Red Hat Security Advisory 2024-7436-03 - The components for Red Hat OpenShift for Windows Containers 10.17.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7436.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat OpenShift for Windows Containers 10.17.0 product release  
Advisory ID:        RHSA-2024:7436-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7436  
Issue date:         2024-10-01  
Revision:           03  
CVE Names:            
====================================================================

Summary: 

The components for Red Hat OpenShift for Windows Containers 10.17.0 are now available. This product release includes bug fixes and security updates for the  
following packages: windows-machine-config-operator and  
windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives  
a detailed severity rating, is available for each vulnerability from the CVE  
link(s) in the References section.

Description:

Red Hat OpenShift for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers.

Solution:

CVEs:

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://issues.redhat.com/browse/OCPBUGS-29253  
https://issues.redhat.com/browse/OCPBUGS-30995  
https://issues.redhat.com/browse/OCPBUGS-35936  
https://issues.redhat.com/browse/OCPBUGS-36395  
https://issues.redhat.com/browse/OCPBUGS-36643  
https://issues.redhat.com/browse/WINC-1149  
https://issues.redhat.com/browse/WINC-1172  
https://issues.redhat.com/browse/WINC-1199  
https://issues.redhat.com/browse/WINC-1224  
https://issues.redhat.com/browse/WINC-1305  
https://issues.redhat.com/browse/WINC-1314  
https://issues.redhat.com/browse/WINC-1320  
https://issues.redhat.com/browse/WINC-588

Red Hat Security Advisory 2024-7436-03

Red Hat Security Advisory 2024-7433-03 - An update for kpatch-patch-4_18_0-372_118_1 and kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7433.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch-4_18_0-372_118_1 and kpatch-patch-4_18_0-372_91_1 security updateAdvisory ID:        RHSA-2024:7433-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7433Issue date:         2024-10-01Revision:           03CVE Names:          CVE-2024-41071====================================================================Summary: An update for kpatch-patch-4_18_0-372_118_1 and kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-4.18.0-372.91.1.el8_6.Security Fix(es):* kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-41071References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2300448

Red Hat Security Advisory 2024-7433-03

Red Hat Security Advisory 2024-7432-03 - An update for kpatch-patch-5_14_0-427_13_1 and kpatch-patch-5_14_0-427_31_1 is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7432.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch-5_14_0-427_13_1 and kpatch-patch-5_14_0-427_31_1 security updateAdvisory ID:        RHSA-2024:7432-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7432Issue date:         2024-10-01Revision:           03CVE Names:          CVE-2024-41071====================================================================Summary: An update for kpatch-patch-5_14_0-427_13_1 and kpatch-patch-5_14_0-427_31_1 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-5.14.0-427.13.1.el9_4.Security Fix(es):* kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-41071References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2300448

Red Hat Security Advisory 2024-7432-03

Red Hat Security Advisory 2024-7431-03 - An update for kpatch-patch-5_14_0-284_52_1 and kpatch-patch-5_14_0-284_79_1 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7431.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch-5_14_0-284_52_1 and kpatch-patch-5_14_0-284_79_1 security updateAdvisory ID:        RHSA-2024:7431-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7431Issue date:         2024-10-01Revision:           03CVE Names:          CVE-2024-41071====================================================================Summary: An update for kpatch-patch-5_14_0-284_52_1 and kpatch-patch-5_14_0-284_79_1 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-5.14.0-284.52.1.el9_2.Security Fix(es):* kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-41071References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2300448

Red Hat Security Advisory 2024-7431-03

Red Hat Security Advisory 2024-7430-03 - An update for kpatch-patch-4_18_0-477_43_1 and kpatch-patch-4_18_0-477_67_1 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7430.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch-4_18_0-477_43_1 and kpatch-patch-4_18_0-477_67_1 security updateAdvisory ID:        RHSA-2024:7430-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7430Issue date:         2024-10-01Revision:           03CVE Names:          CVE-2024-41071====================================================================Summary: An update for kpatch-patch-4_18_0-477_43_1 and kpatch-patch-4_18_0-477_67_1 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-4.18.0-477.43.1.el8_8.Security Fix(es):* kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-41071References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2300448

Red Hat Security Advisory 2024-7430-03

Red Hat Security Advisory 2024-7429-03 - An update for kpatch-patch-4_18_0-553 and kpatch-patch-4_18_0-553_16_1 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7429.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kpatch-patch-4_18_0-553 and kpatch-patch-4_18_0-553_16_1 security update  
Advisory ID:        RHSA-2024:7429-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7429  
Issue date:         2024-10-01  
Revision:           03  
CVE Names:          CVE-2024-41071  
====================================================================

Summary: 

An update for kpatch-patch-4_18_0-553 and kpatch-patch-4_18_0-553_16_1 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-4.18.0-553.16.1.el8_10.

Security Fix(es):

* kernel: virtio-net: tap: mlx5_core short frame denial of service (CVE-2024-41090)

* kernel: virtio-net: tun: mlx5_core short frame denial of service (CVE-2024-41091)

* kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-41071

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2299240  
https://bugzilla.redhat.com/show_bug.cgi?id=2299336  
https://bugzilla.redhat.com/show_bug.cgi?id=2300448

Red Hat Security Advisory 2024-7429-03

Red Hat Security Advisory 2024-7428-03 - An update for kpatch-patch-5_14_0-70_112_1 and kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7428.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch-5_14_0-70_112_1 and kpatch-patch-5_14_0-70_85_1 security updateAdvisory ID:        RHSA-2024:7428-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7428Issue date:         2024-10-01Revision:           03CVE Names:          CVE-2024-41071====================================================================Summary: An update for kpatch-patch-5_14_0-70_112_1 and kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-5.14.0-70.85.1.el9_0.Security Fix(es):* kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-41071References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2300448

Red Hat Security Advisory 2024-7428-03

Red Hat Security Advisory 2024-7427-03 - An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution and use-after-free vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_7427.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 security updateAdvisory ID:        RHSA-2024:7427-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7427Issue date:         2024-10-01Revision:           03CVE Names:          CVE-2024-36886====================================================================Summary: An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel.  This patch module is targeted for kernel-4.18.0-305.120.1.el8_4.Security Fix(es):* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)* kernel: wifi: mac80211: Avoid address calculations via out of bounds array indexing (CVE-2024-41071)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-36886References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2277238https://bugzilla.redhat.com/show_bug.cgi?id=2300448

Red Hat Security Advisory 2024-7427-03

Gentoo Linux Security Advisory 202409-32 - Multiple vulnerabilities have been discovered in nginx, the worst of which could result in denial of service. Versions greater than or equal to 1.26.2-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-32  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: nginx: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #924619, #937938  
       ID: 202409-32

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in nginx, the worst of  
which could result in denial of service.

Background  
==========

nginx is a robust, small, and high performance HTTP and reverse proxy  
server.

Affected packages  
=================

Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
www-servers/nginx  < 1.26.2-r2   >= 1.26.2-r2

Description  
===========

Multiple vulnerabilities have been discovered in nginx. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All nginx users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.26.2-r2"

References  
==========

[ 1 ] CVE-2024-7347  
      https://nvd.nist.gov/vuln/detail/CVE-2024-7347  
[ 2 ] CVE-2024-24989  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24989  
[ 3 ] CVE-2024-24990  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24990

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-32

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202409-32

Gentoo Linux Security Advisory 202409-31 - Multiple vulnerabilities have been found in Apache HTTPD, the worst of which could result in denial of service. Versions greater than or equal to 2.4.62 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202409-31  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Apache HTTPD: Multiple Vulnerabilities  
     Date: September 28, 2024  
     Bugs: #928540, #935296, #935427, #936257  
       ID: 202409-31

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been found in Apache HTTPD, the worst of  
which could result in denial of service.

Background  
==========

The Apache HTTP server is one of the most popular web servers on the  
Internet.

Affected packages  
=================

Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
www-servers/apache  < 2.4.62      >= 2.4.62

Description  
===========

Multiple vulnerabilities have been discovered in Apache HTTPD. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Apache HTTPD users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.62"

References  
==========

[ 1 ] CVE-2023-38709  
      https://nvd.nist.gov/vuln/detail/CVE-2023-38709  
[ 2 ] CVE-2024-24795  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24795  
[ 3 ] CVE-2024-27316  
      https://nvd.nist.gov/vuln/detail/CVE-2024-27316  
[ 4 ] CVE-2024-36387  
      https://nvd.nist.gov/vuln/detail/CVE-2024-36387  
[ 5 ] CVE-2024-38472  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38472  
[ 6 ] CVE-2024-38473  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38473  
[ 7 ] CVE-2024-38474  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38474  
[ 8 ] CVE-2024-38475  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38475  
[ 9 ] CVE-2024-38476  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38476  
[ 10 ] CVE-2024-38477  
      https://nvd.nist.gov/vuln/detail/CVE-2024-38477  
[ 11 ] CVE-2024-39573  
      https://nvd.nist.gov/vuln/detail/CVE-2024-39573  
[ 12 ] CVE-2024-39884  
      https://nvd.nist.gov/vuln/detail/CVE-2024-39884  
[ 13 ] CVE-2024-40725  
      https://nvd.nist.gov/vuln/detail/CVE-2024-40725  
[ 14 ] CVE-2024-40898  
      https://nvd.nist.gov/vuln/detail/CVE-2024-40898

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202409-31

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Tag

#mac