Red Hat Security Advisory 2024-6850-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6850.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox  updateAdvisory ID:        RHSA-2024:6850-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6850Issue date:         2024-09-19Revision:           03CVE Names:          ====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-6850-03

Red Hat Security Advisory 2024-6843-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a heap corruption vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6843.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: pcp security updateAdvisory ID:        RHSA-2024:6843-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6843Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-45769====================================================================Summary: An update for pcp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.Security Fix(es):* pcp: pmpost symlink attack allows escalating pcp to root user (CVE-2024-45770)* pcp: pmcd heap corruption through metric pmstore operations (CVE-2024-45769)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-45769References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310451https://bugzilla.redhat.com/show_bug.cgi?id=2310452https://issues.redhat.com/browse/RHEL-58005

Red Hat Security Advisory 2024-6843-03

Red Hat Security Advisory 2024-6842-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a heap corruption vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6842.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: pcp security updateAdvisory ID:        RHSA-2024:6842-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6842Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-45769====================================================================Summary: An update for pcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.Security Fix(es):* pcp: pmpost symlink attack allows escalating pcp to root user (CVE-2024-45770)* pcp: pmcd heap corruption through metric pmstore operations (CVE-2024-45769)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-45769References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310451https://bugzilla.redhat.com/show_bug.cgi?id=2310452https://issues.redhat.com/browse/RHEL-34586

Red Hat Security Advisory 2024-6842-03

Red Hat Security Advisory 2024-6840-03 - An update for pcp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a heap corruption vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6840.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: pcp security updateAdvisory ID:        RHSA-2024:6840-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6840Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-45769====================================================================Summary: An update for pcp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.Security Fix(es):* pcp: pmpost symlink attack allows escalating pcp to root user (CVE-2024-45770)* pcp: pmcd heap corruption through metric pmstore operations (CVE-2024-45769)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-45769References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310451https://bugzilla.redhat.com/show_bug.cgi?id=2310452

Red Hat Security Advisory 2024-6840-03

Red Hat Security Advisory 2024-6839-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6839.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox  updateAdvisory ID:        RHSA-2024:6839-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6839Issue date:         2024-09-19Revision:           03CVE Names:          ====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-6839-03

Red Hat Security Advisory 2024-6838-03 - An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6838.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox  updateAdvisory ID:        RHSA-2024:6838-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6838Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-7652====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 7-ELS Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-7652References:https://access.redhat.com/security/updates/classification/#importanthttps://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7-ELS/html/7-ELS_release_notes/index

Red Hat Security Advisory 2024-6838-03

Red Hat Security Advisory 2024-6837-03 - An update for pcp is now available for Red Hat Enterprise Linux 8. Issues addressed include a heap corruption vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6837.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: pcp security updateAdvisory ID:        RHSA-2024:6837-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6837Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-45769====================================================================Summary: An update for pcp is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems.Security Fix(es):* pcp: pmpost symlink attack allows escalating pcp to root user (CVE-2024-45770)* pcp: pmcd heap corruption through metric pmstore operations (CVE-2024-45769)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-45769References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2310451https://bugzilla.redhat.com/show_bug.cgi?id=2310452https://issues.redhat.com/browse/RHEL-17081https://issues.redhat.com/browse/RHEL-29708https://issues.redhat.com/browse/RHEL-58002

Red Hat Security Advisory 2024-6837-03

Red Hat Security Advisory 2024-6816-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6816.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:6816-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6816  
Issue date:         2024-09-19  
Revision:           03  
CVE Names:          CVE-2024-7652  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: 115.15/128.2 ()

* mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)

* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)

* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)

* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)

* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)

* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)

* thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)

* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7652

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2307331  
https://bugzilla.redhat.com/show_bug.cgi?id=2309427  
https://bugzilla.redhat.com/show_bug.cgi?id=2309428  
https://bugzilla.redhat.com/show_bug.cgi?id=2309430  
https://bugzilla.redhat.com/show_bug.cgi?id=2309431  
https://bugzilla.redhat.com/show_bug.cgi?id=2309432  
https://bugzilla.redhat.com/show_bug.cgi?id=2309433  
https://bugzilla.redhat.com/show_bug.cgi?id=2310481  
https://bugzilla.redhat.com/show_bug.cgi?id=2310490

Red Hat Security Advisory 2024-6816-03

Red Hat Security Advisory 2024-6786-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6786.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox  updateAdvisory ID:        RHSA-2024:6786-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6786Issue date:         2024-09-19Revision:           03CVE Names:          ====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:CVEs:References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-6786-03

Red Hat Security Advisory 2024-6785-03 - An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6785.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: ruby:3.3 security updateAdvisory ID:        RHSA-2024:6785-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6785Issue date:         2024-09-19Revision:           03CVE Names:          CVE-2024-39908====================================================================Summary: An update for the ruby:3.3 module is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.Security Fix(es):* rexml: DoS vulnerability in REXML (CVE-2024-39908)* rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> (CVE-2024-41123)* rexml: DoS vulnerability in REXML (CVE-2024-41946)* rexml: DoS vulnerability in REXML (CVE-2024-43398)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-39908References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2298243https://bugzilla.redhat.com/show_bug.cgi?id=2302268https://bugzilla.redhat.com/show_bug.cgi?id=2302272https://bugzilla.redhat.com/show_bug.cgi?id=2307297

Tag

#linux