#vulnerability

Red Hat Security Advisory 2024-3314-03 - Red Hat OpenShift Virtualization release 4.15.2 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

## Impact Remote origin iFrames in Tauri applications can access the Tauri IPC endpoints without being explicitly allowed in the [`dangerousRemoteDomainIpcAccess`](https://v1.tauri.app/api/config/#securityconfig.dangerousremotedomainipcaccess) in v1 and in the [`capabilities`](https://v2.tauri.app/security/capabilities/#remote-api-access) in v2. This bypasses the origin check and allows iFrames to access the IPC endpoints exposed to the parent window. For this to be exploitable, an attacker must have script execution (e.g. XSS) in a script-enabled iFrame of a Tauri application. ## Patches The patches include changes to wry and the behaviour of Tauri applications using iFrames. Previously, we injected the Tauri IPC initialization script into iFrames on MacOS, which was unintended. This is now also disabled to be consistent with all other supported operating systems. This means that the Tauri invoke functionality is no longer accessible from iFrames, except on Windows when the origi...

Red Hat Security Advisory 2024-3312-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-3309-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-3308-03 - An update for tomcat is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-3307-03 - An update for tomcat is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-3305-03 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-3303-03 - An update for libxml2 is now available for Red Hat Enterprise Linux 8.8. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-3299-03 - An update for libxml2 is now available for Red Hat Enterprise Linux 8.6. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-3275-03 - An update for python-dns is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.