PRESS RELEASE

MINNEAPOLIS, April 2, 2024 – Businesses are facing a critical gap when it comes to protecting endpoint data, according to a study released today by TAG Infosphere, Inc., a leading  cybersecurity research and advisory firm. The report, conducted in partnership with CrashPlan, identified the ever-growing potential for ransomware attacks, frequent misuse of cloud collaboration tools as a substitute for backup, and an over-reliance on manual policies as the break in the chain for current enterprise security configurations. 

For the study, TAG surveyed a group of CISOs and security practitioners, and the key findings were clear: The overwhelming majority (93%) of IT and cybersecurity teams aren’t confident in their policies to protect their enterprise data. Furthermore, survey respondents acknowledged the likelihood of a severe data breach through an employee’s endpoint.

“We were surprised to learn that a whopping 71% of those asked responded that they would not be surprised if they had a serious data breach on their PCs and laptops. If the question was extended to include that they might be surprised, the number grew to 86%,” said Dr. Edward Amoroso, Chief Executive Officer and founder of TAG Infosphere. “This is important because it implies that serious risk exists in this area. If that many CISOs would not be surprised if something bad happened, then that’s a problem.”

TAG introduces the MEAD framework (Malware, EDR, Analytics, and Data) for modernizing endpoint security. Central to MEAD is the adoption of endpoint backup solutions as a pivotal measure for enhancing cyber resilience. The report advocates for endpoint backup to reduce risks to data on endpoints, detailing how this strategy safeguards data against hardware malfunctions, user errors, and cyber threats. 

“New cybersecurity technologies are introduced every year, yet data breaches continue to happen,” said Todd Thorsen, Chief Information Security Officer for CrashPlan. “The reality is work habits have changed. Most companies now have a hybrid work model—and this has shined a light on just how ineffective manual policies are when it comes to protecting endpoint data. To improve resiliency, you simply can’t lose sight of the foundation. Despite new tools and technology designed to identify, detect and protect against bad actors and malicious activity, breaches will still happen. Which is why having strong data backup and resilience capabilities are critical for effective response and recovery.”

CrashPlan offers a cloud-native platform designed to address the aggregate risk associated with data stored on endpoints within organizations. It offers a comprehensive backup and data protection system that safeguards valuable business data from loss, theft, or accidental deletion. Businesses of all sizes, across all different business sectors, use CrashPlan today to ensure a more robust data protection and resilience approach.                                          

About CrashPlan  
CrashPlan® enables organizational resilience through secure, scalable, and straightforward endpoint data backup. With automatic backup and customizable file version retention, you can bounce back from any data calamity. What starts as endpoint backup and recovery becomes a solution for ransomware recovery, breaches, migrations, and legal holds. So, you can work fearlessly and grow confidently.

About Tag Infosphere

TAG is a trusted research and advisory company that provides insights and recommendations in cybersecurity, artificial intelligence, and climate science to thousands of commercial solution providers and Fortune 500 enterprises. Founded in 2016 and headquartered in New York City, TAG bucks the trend of pay-for-play research by offering unbiased and in-depth guidance, market analysis, project consulting, and personalized content—all from a practitioner perspective.

About Dr. Edward Amoroso

Dr. Ed Amoroso is currently Chief Executive Officer of TAG Infosphere Inc, a global research and advisory company that supports enterprise cyber security teams and commercial security vendors around the world. Ed recently retired from AT&T after thirty-one years of service, beginning in Unix security R&D at Bell Labs and culminating as Senior Vice President and Chief Security Officer of AT&T from 2004 to 2016.

Ed has served as Research Professor at the Tandon School of Engineering at NYU since 2017. He has also been Adjunct Professor of Computer Science at the Stevens Institute of Technology for the past thirty years, where he has introduced nearly two thousand graduate students to the topic of information security. Ed also serves the Applied Physics Laboratory at Johns Hopkins University as a senior advisor. He is author of six books on cyber security and dozens of major research and technical papers and articles in peer-reviewed and major publications.

TAG Report Reveals Endpoint Backup Is Essential to Improving Data Resiliency

PRESS RELEASE

PALO ALTO, Calif., April 2, 2024/PRNewswire-PRWeb/ -- TruCentive, a leader in incentive automation solutions, announced a significant enhancement to its platform: HIPAA-compliant personal information de-identification (PII) capabilities. This new feature is designed to strengthen privacy protections and ensure the security of sensitive information, marking a significant step forward in TruCentive's commitment to data protection for researchers worldwide.

With the healthcare industry's increasing reliance on digital platforms, the need for stringent data protection measures has never been more critical. TruCentive's latest update addresses this need by providing a robust solution for de-identifying personally identifiable information, ensuring that all data processed through its platform meets the rigorous standards set by the Health Insurance Portability and Accountability Act (HIPAA).

"This enhancement is a testament to TruCentive's dedication to privacy, security, and compliance," said Lori Laub, CEO of TruCentive. "By integrating HIPAA-compliant de-identification, we're safeguarding participants' personal information and providing our clients with the peace of mind that comes from knowing their incentive programs are fully compliant with federal regulations."

The de-identification process removes all identifiers that could potentially link back to an individual, such as email addresses, names, dates, and compensation selections directly related to an individual. This allows TruCentive's clients to utilize the platform for research compensation while ensuring the anonymity and privacy of individuals' data.

"We are excited to expand Shaip's expertise in data privacy to the Incentive Automation marketplace," said Hardik Parikh, co-founder and CRO of Shaip. "This marks a milestone in blending technological innovation with strict compliance to protect sensitive information and build client trust."

TruCentive's HIPAA compliant personal information de-identification feature is immediately available to Enterprise platform users, reaffirming the company's position at the forefront of secure and compliant incentive automation solutions.

Please visit https://trucentive.com/research-compensation/ for more information about TruCentive and its new HIPAA compliant de-identification capabilities.

About TruCentive

TruCentive helps organizations engage with employees, partners, and customers in personalized, innovative ways. By seamlessly integrating the delivery of merchandise, gift cards, and payments, companies increase the effectiveness of their existing incentive programs and improve relationships. With thousands of merchandise options, 3,000+ gift cards worldwide, 85,000+ local merchant options, Visa, AmEx, and MasterCard cards, payment options including Deposit-to-Debit-Card, PayPal, and Venmo, and integrations with popular marketing, sales, and HR tools, TruCentive is essential to successful HR, demand generation, account-based, and customer appreciation and incentive programs.

About Shaip

Headquartered in Louisville, Kentucky, Shaip is a fully managed data platform designed for companies looking to solve their most demanding AI challenges, enabling smarter, faster, and better results. Shaip supports all aspects of AI training data, from data collection to licensing, labeling, transcribing, and de-identifying, by seamlessly scaling our people, platform, and processes to help companies develop their AI and ML models. To learn how to make your data science team and leaders' lives easier, visit us at www.shaip.com.

TruCentive Enhances Privacy With HIPAA Compliant Personal Information De-identification

Google has issued patches for 28 security vulnerabilities, including a critical patch for Androids with Qualcomm chips.

In April’s update for the Android operating system (OS), Google has patched 28 vulnerabilities, one of which is rated critical for Android devices equipped with Qualcomm chips.

You can find your device’s Android version number, security update level, and Google Play system level in your Settings app. You’ll get notifications when updates are available for you, but you can also check for updates.

If your Android phone is at patch level 2024-04-05 or later then the issues discussed below have been fixed. The updates have been made available for Android 12, 12L and 13. Android partners are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for devices from all vendors.

For most phones it works like this: Under **About phone** or **About device** you can tap on **Software updates** to check if there are new updates available for your device, although there may be slight differences based on the brand, type, and Android version of your device.

The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The Qualcomm CVE is listed as CVE-2023-28582. It has a CVSS score of 9.8 out of 20 and is described as a memory corruption in Data Modem while verifying hello-verify message during the Datagram Transport Layer Security (DTLS) handshake.

The cause of the memory corruption lies in a buffer copy without checking the size of the input. Practically, this means that a remote attacker can cause a buffer overflow during the verification of a DTLS handshake, allowing them to execute code on the affected device.

Another vulnerability highlighted by Google is CVE-2024-23704, an elevation of privilege (EoP) vulnerability in the System component that affects Android 13 and Android 14.

This vulnerability could lead to local escalation of privilege with no additional execution privileges needed. Local privilege escalation happens when one user acquires the system rights of another user. This could allow an attacker to access information they shouldn’t have access to, or perform actions at a higher level of permissions.

**Pixel users**

Google warns Pixel users that there are indications that two high severity vulnerabilities may be under limited, targeted exploitation. These vulnerabilities are:

*   CVE-2024-29745: An information disclosure vulnerability in the bootloader component. Bootloaders are one of the first programs to load and ensure that all relevant operating system data is loaded into the main memory when a device is started.
*   CVE-2024-29748: An elevation of privilege (EoP) vulnerability in the Pixel firmware. Firmware is device-specific software that provides basic machine instructions that allow the hardware to function and communicate with other software running on the device.

On Pixel devices, a security patch level of 2024-04-05 resolves all these security vulnerabilities.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Google patches critical vulnerability for Androids with Qualcomm chips 

Red Hat Security Advisory 2024-1662-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include denial of service, information leakage, and memory leak vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1662.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat build of Quarkus 3.2.11 release and security update  
Advisory ID:        RHSA-2024:1662-03  
Product:            Red Hat build of Quarkus  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1662  
Issue date:         2024-04-03  
Revision:           03  
CVE Names:          CVE-2024-1023  
====================================================================

Summary: 

An update is now available for Red Hat build of Quarkus.

Red Hat Product Security has rated this update as having a security impact of  
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives  
a  
detailed severity rating, is available for each vulnerability. For more  
information, see the CVE links in the References section.

Description:

This release of Red Hat build of Quarkus 3.2.11 includes security updates,  
bug fixes, and enhancements. For more information, see the release notes page  
listed in the References section.

Security Fix(es):

* CVE-2024-1597 org.postgresql/postgresql: pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE [quarkus-3.2]

* CVE-2024-1979 io.quarkus/quarkus-kubernetes-deployment: quarkus: information leak in annotation [quarkus-3.2]

* CVE-2024-1726 io.quarkus.resteasy.reactive/resteasy-reactive: quarkus: security checks for some inherited endpoints performed after serialization in RESTEasy Reactive may trigger a denial of service [quarkus-3.2]

* CVE-2024-25710 org.apache.commons/commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file [quarkus-3.2]

* CVE-2024-26308 org.apache.commons/commons-compress: OutOfMemoryError unpacking broken Pack200 file [quarkus-3.2]

* CVE-2024-1300 io.vertx/vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support [quarkus-3.2]

* CVE-2024-1023 io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx [quarkus-3.2]

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1023

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/3.2/  
https://access.redhat.com/articles/4966181  
https://bugzilla.redhat.com/show_bug.cgi?id=2260840  
https://bugzilla.redhat.com/show_bug.cgi?id=2263139  
https://bugzilla.redhat.com/show_bug.cgi?id=2264988  
https://bugzilla.redhat.com/show_bug.cgi?id=2264989  
https://bugzilla.redhat.com/show_bug.cgi?id=2265158  
https://bugzilla.redhat.com/show_bug.cgi?id=2266523  
https://bugzilla.redhat.com/show_bug.cgi?id=2266690  
https://issues.redhat.com/browse/QUARKUS-4022  
https://issues.redhat.com/browse/QUARKUS-4036  
https://issues.redhat.com/browse/QUARKUS-4097  
https://issues.redhat.com/browse/QUARKUS-4103  
https://issues.redhat.com/browse/QUARKUS-4104  
https://issues.redhat.com/browse/QUARKUS-4106

Red Hat Security Advisory 2024-1662-03

Red Hat Security Advisory 2024-1646-03 - An update for grafana is now available for Red Hat Enterprise Linux 8. Issues addressed include a memory leak vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1646.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: grafana security and bug fix update  
Advisory ID:        RHSA-2024:1646-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1646  
Issue date:         2024-04-03  
Revision:           03  
CVE Names:          CVE-2024-1394  
====================================================================

Summary: 

An update for grafana is now available for Red Hat Enterprise Linux 8.

'Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. 

Security Fix(es):

* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

Bug Fix(es):

* TRIAGE CVE-2024-1394 grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (JIRA:RHEL-30543)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1394

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2262921

Red Hat Security Advisory 2024-1646-03

Red Hat Security Advisory 2024-1644-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 8. Issues addressed include a memory leak vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1644.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: grafana-pcp security and bug fix update  
Advisory ID:        RHSA-2024:1644-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1644  
Issue date:         2024-04-03  
Revision:           03  
CVE Names:          CVE-2024-1394  
====================================================================

Summary: 

An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.

'Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Security Fix(es):

* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

Bug Fix(es):

* TRIAGE CVE-2024-1394 grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (JIRA:RHEL-30544)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-1394

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2262921

Red Hat Security Advisory 2024-1644-03

Red Hat Security Advisory 2024-1640-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include HTTP request smuggling, denial of service, local file inclusion, memory leak, and traversal vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1640.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix UpdateAdvisory ID:        RHSA-2024:1640-03Product:            Red Hat Ansible Automation PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1640Issue date:         2024-04-03Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: An update is now available for Red Hat Ansible Automation Platform 2.4Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.Security Fix(es):* automation-controller: Django: denial-of-service in 'intcomma' template filter (CVE-2024-24680)* automation-controller: aiohttp: http request smuggling (CVE-2024-23829)* automation-controller: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)* automation-controller: Jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)* automation-controller: cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)* automation-controller: aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)* automation-controller: Twisted: disordered HTTP pipeline response in twisted.web (CVE-2023-46137)* automation-controller: axios: exposure of confidential data stored in cookies (CVE-2023-45857)* automation-controller: GitPython: Blind local file inclusion (CVE-2023-41040)* python3-aiohttp/python39-aiohttp: http request smuggling (CVE-2024-23829)* python3-aiohttp/python39-aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)* python3-django/python39-django: Potential regular expression denial-of-service in django.utils.text.Truncator.words() (CVE-2024-27351)* receptor: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)* receptor: golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Updates and fixes for automation controller:* Fixed bug where schedule prompted variables and survey answers were reset on edit when changing one of the basic form fields (AAP-20967)* Fixed the update execution environment image to no longer fail jobs that use the previous image (AAP-21733)* Removed string validation using comparisons of English literals for comparison, replacing validation with error/op codes as a universal approach to validation and comparison (AAP-21721)* Fixed dispatcher to appropriately terminate child processes when dispatcher terminates (AAP-21049)* Fixed upgrade from Ansible Tower 3.8.6 to AAP 2.4 to no longer fail upon database schema migration (AAP-19738)* automation-controller has been updated to 4.5.5Updates and fixes for receptor:* Fixes a receptor dialing issue where the connection attempt is timed out too aggressively (AAP-21838, AAP-21828)* receptor has been updated to 1.4.5Additional fixes:* ansible-core has been updated to 2.15.10* ansible-runner has been updated to 2.3.6* python3-aiohttp/python39-aiohttp has been updated to 3.9.3* python3-django/python39-django has been updated  4.2.11* python3-pulpcore/python39-pulpcore has been updated 3.28.24Solution:CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2246264https://bugzilla.redhat.com/show_bug.cgi?id=2247040https://bugzilla.redhat.com/show_bug.cgi?id=2248979https://bugzilla.redhat.com/show_bug.cgi?id=2249825https://bugzilla.redhat.com/show_bug.cgi?id=2253330https://bugzilla.redhat.com/show_bug.cgi?id=2255331https://bugzilla.redhat.com/show_bug.cgi?id=2257854https://bugzilla.redhat.com/show_bug.cgi?id=2261856https://bugzilla.redhat.com/show_bug.cgi?id=2261887https://bugzilla.redhat.com/show_bug.cgi?id=2261909https://bugzilla.redhat.com/show_bug.cgi?id=2262921https://bugzilla.redhat.com/show_bug.cgi?id=2266045

Red Hat Security Advisory 2024-1640-03

Red Hat Security Advisory 2024-1574-03 - Red Hat OpenShift Container Platform release 4.12.54 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory leak vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1574.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.12.54 packages and security update  
Advisory ID:        RHSA-2024:1574-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1574  
Issue date:         2024-04-03  
Revision:           03  
CVE Names:          CVE-2024-1394  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.12.54 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.12.

Red Hat Product Security has rated this update as having a security impact of  Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.54. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:1572

Security Fix(es):

* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA  
payloads (CVE-2024-1394)  
* golang-protobuf: encoding/protojson, internal/encoding/json: infinite  
loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON  
(CVE-2024-24786)  
* jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

CVEs:

CVE-2024-1394

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2262921  
https://bugzilla.redhat.com/show_bug.cgi?id=2268046  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854

Red Hat Security Advisory 2024-1574-03

Red Hat Security Advisory 2024-1563-03 - Red Hat OpenShift Container Platform release 4.15.6 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory leak vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1563.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.15.6 packages and security update  
Advisory ID:        RHSA-2024:1563-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1563  
Issue date:         2024-04-03  
Revision:           03  
CVE Names:          CVE-2024-1394  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.6 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of  Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.6. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:1559

Security Fix(es):

* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA  
payloads (CVE-2024-1394)  
* golang-protobuf: encoding/protojson, internal/encoding/json: infinite  
loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON  
(CVE-2024-24786)  
* jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

CVEs:

CVE-2024-1394

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2262921  
https://bugzilla.redhat.com/show_bug.cgi?id=2268046  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854

Red Hat Security Advisory 2024-1563-03

Red Hat Security Advisory 2024-1498-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 7. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1498.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: thunderbird security update  
Advisory ID:        RHSA-2024:1498-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1498  
Issue date:         2024-04-03  
Revision:           03  
CVE Names:          CVE-2023-5388  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.9.0.

Security Fix(es):

* nss: timing attack against RSA decryption (CVE-2023-5388)

* Mozilla: Crash in NSS TLS method (CVE-2024-0743)

* Mozilla: Leaking of encrypted email subjects to other conversations  (CVE-2024-1936)

* Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)

* Mozilla: Integer overflow could have led to out of bounds write  
(CVE-2024-2608)

* Mozilla: Improper handling of html and body tags enabled CSP nonce leakage  
(CVE-2024-2610)

* Mozilla: Clickjacking vulnerability could have led to a user accidentally  
granting permissions (CVE-2024-2611)

* Mozilla: Self referencing object could have potentially led to a  
use-after-free (CVE-2024-2612)

* Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and  
Thunderbird 115.9 (CVE-2024-2614)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5388

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2243644  
https://bugzilla.redhat.com/show_bug.cgi?id=2260012  
https://bugzilla.redhat.com/show_bug.cgi?id=2268171  
https://bugzilla.redhat.com/show_bug.cgi?id=2270660  
https://bugzilla.redhat.com/show_bug.cgi?id=2270661  
https://bugzilla.redhat.com/show_bug.cgi?id=2270663  
https://bugzilla.redhat.com/show_bug.cgi?id=2270664  
https://bugzilla.redhat.com/show_bug.cgi?id=2270665  
https://bugzilla.redhat.com/show_bug.cgi?id=2270666

Tag

#ssl