Ubuntu Security Notice 7022-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7022-3October 10, 2024linux-raspi-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-raspi-5.4: Linux kernel for Raspberry Pi systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - GPU drivers;  - Modular ISDN driver;  - MMC subsystem;  - SCSI drivers;  - F2FS file system;  - GFS2 file system;  - Netfilter;  - RxRPC session sockets;  - Integrity Measurement Architecture(IMA) framework;(CVE-2021-47188, CVE-2024-39494, CVE-2022-48791, CVE-2022-48863,CVE-2024-42228, CVE-2024-38570, CVE-2024-42160, CVE-2024-26787,CVE-2024-27012, CVE-2024-26677)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS  linux-image-5.4.0-1117-raspi    5.4.0-1117.129~18.04.1                                  Available with Ubuntu Pro  linux-image-raspi-hwe-18.04     5.4.0.1117.129~18.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7022-3  https://ubuntu.com/security/notices/USN-7022-2  https://ubuntu.com/security/notices/USN-7022-1  CVE-2021-47188, CVE-2022-48791, CVE-2022-48863, CVE-2024-26677,  CVE-2024-26787, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,  CVE-2024-42160, CVE-2024-42228

Ubuntu Security Notice USN-7022-3

Ubuntu Security Notice 7060-1 - It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. A local attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Laszlo Ersek discovered that EDK II incorrectly handled recursion. A remote attacker could possibly use this issue to cause EDK II to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-7060-1  
October 10, 2024

edk2 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in EDK II.

Software Description:  
- edk2: UEFI firmware for virtual machines

Details:

It was discovered that EDK II did not check the buffer length in XHCI,  
which could lead to a stack overflow. A local attacker could potentially  
use this issue to cause a denial of service. This issue only affected  
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-0161)

Laszlo Ersek discovered that EDK II incorrectly handled recursion. A  
remote attacker could possibly use this issue to cause EDK II to consume  
resources, leading to a denial of service. This issue only affected  
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-28210)

Satoshi Tanda discovered that EDK II incorrectly handled decompressing  
certain images. A remote attacker could use this issue to cause EDK II to  
crash, resulting in a denial of service, or possibly execute arbitrary  
code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.  
(CVE-2021-28211)

It was discovered that EDK II incorrectly decoded certain strings. A remote  
attacker could use this issue to cause EDK II to crash, resulting in a  
denial of service, or possibly execute arbitrary code. This issue only  
affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-38575)

It was discovered that EDK II had integer underflow vulnerability in  
SmmEntryPoint, which could result in a buffer overflow. An attacker  
could potentially use this issue to cause a denial of service.  
(CVE-2021-38578)

Elison Niven discovered that OpenSSL, vendored in EDK II, incorrectly  
handled the c_rehash script. A local attacker could possibly use this  
issue to execute arbitrary commands when c_rehash is run. This issue  
only affected Ubuntu 16.04 LTS. (CVE-2022-1292)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
  ovmf                            2022.02-3ubuntu0.22.04.3  
  ovmf-ia32                       2022.02-3ubuntu0.22.04.3  
  qemu-efi-aarch64                2022.02-3ubuntu0.22.04.3  
  qemu-efi-arm                    2022.02-3ubuntu0.22.04.3

Ubuntu 20.04 LTS  
  ovmf                            0~20191122.bd85bf54-2ubuntu3.6  
  qemu-efi-aarch64                0~20191122.bd85bf54-2ubuntu3.6  
  qemu-efi-arm                    0~20191122.bd85bf54-2ubuntu3.6

Ubuntu 18.04 LTS  
  ovmf 0~20180205.c0d9813c-2ubuntu0.3+esm2  
                                  Available with Ubuntu Pro  
  qemu-efi-aarch64 0~20180205.c0d9813c-2ubuntu0.3+esm2  
                                  Available with Ubuntu Pro  
  qemu-efi-arm 0~20180205.c0d9813c-2ubuntu0.3+esm2  
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS  
  ovmf 0~20160408.ffea0a2c-2ubuntu0.2+esm3  
                                  Available with Ubuntu Pro  
  qemu-efi 0~20160408.ffea0a2c-2ubuntu0.2+esm3  
                                  Available with Ubuntu Pro

After a standard system update you need to restart the virtual machines  
that use the affected firmware to make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-7060-1  
  CVE-2019-0161, CVE-2021-28210, CVE-2021-28211, CVE-2021-38575,  
  CVE-2021-38578, CVE-2022-1292

Package Information:  
https://launchpad.net/ubuntu/+source/edk2/2022.02-3ubuntu0.22.04.3  
https://launchpad.net/ubuntu/+source/edk2/0~20191122.bd85bf54-2ubuntu3.6

Ubuntu Security Notice USN-7060-1

Ubuntu Security Notice 7059-1 - Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root owned files, leading to a privilege escalation attack.

==========================================================================

Ubuntu Security Notice USN-7059-1  
October 09, 2024

oath-toolkit vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 22.04 LTS

Summary:

oath-toolkit could be made overwrite files as the administrator.

Software Description:  
- oath-toolkit: Development files for the OATH Toolkit Liboath library

Details:

Fabian Vogt discovered that OATH Toolkit incorrectly handled file  
permissions. A remote attacker could possibly use this issue to  
overwrite root owned files, leading to a privilege escalation attack.  
(CVE-2024-47191)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
  liboath-dev                     2.6.11-2.1ubuntu0.1

Ubuntu 22.04 LTS  
  liboath-dev                     2.6.7-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-7059-1   
<https://ubuntu.com/security/notices/USN-7059-1>  
  CVE-2024-47191

Package Information:  
https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-2.1ubuntu0.1   
<https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.11-2.1ubuntu0.1>  
https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.7-3ubuntu0.1   
<https://launchpad.net/ubuntu/+source/oath-toolkit/2.6.7-3ubuntu0.1>

Ubuntu Security Notice USN-7059-1

Vulnerability prioritization has evolved over the years. Several frameworks exist to help organizations make the right decisions when it comes to deciding which patches to apply and when. But are these better than a Magic 8 Ball?

Source: olga Yastremska via Alamy Stock Photo

COMMENTARY

Last month marks 25 years of operation for the CVE (Common Vulnerabilities and Exposures) program, launched in September 1999. It's difficult to imagine a world without CVEs. Much of the "vulnerability management" activities, before the CVE program became popular, relied on matching version numbers from remote scans and executing shady exploits found in dark places on the Internet to validate findings. We've come a long way when it comes to vulnerability tracking. Our journey has been fraught with peril, however, and we still have many challenges to overcome, including:

*   Volume: To keep pace with the sheer number of CVEs being created each year, we've had to increase the numbering format and assign CNAs (CVE Numbering Authority), spreading the responsibility and making it difficult to be consistent.
    
*   Date tracking: In certain circumstances, CVEs will be issued in the current year but with a previous year in the designation. Sometimes this is due to CNAs being pre-assigned CVEs for future use. However, this can make tracking and analyzing vulnerabilities in the CVE database by year inaccurate. This is rare but problematic, because it leads security practitioners to believe it's an older vulnerability, and some may not pay attention to it.
    
*   Free market: While there are some guidelines and barriers, for the most part, anyone can get a CVE issued. While it's important we not limit the creation of CVEs to prevent people from trying to hide a vulnerability, the free-market concept has caused issues. There are recent reports of folks automating the process of creating CVEs — hundreds of them — based on previously fixed bugs in GitHub repositories.
    

While the creation of formal tracking for vulnerabilities was huge for the industry, it wasn't until 2005 that we began to assign a severity rating using CVSS. This, too, is not without challenges, such as:

*   Subjective scoring: Anyone can score a vulnerability using CVSS and publish the results. We need checks and balances. If the security researchers who found the bug believe the severity to be different from the vendor that created the software, we should be able to see both scores.
    
*   It reflects only the vulnerability: While you can use CVSS to customize the score for your environment and take into consideration compensating controls, most users will just go by what has been published. Often, vulnerabilities are scored by the CNA that owns the software, and its incentives are not to score vulnerabilities on the high side.
    
*   Multiple versions of CVSS: Since CVSS version 1 was released in 2005, three subsequent versions have been released through November 2023. A CVE entry scored with a previous version may not be updated to the latest version. CVSS scores should also be updated due to changes in the security research landscape or new information about the vulnerability. These changes, if they happen at all, can be difficult to track.
    

**What Do We Do Now?**

Given there are pros and cons to each of these programs whose intentions are to help organizations make informed risk-based decisions, how do we know what to patch first? Many will rely on one mechanism, likely CVSS, pick a magic number, and patch everything that scores above that magic number. The problem is this is a very limited view of the vulnerability world. Everything that needs to be patched will not have a high CVSS score, or even a low score for that matter. We can choose to follow one or more of the above frameworks, such as MITRE ATT&CK, CISA KEV, and EPSS. Following these individually can be tricky, and you'd miss pieces of the larger picture. If you only patched the CISA KEV, you'd miss out on select attacker techniques that don't deal with vulnerabilities and CVEs. A blended approach isn't a bad idea, but solely relying on guidance external to your organization is the equivalent of just shaking a Magic 8 Ball and using that as the guidance to patch.

What matters most when it comes to patching is the impact on your organization. My best advice is to identify the most critical parts of your business, tie that back to systems and applications, patch those first, and patch as much as you can on those systems.

**Conclusion**

Too often, I hear folks dismissing vulnerabilities that could be devastating for various reasons, such as "No one is attacking those vulnerabilities today," "I am not the target of nation-state-level attacks," and "An attacker would have to already be on the system." None of these things matter when a clever group of attackers is determined to be successful. They will target every weakness in your attack surface: hardware, firmware, and software, from bare metal all the way to the cloud. Pre-operating system attacks could render a system permanently damaged or inoperable, such as if an attacker were to gain access to the baseboard management controller (BMC) and cause an infinite reboot loop. Through low-level firmware attacks, malicious actors can permanently damage the hardware. Attackers can utilize the Unified Extensible Firmware Interface (UEFI) to bypass OS protections, be persistent on the system (think of ransomware that just won't go away), and allow attackers to be stealthy. At this point, every vulnerability is now available for exploit. 

Remediating vulnerabilities is a complex process, and several factors go into the decision as to whether or not to apply a patch, or thousands of patches to thousands of systems. As complex as this task may be, it's something we must continue to improve upon, or attackers will greatly benefit. Oh, and put down the Magic 8 Ball, please.

**About the Author**

Principal Security Evangelist, Eclypsium

Paul Asadoorian is the principal security evangelist at Eclypsium, focused on supply chain security awareness. Paul's passion for security extends back many years, to the WRT54G hacking days and reverse-engineering firmware on IoT devices for fun. He co-authored the book WRTG54G Ultimate Hacking in 2007, which fueled the firmware hacking fire even more. Asadoorian has worked in technology and information security for more than 20 years, holding various security and engineering roles at a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005, he founded Security Weekly, a weekly podcast dedicated to hacking and information security. Asadoorian is still the host of one of the longest-running security podcasts, Paul's Security Weekly. He enjoys coding in Python, telling everyone he uses Linux as his daily driver, poking at the supply chain, and reading about UEFI and other firmware-related technical topics.

Vulnerability Prioritization &amp; the Magic 8 Ball

Red Hat Security Advisory 2024-7958-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7958.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox security updateAdvisory ID:        RHSA-2024:7958-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7958Issue date:         2024-10-10Revision:           03CVE Names:          CVE-2024-9680====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.Security Fix(es):* firefox: Use-after-free in Animation timeline (128.3.1 ESR Chemspill) (CVE-2024-9680)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-9680References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2317442

Red Hat Security Advisory 2024-7958-03

Red Hat Security Advisory 2024-7875-03 - An update for net-snmp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and null pointer vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7875.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: net-snmp security update  
Advisory ID:        RHSA-2024:7875-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7875  
Issue date:         2024-10-10  
Revision:           03  
CVE Names:          CVE-2022-24805  
====================================================================

Summary: 

An update for net-snmp is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser.

Security Fix(es):

* net-snmp: A buffer overflow in the handling of the INDEX of             NET-SNMP-VACM-MIB can cause an out-of-bounds memory access. (CVE-2022-24805)

* : net-snmp: Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously (CVE-2022-24806)

* net-snmp: A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access (CVE-2022-24807)

* net-snmp: A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24809)

* net-snmp: A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference (CVE-2022-24808)

* net-snmp: A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference. (CVE-2022-24810)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-24805

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2103225  
https://bugzilla.redhat.com/show_bug.cgi?id=2104759  
https://bugzilla.redhat.com/show_bug.cgi?id=2104763  
https://bugzilla.redhat.com/show_bug.cgi?id=2104766  
https://bugzilla.redhat.com/show_bug.cgi?id=2104768  
https://bugzilla.redhat.com/show_bug.cgi?id=2104769

Red Hat Security Advisory 2024-7875-03

Red Hat Security Advisory 2024-7869-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and denial of service vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7869.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: .NET 8.0 security update  
Advisory ID:        RHSA-2024:7869-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7869  
Issue date:         2024-10-09  
Revision:           03  
CVE Names:          CVE-2024-38229  
====================================================================

Summary: 

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.110 and .NET Runtime 8.0.10.

Security Fix(es):

* dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229)  
* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)  
* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)  
* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):

* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)

* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)

* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)

* dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-38229

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2315729  
https://bugzilla.redhat.com/show_bug.cgi?id=2315730  
https://bugzilla.redhat.com/show_bug.cgi?id=2315731  
https://bugzilla.redhat.com/show_bug.cgi?id=2316161

Red Hat Security Advisory 2024-7869-03

Red Hat Security Advisory 2024-7868-03 - An update for.NET 8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include code execution and denial of service vulnerabilities.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7868.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: .NET 8.0 security update  
Advisory ID:        RHSA-2024:7868-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7868  
Issue date:         2024-10-09  
Revision:           03  
CVE Names:          CVE-2024-38229  
====================================================================

Summary: 

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.110 and .NET Runtime 8.0.10.

Security Fix(es):

* dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229)  
* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)  
* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)  
* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):

* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)

* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)

* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)

* dotnet: kestrel: closing an HTTP/3 stream can cause a race condition and lead to remote code execution (CVE-2024-38229)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-38229

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2315729  
https://bugzilla.redhat.com/show_bug.cgi?id=2315730  
https://bugzilla.redhat.com/show_bug.cgi?id=2315731  
https://bugzilla.redhat.com/show_bug.cgi?id=2316161

Red Hat Security Advisory 2024-7868-03

Red Hat Security Advisory 2024-7867-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7867.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: .NET 6.0 security updateAdvisory ID:        RHSA-2024:7867-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:7867Issue date:         2024-10-09Revision:           03CVE Names:          CVE-2024-43483====================================================================Summary: An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.35.Security Fix(es):* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-43483References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2315729https://bugzilla.redhat.com/show_bug.cgi?id=2315730https://bugzilla.redhat.com/show_bug.cgi?id=2315731

Red Hat Security Advisory 2024-7867-03

Red Hat Security Advisory 2024-7861-03 - An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include a code execution vulnerability.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7861.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Critical: Apicurio Registry (container images) release and security update [ 2.6.5 GA ]  
Advisory ID:        RHSA-2024:7861-03  
Product:            Red Hat Integration  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:7861  
Issue date:         2024-10-09  
Revision:           03  
CVE Names:          CVE-2024-47561  
====================================================================

Summary: 

An update to the images for Red Hat build of Apicurio Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This release of Red Hat build of Apicurio Registry 2.6.5 GA includes the following security fixes.

Security Fix(es):

* org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) [rhint-serv-2] (CVE-2024-47561)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-47561

References:

https://access.redhat.com/security/updates/classification/#critical  
https://docs.redhat.com/en/documentation/red_hat_build_of_apicurio_registry/2.6  
https://bugzilla.redhat.com/show_bug.cgi?id=2316116

Tag

#vulnerability