Ubuntu Security Notice 6737-2 - USN-6737-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 24.04 LTS. Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6737-2  
April 29, 2024

glibc vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

GNU C Library could be made to crash or run programs if it processed  
specially crafted data.

Software Description:  
- glibc: GNU C Library

Details:

USN-6737-1 fixed a vulnerability in the GNU C Library. This update provides  
the corresponding update for Ubuntu 24.04 LTS.

Original advisory details:

  Charles Fol discovered that the GNU C Library iconv feature incorrectly  
  handled certain input sequences. An attacker could use this issue to cause  
  the GNU C Library to crash, resulting in a denial of service, or possibly  
  execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   libc6                           2.39-0ubuntu8.1

After a standard system update you need to reboot your computer to make  
all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6737-2  
   https://ubuntu.com/security/notices/USN-6737-1  
   CVE-2024-2961

Package Information:  
   https://launchpad.net/ubuntu/+source/glibc/2.39-0ubuntu8.1

Ubuntu Security Notice USN-6737-2

Ubuntu Security Notice 6756-1 - It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an attacker could possibly use this issue to execute arbitrary commands on the host.

==========================================================================  
Ubuntu Security Notice USN-6756-1  
April 29, 2024

less vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS  
- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS  
- Ubuntu 14.04 LTS

Summary:

less could be made run programs as your login if it opened a specially  
crafted file.

Software Description:  
- less: pager program similar to more

Details:

It was discovered that less mishandled newline characters in file names. If  
a user or automated system were tricked into opening specially crafted  
files, an attacker could possibly use this issue to execute arbitrary  
commands on the host.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 24.04 LTS  
   less                            590-2ubuntu2.1

Ubuntu 23.10  
   less                            590-2ubuntu0.23.10.2

Ubuntu 22.04 LTS  
   less                            590-1ubuntu0.22.04.3

Ubuntu 20.04 LTS  
   less                            551-1ubuntu0.3

Ubuntu 18.04 LTS  
   less                            487-0.1ubuntu0.1~esm2  
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS  
   less                            481-2.1ubuntu0.2+esm2  
                                   Available with Ubuntu Pro

Ubuntu 14.04 LTS  
   less                            458-2ubuntu0.1~esm1  
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6756-1  
   CVE-2024-32487

Package Information:  
   https://launchpad.net/ubuntu/+source/less/590-2ubuntu2.1  
   https://launchpad.net/ubuntu/+source/less/590-2ubuntu0.23.10.2  
   https://launchpad.net/ubuntu/+source/less/590-1ubuntu0.22.04.3  
   https://launchpad.net/ubuntu/+source/less/551-1ubuntu0.3

Ubuntu Security Notice USN-6756-1

Ubuntu Security Notice 6755-1 - Ingo Brückl discovered that cpio contained a path traversal vulnerability. If a user or automated system were tricked into extracting a specially crafted cpio archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host, even if using the option --no-absolute-filenames.

==========================================================================  
Ubuntu Security Notice USN-6755-1  
April 29, 2024

cpio vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

GNU cpio could be made to write files outside the target directory.

Software Description:  
- cpio: a tool to manage archives of files

Details:

Ingo Brückl discovered that cpio contained a path traversal vulnerability.  
If a user or automated system were tricked into extracting a specially  
crafted cpio archive, an attacker could possibly use this issue to write  
arbitrary files outside the target directory on the host, even if using the  
option --no-absolute-filenames.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10  
   cpio                            2.13+dfsg-7.1ubuntu0.1

Ubuntu 22.04 LTS  
   cpio                            2.13+dfsg-7ubuntu0.1

Ubuntu 20.04 LTS  
   cpio                            2.13+dfsg-2ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6755-1  
   CVE-2023-7207

Package Information:  
   https://launchpad.net/ubuntu/+source/cpio/2.13+dfsg-7.1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/cpio/2.13+dfsg-7ubuntu0.1  
   https://launchpad.net/ubuntu/+source/cpio/2.13+dfsg-2ubuntu0.4

Ubuntu Security Notice USN-6755-1

ESET NOD32 Antivirus version 17.1.11.0 suffers from an unquoted service path vulnerability.

    # Exploit Title: ESET NOD32 Antivirus 17.1.11.0 - Unquoted Service Path# Exploit Author: Milad Karimi (Ex3ptionaL)# Exploit Date: 2024-04-27# Contact: miladgrayhat@gmail.com# Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL# Vendor : https://www.eset.com# Version : 17.1.11.0# Tested on OS: Microsoft Windows 10 pro x64About Unquoted Service Path :==============================When a service is created whose executable path contains spaces and isn'tenclosed within quotes, leads to a vulnerability known as Unquoted ServicePath which allows a user to gain SYSTEM privileges.(only if the vulnerable service is running with SYSTEM privilege levelwhich most of the time it is).C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto"|findstr /i /v "c:\windows\\" |findstr /i /v """ESET Updater ESETServiceSvc C:\Program Files (x86)\ESET\ESETSecurity\ekrn.exeC:\>sc qc ekrn[SC] QueryServiceConfig SUCCESSSERVICE_NAME: ekrn        TYPE               : 20  WIN32_SHARE_PROCESS        START_TYPE         : 2   AUTO_START        ERROR_CONTROL      : 1   NORMAL        BINARY_PATH_NAME   : "C:\Program Files\ESET\ESET Security\ekrn.exe"        LOAD_ORDER_GROUP   : Base        TAG                : 0        DISPLAY_NAME       : ESET Service        DEPENDENCIES       :        SERVICE_START_NAME : LocalSystem

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Red Hat Security Advisory 2024-2098-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2098.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:rhel8 security and bug fix updateAdvisory ID:        RHSA-2024:2098-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2098Issue date:         2024-04-29Revision:           03CVE Names:          CVE-2024-1753====================================================================Summary: An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Bug Fix(es):* container_init_t does not possess ptrace process context [rhel-8.9.0.z] (JIRA:RHEL-28923)Security Fix(es):* podman: full container escape at build time (CVE-2024-1753)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1753References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2265513

Red Hat Security Advisory 2024-2098-03

Red Hat Security Advisory 2024-2097-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2097.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:4.0 security updateAdvisory ID:        RHSA-2024:2097-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2097Issue date:         2024-04-29Revision:           03CVE Names:          CVE-2024-1753====================================================================Summary: An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* buildah: full container escape at build time (CVE-2024-1753)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1753References:https://access.redhat.com/security/updates/classification/#important

Red Hat Security Advisory 2024-2097-03

Red Hat Security Advisory 2024-2088-03 - An update is now available for the Red Hat build of Cryostat 2 on RHEL 8. Issues addressed include denial of service, memory exhaustion, and memory leak vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2088.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat build of Cryostat security update  
Advisory ID:        RHSA-2024:2088-03  
Product:            Cryostat  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2088  
Issue date:         2024-04-29  
Revision:           03  
CVE Names:          CVE-2023-45288  
====================================================================

Summary: 

An update is now available for the Red Hat build of Cryostat 2 on RHEL 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

An update is now available for the Red Hat build of Cryostat 2 on RHEL 8.

Security Fix(es):

* vert.x: io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)

* vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)

* golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290)

* golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)

* netty-codec-http: Allocation of Resources Without Limits or Throttling (CVE-2024-29025)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-45288

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2260840  
https://bugzilla.redhat.com/show_bug.cgi?id=2263139  
https://bugzilla.redhat.com/show_bug.cgi?id=2268017  
https://bugzilla.redhat.com/show_bug.cgi?id=2268019  
https://bugzilla.redhat.com/show_bug.cgi?id=2268273  
https://bugzilla.redhat.com/show_bug.cgi?id=2272907

Red Hat Security Advisory 2024-2088-03

Red Hat Security Advisory 2024-2086-03 - An update for shim is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2086.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: shim security update  
Advisory ID:        RHSA-2024:2086-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2086  
Issue date:         2024-04-29  
Revision:           03  
CVE Names:          CVE-2023-40546  
====================================================================

Summary: 

An update for shim is now available for Red Hat Enterprise Linux 8.6 Extended  
Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The shim package contains a first-stage UEFI boot loader that handles chaining  
to a trusted full boot loader under secure boot environments.

Security Fix(es):

* shim: RCE in http boot support may lead to Secure Boot bypass (CVE-2023-40547)

* shim: Interger overflow leads to heap buffer overflow in verify_sbat_section  
on 32-bits systems (CVE-2023-40548)

* shim: Out-of-bounds read printing error messages (CVE-2023-40546)

* shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file  
(CVE-2023-40549)

* shim: Out-of-bound read in verify_buffer_sbat() (CVE-2023-40550)

* shim: out of bounds read when parsing MZ binaries (CVE-2023-40551)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-40546

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2234589  
https://bugzilla.redhat.com/show_bug.cgi?id=2241782  
https://bugzilla.redhat.com/show_bug.cgi?id=2241796  
https://bugzilla.redhat.com/show_bug.cgi?id=2241797  
https://bugzilla.redhat.com/show_bug.cgi?id=2259915  
https://bugzilla.redhat.com/show_bug.cgi?id=2259918

Red Hat Security Advisory 2024-2086-03

Red Hat Security Advisory 2024-2079-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2079.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git-lfs security updateAdvisory ID:        RHSA-2024:2079-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2079Issue date:         2024-04-29Revision:           03CVE Names:          CVE-2023-45288====================================================================Summary: An update for git-lfs is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.Security Fix(es):* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288,VU#421644.3)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45288References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2268273

Red Hat Security Advisory 2024-2079-03

Red Hat Security Advisory 2024-2077-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include an information leakage vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2077.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:rhel8 security and bug fix updateAdvisory ID:        RHSA-2024:2077-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2077Issue date:         2024-04-29Revision:           03CVE Names:          CVE-2022-4122====================================================================Summary: An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Security team has rated the vulnerability impact of the fixed issues as Important.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)* podman: Symlink error leads to information disclosure (CVE-2022-4122)* buildah: full container escape at build time (CVE-2024-1753)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-4122References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2134010https://bugzilla.redhat.com/show_bug.cgi?id=2144983https://bugzilla.redhat.com/show_bug.cgi?id=2265513

Tag

#vulnerability