Gentoo Linux Security Advisory 202407-25 - Multiple vulnerabilities have been discovered in Buildah, the worst of which could lead to privilege escalation. Versions greater than or equal to 1.35.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-25  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Buildah: Multiple Vulnerabilities  
     Date: July 10, 2024  
     Bugs: #923650, #927499, #927502  
       ID: 202407-25

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Buildah, the worst of  
which could lead to privilege escalation.

Background  
==========

Buildah is a tool that facilitates building Open Container Initiative  
(OCI) container images

Affected packages  
=================

Package                 Vulnerable    Unaffected  
----------------------  ------------  ------------  
app-containers/buildah  < 1.35.3      >= 1.35.3

Description  
===========

Please review the referenced CVE identifiers for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Buildah users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-containers/buildah-1.35.3"

References  
==========

[ 1 ] CVE-2024-1753  
      https://nvd.nist.gov/vuln/detail/CVE-2024-1753  
[ 2 ] CVE-2024-23651  
      https://nvd.nist.gov/vuln/detail/CVE-2024-23651  
[ 3 ] CVE-2024-23652  
      https://nvd.nist.gov/vuln/detail/CVE-2024-23652  
[ 4 ] CVE-2024-23653  
      https://nvd.nist.gov/vuln/detail/CVE-2024-23653  
[ 5 ] CVE-2024-24786  
      https://nvd.nist.gov/vuln/detail/CVE-2024-24786

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-25

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-25

Ubuntu Security Notice 6889-1 - It was discovered that .NET did not properly handle object deserialization. An attacker could possibly use this issue to cause a denial of service. Radek Zikmund discovered that .NET did not properly manage memory. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. It was discovered that .NET did not properly parse X.509 Content and ObjectIdentifiers. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6889-1  
July 09, 2024

dotnet6, dotnet8 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in dotnet6, dotnet8.

Software Description:  
- dotnet8: .NET CLI tools and runtime  
- dotnet6: .NET CLI tools and runtime

Details:

It was discovered that .NET did not properly handle object  
deserialization. An attacker could possibly use this issue to cause  
a denial of service. (CVE-2024-30105)

Radek Zikmund discovered that .NET did not properly manage memory. An  
attacker could use this issue to cause a denial of service or possibly  
execute arbitrary code. (CVE-2024-35264)

It was discovered that .NET did not properly parse X.509 Content and  
ObjectIdentifiers. An attacker could possibly use this issue to cause  
a denial of service. (CVE-2024-38095)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   aspnetcore-runtime-8.0          8.0.7-0ubuntu1~24.04.1  
   dotnet-host-8.0                 8.0.7-0ubuntu1~24.04.1  
   dotnet-hostfxr-8.0              8.0.7-0ubuntu1~24.04.1  
   dotnet-runtime-8.0              8.0.7-0ubuntu1~24.04.1  
   dotnet-sdk-8.0                  8.0.107-0ubuntu1~24.04.1  
   dotnet8                         8.0.107-8.0.7-0ubuntu1~24.04.1

Ubuntu 23.10  
   aspnetcore-runtime-6.0          6.0.132-0ubuntu1~23.10.1  
   aspnetcore-runtime-8.0          8.0.7-0ubuntu1~23.10.1  
   dotnet-host                     6.0.132-0ubuntu1~23.10.1  
   dotnet-host-8.0                 8.0.7-0ubuntu1~23.10.1  
   dotnet-hostfxr-6.0              6.0.132-0ubuntu1~23.10.1  
   dotnet-hostfxr-8.0              8.0.7-0ubuntu1~23.10.1  
   dotnet-runtime-6.0              6.0.132-0ubuntu1~23.10.1  
   dotnet-runtime-8.0              8.0.7-0ubuntu1~23.10.1  
   dotnet-sdk-6.0                  6.0.132-0ubuntu1~23.10.1  
   dotnet-sdk-8.0                  8.0.107-0ubuntu1~23.10.1  
   dotnet6                         6.0.132-0ubuntu1~23.10.1  
   dotnet8                         8.0.107-8.0.7-0ubuntu1~23.10.1

Ubuntu 22.04 LTS  
   aspnetcore-runtime-6.0          6.0.132-0ubuntu1~22.04.1  
   aspnetcore-runtime-8.0          8.0.7-0ubuntu1~22.04.1  
   dotnet-host                     6.0.132-0ubuntu1~22.04.1  
   dotnet-host-8.0                 8.0.7-0ubuntu1~22.04.1  
   dotnet-hostfxr-6.0              6.0.132-0ubuntu1~22.04.1  
   dotnet-hostfxr-8.0              8.0.7-0ubuntu1~22.04.1  
   dotnet-runtime-6.0              6.0.132-0ubuntu1~22.04.1  
   dotnet-runtime-8.0              8.0.7-0ubuntu1~22.04.1  
   dotnet-sdk-6.0                  6.0.132-0ubuntu1~22.04.1  
   dotnet-sdk-8.0                  8.0.107-0ubuntu1~22.04.1  
   dotnet6                         6.0.132-0ubuntu1~22.04.1  
   dotnet8                         8.0.107-8.0.7-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6889-1  
   CVE-2024-30105, CVE-2024-35264, CVE-2024-38095

Package Information:  
https://launchpad.net/ubuntu/+source/dotnet8/8.0.107-8.0.7-0ubuntu1~24.04.1  
https://launchpad.net/ubuntu/+source/dotnet6/6.0.132-0ubuntu1~23.10.1  
https://launchpad.net/ubuntu/+source/dotnet8/8.0.107-8.0.7-0ubuntu1~23.10.1  
https://launchpad.net/ubuntu/+source/dotnet6/6.0.132-0ubuntu1~22.04.1  
https://launchpad.net/ubuntu/+source/dotnet8/8.0.107-8.0.7-0ubuntu1~22.04.1

Ubuntu Security Notice USN-6889-1

Gentoo Linux Security Advisory 202407-24 - A vulnerability has been discovered in HarfBuzz, which can lead to a denial of service. Versions greater than or equal to 7.1.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-24  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: HarfBuzz: Denial of Service  
     Date: July 10, 2024  
     Bugs: #905310  
       ID: 202407-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in HarfBuzz, which can lead to a  
denial of service.

Background  
==========

HarfBuzz is an OpenType text shaping engine.

Affected packages  
=================

Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
media-libs/harfbuzz  < 7.1.0       >= 7.1.0

Description  
===========

Multiple vulnerabilities have been discovered in HarfBuzz. Please review  
the CVE identifiers referenced below for details.

Impact  
======

hb-ot-layout-gsubgpos.hh in HarfBuzz allows attackers to trigger O(n^2)  
growth via consecutive marks during the process of looking back for base  
glyphs when attaching marks.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All HarfBuzz users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/harfbuzz-7.1.0"

References  
==========

[ 1 ] CVE-2023-22006  
      https://nvd.nist.gov/vuln/detail/CVE-2023-22006  
[ 2 ] CVE-2023-22036  
      https://nvd.nist.gov/vuln/detail/CVE-2023-22036  
[ 3 ] CVE-2023-22041  
      https://nvd.nist.gov/vuln/detail/CVE-2023-22041  
[ 4 ] CVE-2023-22044  
      https://nvd.nist.gov/vuln/detail/CVE-2023-22044  
[ 5 ] CVE-2023-22045  
      https://nvd.nist.gov/vuln/detail/CVE-2023-22045  
[ 6 ] CVE-2023-22049  
      https://nvd.nist.gov/vuln/detail/CVE-2023-22049  
[ 7 ] CVE-2023-25193  
      https://nvd.nist.gov/vuln/detail/CVE-2023-25193

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-24

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-24

Ubuntu Security Notice 6881-1 - It was discovered that Exim did not enforce STARTTLS sync point on client side. An attacker could possibly use this issue to perform response injection during MTA SMTP sending.

==========================================================================  
Ubuntu Security Notice USN-6881-1  
July 08, 2024

exim4 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS  
- Ubuntu 14.04 LTS

Summary:

Exim could be made to allow response injection if it received a specially  
crafted response.

Software Description:  
- exim4: Exim is a mail transport agent

Details:

It was discovered that Exim did not enforce STARTTLS sync point on client  
side. An attacker could possibly use this issue to perform response  
injection during MTA SMTP sending.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS  
   exim4                           4.93-13ubuntu1.11  
   exim4-base                      4.93-13ubuntu1.11  
   eximon4  4.93-13ubuntu1.11

Ubuntu 18.04 LTS  
   exim4                           4.90.1-1ubuntu1.10+esm4  
                                   Available with Ubuntu Pro  
   exim4-base                      4.90.1-1ubuntu1.10+esm4  
                                   Available with Ubuntu Pro  
   eximon4                         4.90.1-1ubuntu1.10+esm4  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   exim4                           4.86.2-2ubuntu2.6+esm7  
                                   Available with Ubuntu Pro  
   exim4-base                      4.86.2-2ubuntu2.6+esm7  
                                   Available with Ubuntu Pro  
   eximon4                         4.86.2-2ubuntu2.6+esm7  
                                   Available with Ubuntu Pro

Ubuntu 14.04 LTS  
   exim4                           4.82-3ubuntu2.4+esm8  
                                   Available with Ubuntu Pro  
   exim4-base                      4.82-3ubuntu2.4+esm8  
                                   Available with Ubuntu Pro  
   eximon4                         4.82-3ubuntu2.4+esm8  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6881-1   
<https://ubuntu.com/security/notices/USN-6881-1>  
   CVE-2021-38371

Package Information:  
https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.11   
<https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.11>

Ubuntu Security Notice USN-6881-1

Ubuntu Security Notice 6888-1 - Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this issue to cause Django to consume resources or stop responding, resulting in a denial of service. It was discovered that Django incorrectly handled authenticating users with unusable passwords. A remote attacker could possibly use this issue to perform a timing attack and enumerate users.

==========================================================================  
Ubuntu Security Notice USN-6888-1  
July 09, 2024

python-django vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Django.

Software Description:  
- python-django: High-level Python web development framework

Details:

Elias Myllymäki discovered that Django incorrectly handled certain inputs  
with a large number of brackets. A remote attacker could possibly use this  
issue to cause Django to consume resources or stop responding, resulting in  
a denial of service. (CVE-2024-38875)

It was discovered that Django incorrectly handled authenticating users with  
unusable passwords. A remote attacker could possibly use this issue to  
perform a timing attack and enumerate users. (CVE-2024-39329)

Josh Schneier discovered that Django incorrectly handled file path  
validation when the storage class is being derived. A remote attacker could  
possibly use this issue to save files into arbitrary directories.  
(CVE-2024-39330)

It was discovered that Django incorrectly handled certain long strings that  
included a specific set of characters. A remote attacker could possibly use  
this issue to cause Django to consume resources or stop responding,  
resulting in a denial of service. (CVE-2024-39614)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   python3-django                  3:4.2.11-1ubuntu1.1

Ubuntu 23.10  
   python3-django                  3:4.2.4-1ubuntu2.3

Ubuntu 22.04 LTS  
   python3-django                  2:3.2.12-2ubuntu1.12

Ubuntu 20.04 LTS  
   python3-django                  2:2.2.12-1ubuntu0.23

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6888-1  
   CVE-2024-38875, CVE-2024-39329, CVE-2024-39330, CVE-2024-39614

Package Information:  
   https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.1  
   https://launchpad.net/ubuntu/+source/python-django/3:4.2.4-1ubuntu2.3  
   https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.12  
   https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.23

Ubuntu Security Notice USN-6888-1

Ubuntu Security Notice 6887-1 - Philippos Giavridis, Jacky Wei En Kung, Daniel Hugenroth, and Alastair Beresford discovered that the OpenSSH ObscureKeystrokeTiming feature did not work as expected. A remote attacker could possibly use this issue to determine timing information about keystrokes.

    ==========================================================================Ubuntu Security Notice USN-6887-1July 09, 2024openssh vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:OpenSSH could be made to expose timing information over the network.Software Description:- openssh: secure shell (SSH) for secure access to remote machinesDetails:Philippos Giavridis, Jacky Wei En Kung, Daniel Hugenroth, and AlastairBeresford discovered that the OpenSSH ObscureKeystrokeTiming feature didnot work as expected. A remote attacker could possibly use this issue todetermine timing information about keystrokes.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   openssh-client                  1:9.6p1-3ubuntu13.4   openssh-server                  1:9.6p1-3ubuntu13.4In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6887-1   CVE-2024-39894Package Information:   https://launchpad.net/ubuntu/+source/openssh/1:9.6p1-3ubuntu13.4

Ubuntu Security Notice USN-6887-1

Red Hat Security Advisory 2024-4451-03 - An update for dotnet8.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4451.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: dotnet8.0 security updateAdvisory ID:        RHSA-2024:4451-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4451Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-30105====================================================================Summary: An update for dotnet8.0 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK  8.0.107 and Runtime 8.0.7.Security Fix(es):* dotnet: DoS in System.Text.Json (CVE-2024-30105)* dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-30105References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2295320https://bugzilla.redhat.com/show_bug.cgi?id=2295321https://bugzilla.redhat.com/show_bug.cgi?id=2295323

Red Hat Security Advisory 2024-4451-03

Red Hat Security Advisory 2024-4450-03 - An update for dotnet8.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4450.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: dotnet8.0 security updateAdvisory ID:        RHSA-2024:4450-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4450Issue date:         2024-07-10Revision:           03CVE Names:          CVE-2024-30105====================================================================Summary: An update for dotnet8.0 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.107 and Runtime 8.0.7.Security Fix(es):* dotnet: DoS in System.Text.Json (CVE-2024-30105)* dotnet: DoS in ASP.NET Core 8 (CVE-2024-35264)* dotnet: DoS when parsing X.509 Content and ObjectIdentifiers (CVE-2024-38095)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-30105References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2295320https://bugzilla.redhat.com/show_bug.cgi?id=2295321https://bugzilla.redhat.com/show_bug.cgi?id=2295323

Red Hat Security Advisory 2024-4450-03

Red Hat Security Advisory 2024-4447-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, null pointer, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4447.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security update  
Advisory ID:        RHSA-2024:4447-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4447  
Issue date:         2024-07-10  
Revision:           03  
CVE Names:          CVE-2021-47293  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

* kernel: net/sched: act_skbmod: Skip non-Ethernet packets (CVE-2021-47293)

* kernel: net: ti: fix UAF in tlan_remove_one (CVE-2021-47310)

* kernel: KVM: NULL pointer dereference in kvm_mmu_invpcid_gva (CVE-2022-1789)

* kernel: tls: race between async notify and socket close (CVE-2024-26583)

* kernel: tls: race between tx work scheduling and socket close (CVE-2024-26585)

* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset (CVE-2024-26801)

* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)

* kernel: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (CVE-2024-35969)

* kernel: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (CVE-2024-36952)

* kernel: tls: handle backlogging of crypto requests (CVE-2024-26584)

* kernel: netfilter: nf_tables: honor table dormant flag from netdev release event path (CVE-2024-36005)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47293

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2090723  
https://bugzilla.redhat.com/show_bug.cgi?id=2265517  
https://bugzilla.redhat.com/show_bug.cgi?id=2265519  
https://bugzilla.redhat.com/show_bug.cgi?id=2265520  
https://bugzilla.redhat.com/show_bug.cgi?id=2273278  
https://bugzilla.redhat.com/show_bug.cgi?id=2273423  
https://bugzilla.redhat.com/show_bug.cgi?id=2273429  
https://bugzilla.redhat.com/show_bug.cgi?id=2277238  
https://bugzilla.redhat.com/show_bug.cgi?id=2280434  
https://bugzilla.redhat.com/show_bug.cgi?id=2281900  
https://bugzilla.redhat.com/show_bug.cgi?id=2281925  
https://bugzilla.redhat.com/show_bug.cgi?id=2281949  
https://bugzilla.redhat.com/show_bug.cgi?id=2282472  
https://bugzilla.redhat.com/show_bug.cgi?id=2282504  
https://bugzilla.redhat.com/show_bug.cgi?id=2284598

Red Hat Security Advisory 2024-4447-03

Red Hat Security Advisory 2024-4443-03 - An update for toolbox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4443.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: toolbox security updateAdvisory ID:        RHSA-2024:4443-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4443Issue date:         2024-07-09Revision:           03CVE Names:          CVE-2022-3064====================================================================Summary: An update for toolbox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI.Security Fix(es):* go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents (CVE-2022-3064)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-3064References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2163037

Tag

#vulnerability