Red Hat Security Advisory 2024-4456-03 - An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a traversal vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4456.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: python3 security updateAdvisory ID:        RHSA-2024:4456-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4456Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2023-6597====================================================================Summary: An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6597References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2276518

Red Hat Security Advisory 2024-4456-03

Red Hat Security Advisory 2024-4455-03 - Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4455.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Virtualization 4.16.0 Images security update  
Advisory ID:        RHSA-2024:4455-03  
Product:            OpenShift Virtualization  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4455  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2023-45857  
====================================================================

Summary: 

Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.

This advisory contains OpenShift Virtualization 4.16.0 images.

Security Fix(es):

* axios: exposure of confidential data stored in cookies (CVE-2023-45857)

* golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

* jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-45857

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2248979  
https://bugzilla.redhat.com/show_bug.cgi?id=2268046  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854  
https://issues.redhat.com/browse/CNV-18671  
https://issues.redhat.com/browse/CNV-23541  
https://issues.redhat.com/browse/CNV-23927  
https://issues.redhat.com/browse/CNV-28040  
https://issues.redhat.com/browse/CNV-29298  
https://issues.redhat.com/browse/CNV-29431  
https://issues.redhat.com/browse/CNV-29476  
https://issues.redhat.com/browse/CNV-29869  
https://issues.redhat.com/browse/CNV-30877  
https://issues.redhat.com/browse/CNV-31319  
https://issues.redhat.com/browse/CNV-31828  
https://issues.redhat.com/browse/CNV-32664  
https://issues.redhat.com/browse/CNV-32812  
https://issues.redhat.com/browse/CNV-32997  
https://issues.redhat.com/browse/CNV-33184  
https://issues.redhat.com/browse/CNV-33527  
https://issues.redhat.com/browse/CNV-33529  
https://issues.redhat.com/browse/CNV-33701  
https://issues.redhat.com/browse/CNV-33836  
https://issues.redhat.com/browse/CNV-34072  
https://issues.redhat.com/browse/CNV-34180  
https://issues.redhat.com/browse/CNV-34488  
https://issues.redhat.com/browse/CNV-34884  
https://issues.redhat.com/browse/CNV-35213  
https://issues.redhat.com/browse/CNV-35452  
https://issues.redhat.com/browse/CNV-35728  
https://issues.redhat.com/browse/CNV-35729  
https://issues.redhat.com/browse/CNV-35763  
https://issues.redhat.com/browse/CNV-35782  
https://issues.redhat.com/browse/CNV-35859  
https://issues.redhat.com/browse/CNV-36130  
https://issues.redhat.com/browse/CNV-36208  
https://issues.redhat.com/browse/CNV-36209  
https://issues.redhat.com/browse/CNV-36210  
https://issues.redhat.com/browse/CNV-36211  
https://issues.redhat.com/browse/CNV-36271  
https://issues.redhat.com/browse/CNV-36299  
https://issues.redhat.com/browse/CNV-36837  
https://issues.redhat.com/browse/CNV-37111  
https://issues.redhat.com/browse/CNV-37373  
https://issues.redhat.com/browse/CNV-37376  
https://issues.redhat.com/browse/CNV-37377  
https://issues.redhat.com/browse/CNV-37378  
https://issues.redhat.com/browse/CNV-37382  
https://issues.redhat.com/browse/CNV-37383  
https://issues.redhat.com/browse/CNV-37412  
https://issues.redhat.com/browse/CNV-37462  
https://issues.redhat.com/browse/CNV-37501  
https://issues.redhat.com/browse/CNV-37629  
https://issues.redhat.com/browse/CNV-37667  
https://issues.redhat.com/browse/CNV-37685  
https://issues.redhat.com/browse/CNV-37788  
https://issues.redhat.com/browse/CNV-37857  
https://issues.redhat.com/browse/CNV-37859  
https://issues.redhat.com/browse/CNV-38129  
https://issues.redhat.com/browse/CNV-38270  
https://issues.redhat.com/browse/CNV-38375  
https://issues.redhat.com/browse/CNV-38404  
https://issues.redhat.com/browse/CNV-38450  
https://issues.redhat.com/browse/CNV-38568  
https://issues.redhat.com/browse/CNV-38596  
https://issues.redhat.com/browse/CNV-38608  
https://issues.redhat.com/browse/CNV-38609  
https://issues.redhat.com/browse/CNV-38655  
https://issues.redhat.com/browse/CNV-38700  
https://issues.redhat.com/browse/CNV-38707  
https://issues.redhat.com/browse/CNV-38724  
https://issues.redhat.com/browse/CNV-38883  
https://issues.redhat.com/browse/CNV-38887  
https://issues.redhat.com/browse/CNV-38902  
https://issues.redhat.com/browse/CNV-39028  
https://issues.redhat.com/browse/CNV-39030  
https://issues.redhat.com/browse/CNV-39034  
https://issues.redhat.com/browse/CNV-39056  
https://issues.redhat.com/browse/CNV-39101  
https://issues.redhat.com/browse/CNV-39371  
https://issues.redhat.com/browse/CNV-39418  
https://issues.redhat.com/browse/CNV-39421  
https://issues.redhat.com/browse/CNV-39425  
https://issues.redhat.com/browse/CNV-39469  
https://issues.redhat.com/browse/CNV-39558  
https://issues.redhat.com/browse/CNV-39618  
https://issues.redhat.com/browse/CNV-39659  
https://issues.redhat.com/browse/CNV-39682  
https://issues.redhat.com/browse/CNV-39685  
https://issues.redhat.com/browse/CNV-39722  
https://issues.redhat.com/browse/CNV-39727  
https://issues.redhat.com/browse/CNV-39752  
https://issues.redhat.com/browse/CNV-39753  
https://issues.redhat.com/browse/CNV-39878  
https://issues.redhat.com/browse/CNV-39880  
https://issues.redhat.com/browse/CNV-39893  
https://issues.redhat.com/browse/CNV-39940  
https://issues.redhat.com/browse/CNV-39941  
https://issues.redhat.com/browse/CNV-39946  
https://issues.redhat.com/browse/CNV-39978  
https://issues.redhat.com/browse/CNV-39995  
https://issues.redhat.com/browse/CNV-40006  
https://issues.redhat.com/browse/CNV-40120  
https://issues.redhat.com/browse/CNV-40136  
https://issues.redhat.com/browse/CNV-40161  
https://issues.redhat.com/browse/CNV-40162  
https://issues.redhat.com/browse/CNV-40164  
https://issues.redhat.com/browse/CNV-40196  
https://issues.redhat.com/browse/CNV-40200  
https://issues.redhat.com/browse/CNV-40242  
https://issues.redhat.com/browse/CNV-40258  
https://issues.redhat.com/browse/CNV-40334  
https://issues.redhat.com/browse/CNV-40335  
https://issues.redhat.com/browse/CNV-40336  
https://issues.redhat.com/browse/CNV-40341  
https://issues.redhat.com/browse/CNV-40344  
https://issues.redhat.com/browse/CNV-40419  
https://issues.redhat.com/browse/CNV-40445  
https://issues.redhat.com/browse/CNV-40455  
https://issues.redhat.com/browse/CNV-40457  
https://issues.redhat.com/browse/CNV-40598  
https://issues.redhat.com/browse/CNV-40682  
https://issues.redhat.com/browse/CNV-40776  
https://issues.redhat.com/browse/CNV-40846  
https://issues.redhat.com/browse/CNV-40886  
https://issues.redhat.com/browse/CNV-40903  
https://issues.redhat.com/browse/CNV-41084  
https://issues.redhat.com/browse/CNV-41139  
https://issues.redhat.com/browse/CNV-41195  
https://issues.redhat.com/browse/CNV-41199  
https://issues.redhat.com/browse/CNV-41200  
https://issues.redhat.com/browse/CNV-41203  
https://issues.redhat.com/browse/CNV-41206  
https://issues.redhat.com/browse/CNV-41209  
https://issues.redhat.com/browse/CNV-41210  
https://issues.redhat.com/browse/CNV-41224  
https://issues.redhat.com/browse/CNV-41286  
https://issues.redhat.com/browse/CNV-41355  
https://issues.redhat.com/browse/CNV-41385  
https://issues.redhat.com/browse/CNV-41386  
https://issues.redhat.com/browse/CNV-41402  
https://issues.redhat.com/browse/CNV-41474  
https://issues.redhat.com/browse/CNV-41494  
https://issues.redhat.com/browse/CNV-41495  
https://issues.redhat.com/browse/CNV-41503  
https://issues.redhat.com/browse/CNV-41507  
https://issues.redhat.com/browse/CNV-41522  
https://issues.redhat.com/browse/CNV-41526  
https://issues.redhat.com/browse/CNV-41550  
https://issues.redhat.com/browse/CNV-41579  
https://issues.redhat.com/browse/CNV-41590  
https://issues.redhat.com/browse/CNV-41600  
https://issues.redhat.com/browse/CNV-41604  
https://issues.redhat.com/browse/CNV-41632  
https://issues.redhat.com/browse/CNV-41640  
https://issues.redhat.com/browse/CNV-41772  
https://issues.redhat.com/browse/CNV-41804  
https://issues.redhat.com/browse/CNV-41844  
https://issues.redhat.com/browse/CNV-41846  
https://issues.redhat.com/browse/CNV-41959  
https://issues.redhat.com/browse/CNV-42015  
https://issues.redhat.com/browse/CNV-42052  
https://issues.redhat.com/browse/CNV-42087  
https://issues.redhat.com/browse/CNV-42363  
https://issues.redhat.com/browse/CNV-42622  
https://issues.redhat.com/browse/CNV-42786  
https://issues.redhat.com/browse/CNV-42844  
https://issues.redhat.com/browse/CNV-42853  
https://issues.redhat.com/browse/CNV-42884  
https://issues.redhat.com/browse/CNV-43024  
https://issues.redhat.com/browse/CNV-43027  
https://issues.redhat.com/browse/CNV-43033  
https://issues.redhat.com/browse/CNV-43039  
https://issues.redhat.com/browse/CNV-43041  
https://issues.redhat.com/browse/CNV-43069  
https://issues.redhat.com/browse/CNV-43194  
https://issues.redhat.com/browse/CNV-43205

Red Hat Security Advisory 2024-4455-03

Red Hat Security Advisory 2024-4321-03 - Red Hat OpenShift Container Platform release 4.15.21 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4321.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.15.21 bug fix and security update  
Advisory ID:        RHSA-2024:4321-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4321  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2024-6104  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.21 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.21. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:4324

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* go-retryablehttp: url might write sensitive information to log file (CVE-2024-6104)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-6104

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2294000  
https://issues.redhat.com/browse/OCPBUGS-27221  
https://issues.redhat.com/browse/OCPBUGS-33619  
https://issues.redhat.com/browse/OCPBUGS-34156  
https://issues.redhat.com/browse/OCPBUGS-34665  
https://issues.redhat.com/browse/OCPBUGS-34912  
https://issues.redhat.com/browse/OCPBUGS-34949  
https://issues.redhat.com/browse/OCPBUGS-35552  
https://issues.redhat.com/browse/OCPBUGS-35736  
https://issues.redhat.com/browse/OCPBUGS-35749  
https://issues.redhat.com/browse/OCPBUGS-35935  
https://issues.redhat.com/browse/OCPBUGS-35988  
https://issues.redhat.com/browse/OCPBUGS-36150  
https://issues.redhat.com/browse/OCPBUGS-36151  
https://issues.redhat.com/browse/OCPBUGS-36225  
https://issues.redhat.com/browse/OCPBUGS-36258  
https://issues.redhat.com/browse/OCPBUGS-36279  
https://issues.redhat.com/browse/OCPBUGS-36287  
https://issues.redhat.com/browse/OCPBUGS-36306  
https://issues.redhat.com/browse/OCPBUGS-36312  
https://issues.redhat.com/browse/OCPBUGS-36374  
https://issues.redhat.com/browse/OCPBUGS-36377

Red Hat Security Advisory 2024-4321-03

Red Hat Security Advisory 2024-2096-03 - Moderate: Logging for Red Hat OpenShift - 5.9.1.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2096.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: security update Logging for Red Hat OpenShift - 5.9.1  
Advisory ID:        RHSA-2024:2096-03  
Product:            logging for Red Hat OpenShift  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2096  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2023-45289  
====================================================================

Summary: 

Moderate: Logging for Red Hat OpenShift - 5.9.1

Description:

Logging for Red Hat OpenShift - 5.9.1

Solution:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

https://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html

CVEs:

CVE-2023-45289

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://issues.redhat.com/browse/LOG-4672  
https://issues.redhat.com/browse/LOG-5062  
https://issues.redhat.com/browse/LOG-5268  
https://issues.redhat.com/browse/LOG-5278  
https://issues.redhat.com/browse/LOG-5307  
https://issues.redhat.com/browse/LOG-5309  
https://issues.redhat.com/browse/LOG-5322  
https://issues.redhat.com/browse/LOG-5323  
https://issues.redhat.com/browse/LOG-5395  
https://issues.redhat.com/browse/LOG-5397  
https://issues.redhat.com/browse/LOG-5401

Red Hat Security Advisory 2024-2096-03

**Why is the Red Hat Inc. the assigning CNA (CVE Numbering Authority)?**

CVE-2024-6387 is regarding a vulnerability in OppenSSH's server (sshd). Red Hat created this CVE on its behalf.

CVE-2024-6387: RedHat Openssh: CVE-2024-6387  Remote Code Execution Due To A Race Condition In Signal Handling

Red Hat Security Advisory 2024-4451-03 - An update for dotnet8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4451.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: dotnet8.0 security updateAdvisory ID:        RHSA-2024:4451-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4451Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-30105====================================================================Summary: An update for dotnet8.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK  8.0.107 and Runtime 8.0.7.Security Fix(es):* dotnet: DoS in System.Text.Json (CVE-2024-30105)* dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-30105References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2295320https://bugzilla.redhat.com/show_bug.cgi?id=2295321https://bugzilla.redhat.com/show_bug.cgi?id=2295323

Red Hat Security Advisory 2024-4451-03

Red Hat Security Advisory 2024-4450-03 - An update for dotnet8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4450.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: dotnet8.0 security updateAdvisory ID:        RHSA-2024:4450-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4450Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-30105====================================================================Summary: An update for dotnet8.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7.Security Fix(es):* dotnet: DoS in System.Text.Json (CVE-2024-30105)* dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-30105References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2295320https://bugzilla.redhat.com/show_bug.cgi?id=2295321https://bugzilla.redhat.com/show_bug.cgi?id=2295323

Red Hat Security Advisory 2024-4450-03

Red Hat Security Advisory 2024-4447-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, null pointer, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4447.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security update  
Advisory ID:        RHSA-2024:4447-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4447  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2021-47293  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

* kernel: net/sched: act_skbmod: Skip non-Ethernet packets (CVE-2021-47293)

* kernel: net: ti: fix UAF in tlan_remove_one (CVE-2021-47310)

* kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)

* kernel: tls: race between async notify and socket close (CVE-2024-26583)

* kernel: tls: race between tx work scheduling and socket close (CVE-2024-26585)

* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801)

* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)

* kernel: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (CVE-2024-35969)

* kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952)

* kernel: tls: handle backlogging of crypto requests (CVE-2024-26584)

* kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path (CVE-2024-36005)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47293

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2090723  
https://bugzilla.redhat.com/show_bug.cgi?id=2265517  
https://bugzilla.redhat.com/show_bug.cgi?id=2265519  
https://bugzilla.redhat.com/show_bug.cgi?id=2265520  
https://bugzilla.redhat.com/show_bug.cgi?id=2273278  
https://bugzilla.redhat.com/show_bug.cgi?id=2273423  
https://bugzilla.redhat.com/show_bug.cgi?id=2273429  
https://bugzilla.redhat.com/show_bug.cgi?id=2277238  
https://bugzilla.redhat.com/show_bug.cgi?id=2280434  
https://bugzilla.redhat.com/show_bug.cgi?id=2281900  
https://bugzilla.redhat.com/show_bug.cgi?id=2281925  
https://bugzilla.redhat.com/show_bug.cgi?id=2281949  
https://bugzilla.redhat.com/show_bug.cgi?id=2282472  
https://bugzilla.redhat.com/show_bug.cgi?id=2282504  
https://bugzilla.redhat.com/show_bug.cgi?id=2284598

Red Hat Security Advisory 2024-4447-03

Red Hat Security Advisory 2024-4443-03 - An update for toolbox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4443.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: toolbox security updateAdvisory ID:        RHSA-2024:4443-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4443Issue date:         2024-07-09Revision:           03CVE Names:          CVE-2022-3064====================================================================Summary: An update for toolbox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.Security Fix(es):* go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents (CVE-2022-3064)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-3064References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2163037

Red Hat Security Advisory 2024-4443-03

Red Hat Security Advisory 2024-4439-03 - An update for dotnet6.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4439.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: dotnet6.0 security updateAdvisory ID:        RHSA-2024:4439-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4439Issue date:         2024-07-09Revision:           03CVE Names:          CVE-2024-38095====================================================================Summary: An update for dotnet6.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.132 and Runtime 6.0.32.Security Fix(es):* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38095References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2295323

Tag

#red_hat