory 202409-8 - Multiple vulnerabilities have been discovered in OpenVPN, the worst of which could lead to information disclosure. Versions greater than or equal to 2.6.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: OpenVPN: Multiple Vulnerabilities  
     Date: September 22, 2024  
     Bugs: #835514, #917272  
       ID: 202409-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in OpenVPN, the worst of  
which could lead to information disclosure.

Background  
==========

OpenVPN is a multi-platform, full-featured SSL VPN solution.

Affected packages  
=================

Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
net-vpn/openvpn  < 2.6.7       >= 2.6.7

Description  
===========

Multiple vulnerabilities have been discovered in OpenVPN. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All OpenVPN users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-vpn/openvpn-2.6.7"

References  
==========

[ 1 ] CVE-2022-0547  
      https://nvd.nist.gov/vuln/detail/CVE-2022-0547  
[ 2 ] CVE-2023-46849  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46849  
[ 3 ] CVE-2023-46850  
      https://nvd.nist.gov/vuln/detail/CVE-2023-46850

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-08

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-08

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign.
PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor that has been previously attributed to the Lazarus Group and deployed in

Software Security / Supply Chain

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign.

PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor that has been previously attributed to the Lazarus Group and deployed in attacks related to the 3CX supply chain compromise last year.

Some of these attacks are part of a persistent cyber attack campaign dubbed Operation Dream Job, wherein prospective targets are lured with enticing job offers in an attempt to trick them into downloading malware.

"The attackers behind this campaign uploaded several poisoned Python packages to PyPI, a popular repository of open-source Python packages," Unit 42 researcher Yoav Zemah said, linking the activity with moderate confidence to a threat actor called Gleaming Pisces.

The adversary is also tracked by the wider cybersecurity community under the names Citrine Sleet, Labyrinth Chollima, Nickel Academy, and UNC4736, a sub-cluster within the Lazarus Group that's also known for distributing the AppleJeus malware.

It's believed that the end goal of the attacks is to "secure access to supply chain vendors through developers' endpoints and subsequently gain access to the vendors' customers' endpoints, as observed in previous incidents."

The list of malicious packages, now removed from the PyPI repository, is below -

*   real-ids (893 downloads)
*   coloredtxt (381 downloads)
*   beautifultext (736 downloads)
*   minisound (416 downloads)

The infection chain is fairly simple in that the packages, once downloaded and installed on developer systems, are engineered to execute an encoded next-stage that, in turn, runs the Linux and macOS versions of the RAT malware after retrieving them from a remote server.

Further analysis of PondRAT has revealed similarities with both POOLRAT and AppleJeus, with the attacks also distributing new Linux variants of POOLRAT.

"The Linux and macOS versions \[of POOLRAT\] use an identical function structure for loading their configurations, featuring similar method names and functionality," Zemah said.

"Additionally, the method names in both variants are strikingly similar, and the strings are almost identical. Lastly, the mechanism that handles commands from the \[command-and-control server\] is nearly identical."

PondRAT, a leaner version of POOLRAT, comes with capabilities to upload and download files, pause operations for a predefined time interval, and execute arbitrary commands.

"The evidence of additional Linux variants of POOLRAT showed that Gleaming Pisces has been enhancing its capabilities across both Linux and macOS platforms," Unit 42 said.

"The weaponization of legitimate-looking Python packages across multiple operating systems poses a significant risk to organizations. Successful installation of malicious third-party packages can result in malware infection that compromises an entire network."

The disclosure comes as KnowBe4, which was duped into hiring a North Korean threat actor as an employee, said more than a dozen companies "either hired North Korean employees or had been besieged by a multitude of fake resumes and applications submitted by North Koreans hoping to get a job with their organization."

It described the activity, tracked by CrowdStrike under the moniker Famous Chollima, as a "complex, industrial, scaled nation-state operation" and that it poses a "serious risk for any company with remote-only employees."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New PondRAT Malware Hidden in Python Packages Targets Software Developers

A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.

Source: Chronicle via Alamy Stock Photo

One of North Korea's most sophisticated threat groups has been hiding remote access malware for macOS and Linux inside of open source Python packages.

North Korean advanced persistent threats (APTs) have become notorious for certain characteristic types of cyberattack in recent years. There's the cryptocurrency scam, which can come in many forms — often a fake trading platform, where victims are lured into divulging their wallet information or downloading malware. Supply chain attacks are common, particularly via poisoned packages typosquatting on public repositories. An impish recent trend involves contracting actual, honest labor to Western companies under false pretenses, then sending the salaries earned back to Kim's state. The reverse — agents posing as tech recruiters, convincing developers to download malware — is also common.

The group, which Palo Alto's Unit 42 tracks as Gleaming Pisces (and Microsoft as Citrine Sleet), seems to have supplemented category one with category two. Active since 2018, the financially motivated, DPRK Reconnaissance General Bureau (RGB)-linked group is known for attacks weaponizing fake crypto platforms. Unit 42 now assesses with medium confidence that it was responsible for uploading a handful of malicious packages to the Python Package Index (PyPI) back in February. The packages have since been taken down.

**DPRK-Poisoned PyPI Packages**

Most packages uploaded to open source repositories are simple by nature. As Louis Lang, co-founder and chief technology officer (CTO) at Phylum recalls, "What was interesting about these packages was that there was a higher order of complexity than you typically find among benign packages."

Phylum had identified four packages worth taking a second look at: real-ids, minisound, coloredtxt, and beautifultext. The innocuous names seemed to allude to legitimate functionality, like syntax highlighting for terminal outputs.

In reality, the packages contained malicious code that would be decoded and executed upon download. The code would then run bash commands in order to retrieve and download a remote access Trojan (RAT) called "PondRAT."

PondRAT is an entirely simple backdoor, capable of just a few functions: uploading and downloading files, checking to see that an implant is active or instructing it to sleep, and executing commands issued by the operator. It is, in essence, a "light" version of PoolRAT. PoolRAT is a known Gleaming Pisces backdoor for macOS that has a half dozen more standard capabilities than its successor, like listing directories, deleting files, etc.

**No Need for Windows**

More notable than the malware itself may be the fact that its authors wrote it only for macOS and Linux systems.

Forgoing hackers' long preferred Windows operating system makes sense, though, when one considers Gleaming Pisces' typical audience. As Lang explains, "They're targeting the actual builders, CI/CD infrastructure, developer workstations — environments that are overwhelmingly going to be Linux or macOS based. Very few people are doing development on straight Windows. So if you are targeting developers, it makes sense to ship variants for these systems, because that's where your target population lives."

Developers, then, need to be alert to phishing attacks, like those fake crypto platforms and job recruitment scams. Because while it's rare that anyone might pull an unpopular, ultra-generic package from PyPI, it's entirely likely that that same package could be quietly integrated into a broader infection chain.

"If you add a package, it could have downstream impacts, where you're actually pulling in 30, 40 other packages it may \[be connected to\]. So if I was a developer, I'd be very cognizant of what I'm installing, and try to minimize the attack surface by minimizing the number packages I'm pulling in. And then, obviously, scan the packages — look for these zombies, look for high-entropy strings, look for code obfuscation," Lang suggests.

"Like we always say," he adds, "you're one update away from malware."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Citrine Sleet Poisons PyPI Packages With Mac &amp; Linux Malware

Debian Linux Security Advisory 5773-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5773-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonSeptember 19, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-8904 CVE-2024-8905 CVE-2024-8906 CVE-2024-8907                  CVE-2024-8908 CVE-2024-8909Security issues were discovered in Chromium which could resultin the execution of arbitrary code, denial of service, or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 129.0.6668.58-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmbsT+kACgkQZF0CR8NudjcBZxAAr/rpFak7qXGy0AqnX3BLhQEpL3h/hsb4sa4OvOVnsENKrGNgg6+3FNDH8kVjz/IPo6BNKoPa0WFZoq5ENwm9ZkpjToEWM5tRWwqxQyhuZ6n8WzNljc4p5d17k2e0VtPbBR6Z8ICoNhu8iEaX1r2rqqfUciMd6G42+sUPEUkj+We9YWrjt00+nPA9ZGdG9AYml5Zu5+jG5OJJtT9x2I9l1NPbPb8RB5VlGVSyn2lgbr5moLc4t7dbK8LZPQmtjvFpCtkAmcj+bedAGXBio03vJTQJpfednmAOzpZbl1oWoO4opDhRJxPc7MUG/1wWKK+k7e2NR/7TYwSMrKm7fM9tlNTx0Zvzi86Nlrqhx6y6PCdXB1RjaSqtAk732bSIAD/eULqRw0ZeJfUruzUAOmreX1E6JeLbsRUbc6R5pjn9GauVNKcfIxVqXqhf/XcrpUpEqrZ9K71zc2SFQUCC5qxW5rANdZhYm3FV4r9NfTPurEcdDSSr6wZTOfc1Rw1GN6VdX3YLPHEfRvX10RmipzaoMleeHAsSQUF9SpQ9O+m8Ckd1ReZAoJyGXU6wtEQ67sNKNYzkxHL4/H6CE6Fg/i610vXhydqd8Y6b7Sg0CiKjwD+UdaqggoiqMMg+32woZxugNYGC1FqYqoHmA/V2QCZq/pYqUS6x5qHjSUkmPvwLJrU==vXjE-----END PGP SIGNATURE-----

Debian Security Advisory 5773-1

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

OpenSSH 9.9p1

Red Hat Security Advisory 2024-6892-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6892.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox  updateAdvisory ID:        RHSA-2024:6892-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6892Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-7652====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-7652References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-6892-03

Red Hat Security Advisory 2024-6891-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6891.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox  updateAdvisory ID:        RHSA-2024:6891-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6891Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-7652====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-7652References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-6891-03

Ubuntu Security Notice 7024-1 - It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.

    ==========================================================================Ubuntu Security Notice USN-7024-1September 19, 2024tgt vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:tgt could be made to generate identical sequence of challenges.Software Description:- tgt: Linux SCSI target user-space daemon and toolsDetails:It was discovered that tgt attempts to achieve entropyby calling rand without srand. The PRNG seed is always 1,and thus the sequence of challenges is always identical.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  tgt                             1:1.0.79-2ubuntu1.1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-7024-1  CVE-2024-45751Package Information:  https://launchpad.net/ubuntu/+source/tgt/1:1.0.79-2ubuntu1.1

Tag

#linux