#vulnerability

Red Hat Security Advisory 2024-1494-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1493-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1492-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1485-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1484-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Early versions of `amphp/http-client` with HTTP/2 support (v4.0.0-rc10 to 4.0.0) will collect HTTP/2 `CONTINUATION` frames in an unbounded buffer and will not check the header size limit until it has received the `END_HEADERS` flag, resulting in an OOM crash. Later versions of `amphp/http-client` (v4.1.0-rc1 and up) depend on `amphp/http` for HTTP/2 processing and will therefore need an updated version of `amphp/http`, see [GHSA-qjfw-cvjf-f4fm](https://github.com/amphp/http/security/advisories/GHSA-qjfw-cvjf-f4fm). ## Acknowledgements Thank you to [Bartek Nowotarski](https://nowotarski.info/) for reporting the vulnerability.

`amphp/http` will collect HTTP/2 `CONTINUATION` frames in an unbounded buffer and will not check the header size limit until it has received the `END_HEADERS` flag, resulting in an OOM crash. `amphp/http-client` and `amphp/http-server` are indirectly affected if they're used with an unpatched version of `amphp/http`. Early versions of `amphp/http-client` with HTTP/2 support (v4.0.0-rc10 to 4.0.0) are also directly affected. ## Acknowledgements Thank you to [Bartek Nowotarski](https://nowotarski.info/) for reporting the vulnerability.

Security teams often confuse tool purchasing with program management. They should focus on what a security program means to them, and what they are trying to accomplish.

### Impact DOS by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. Since the name is usually provided as a static value in the application using `oidcc`, this is unlikely to be exploited. ### Details Example to illustrate the vulnerability. ```erlang {ok, Claims} = oidcc:retrieve_userinfo( Token, myapp_oidcc_config_provider, <<"client_id">>, <<"client_secret">>, #{} ) ``` The vulnerability is present in `oidcc_provider_configuration_worker:get_ets_table_name/1`. The function `get_ets_table_name` is calling `erlang:list_to_atom/1`. https://github.com/erlef/oidcc/blob/018dbb53dd752cb1e331637d8e0e6a489ba1fae9/src/oidcc_provider_configuration_worker.erl#L385-L388 There might be a case (Very highly improbable) where the 2nd argument of `oidcc_provider_configuration_worker:get_*/1` is called with a different atom each time which eventually leads to the...

Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies. The high-severity zero-day vulnerabilities are as follows - CVE-2024-29745 - An information disclosure flaw in the bootloader component CVE-2024-29748 - A privilege escalation flaw in the firmware component "There are indications that the [