Red Hat Security Advisory 2024-1557-03

Red Hat Security Advisory 2024-1557-03 - An update is now available for Red Hat OpenShift Builds 1.0. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-1549-03

Red Hat Security Advisory 2024-1549-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2024-1552-03

Red Hat Security Advisory 2024-1552-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1553-03

Red Hat Security Advisory 2024-1553-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1544-03

Red Hat Security Advisory 2024-1544-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-1545-03

Red Hat Security Advisory 2024-1545-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Apple Security Advisory 03-25-2024-2

Apple Security Advisory 03-25-2024-2 - macOS Sonoma 14.4.1 addresses code execution and out of bounds write vulnerabilities.

Ubuntu Security Notice USN-6686-5

Ubuntu Security Notice 6686-5 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2024-1538-03

Red Hat Security Advisory 2024-1538-03 - An update for cnf-tests-container, dpdk-base-container, performance-addon-operator-must-gather NUMA-aware secondary scheduler, numaresources-operator is now available for Red Hat OpenShift Container Platform 4.12.

Red Hat Security Advisory 2024-1543-03

Red Hat Security Advisory 2024-1543-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Security Advisory 2024-1537-03

Red Hat Security Advisory 2024-1537-03 - An update for cnf-tests-container, dpdk-base-container, performance-addon-operator-must-gather NUMA-aware secondary scheduler, numaresources-operator is now available for Red Hat OpenShift Container Platform 4.13.

Ubuntu Security Notice USN-6718-2

Ubuntu Security Notice 6718-2 - USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.

Red Hat Security Advisory 2024-1507-03

Red Hat Security Advisory 2024-1507-03 - An update is now available for RHOL-5.6-RHEL-8.

Red Hat Security Advisory 2024-1508-03

Red Hat Security Advisory 2024-1508-03 - An update is now available for RHOL-5.7-RHEL-8.

Red Hat Security Advisory 2024-1536-03

Red Hat Security Advisory 2024-1536-03 - An update is now available for Red Hat Satellite 6.14 for RHEL 8. Issues addressed include HTTP request smuggling and traversal vulnerabilities.

Apple Security Advisory 03-25-2024-3

Apple Security Advisory 03-25-2024-3 - macOS Ventura 13.6.6 addresses code execution and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-1464-03

Red Hat Security Advisory 2024-1464-03 - Red Hat OpenShift Container Platform release 4.11.59 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-1474-03

Red Hat Security Advisory 2024-1474-03 - An update is now available for RHOL-5.8-RHEL-9. Issues addressed include a password leak vulnerability.

Red Hat Security Advisory 2024-1449-03

Red Hat Security Advisory 2024-1449-03 - Red Hat OpenShift Container Platform release 4.15.5 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Apple Security Advisory 03-25-2024-4

Apple Security Advisory 03-25-2024-4 - iOS 17.4.1 and iPadOS 17.4.1 addresses code execution and out of bounds write vulnerabilities.

Ubuntu Security Notice USN-6718-1

Ubuntu Security Notice 6718-1 - Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.

Red Hat Security Advisory 2024-1522-03

Red Hat Security Advisory 2024-1522-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-1530-03

Red Hat Security Advisory 2024-1530-03 - An update for expat is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1532-03

Red Hat Security Advisory 2024-1532-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-1533-03

Red Hat Security Advisory 2024-1533-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-1518-03

Red Hat Security Advisory 2024-1518-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.2.

Red Hat Security Advisory 2024-1512-03

Red Hat Security Advisory 2024-1512-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-1513-03

Red Hat Security Advisory 2024-1513-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-1514-03

Red Hat Security Advisory 2024-1514-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-1515-03

Red Hat Security Advisory 2024-1515-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1516-03

Red Hat Security Advisory 2024-1516-03 - An update for python-twisted is now available for Red Hat OpenStack Platform 16.1.

Red Hat Security Advisory 2024-1456-03

Red Hat Security Advisory 2024-1456-03 - Red Hat OpenShift Container Platform release 4.13.38 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-1458-03

Red Hat Security Advisory 2024-1458-03 - Red Hat OpenShift Container Platform release 4.14.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1461-03

Red Hat Security Advisory 2024-1461-03 - Red Hat OpenShift Container Platform release 4.14.18 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-1454-03

Red Hat Security Advisory 2024-1454-03 - Red Hat OpenShift Container Platform release 4.13.38 is now available with updates to packages and images that fix several bugs and add enhancements.

Ubuntu Security Notice USN-6588-2

Ubuntu Security Notice 6588-2 - USN-6588-1 fixed a vulnerability in PAM. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Matthias Gerstner discovered that the PAM pam_namespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service.

Ubuntu Security Notice USN-6717-1

Ubuntu Security Notice 6717-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Hubert Kario discovered that Thunderbird had a timing side-channel when performing RSA decryption. A remote attacker could possibly use this issue to recover sensitive information.

Red Hat Security Advisory 2024-1510-03

Red Hat Security Advisory 2024-1510-03 - An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and privilege escalation vulnerabilities.

Ubuntu Security Notice USN-6714-1

Ubuntu Security Notice 6714-1 - It was discovered that debmany in Debian Goodies incorrectly handled certain deb files. An attacker could possibly use this issue to execute arbitrary shell commands.

Ubuntu Security Notice USN-6716-1

Ubuntu Security Notice 6716-1 - Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service.

Red Hat Security Advisory 2024-1509-03

Red Hat Security Advisory 2024-1509-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1502-03

Red Hat Security Advisory 2024-1502-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-1499-03

Red Hat Security Advisory 2024-1499-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1500-03

Red Hat Security Advisory 2024-1500-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1501-03

Red Hat Security Advisory 2024-1501-03 - An update for grafana is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-1496-03

Red Hat Security Advisory 2024-1496-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1497-03

Red Hat Security Advisory 2024-1497-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6707-3

Ubuntu Security Notice 6707-3 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2024-1490-03

Red Hat Security Advisory 2024-1490-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1491-03

Red Hat Security Advisory 2024-1491-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1488-03

Red Hat Security Advisory 2024-1488-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-1489-03

Red Hat Security Advisory 2024-1489-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6701-3

Ubuntu Security Notice 6701-3 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2024-1487-03

Red Hat Security Advisory 2024-1487-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6704-3

Ubuntu Security Notice 6704-3 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.

Red Hat Security Advisory 2024-1480-03

Red Hat Security Advisory 2024-1480-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Red Hat Security Advisory 2024-1486-03

Red Hat Security Advisory 2024-1486-03 - An update for firefox is now available for Red Hat Enterprise Linux 7. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Ubuntu Security Notice USN-6711-1

Ubuntu Security Notice 6711-1 - Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline.

Ubuntu Security Notice USN-6712-1

Ubuntu Security Notice 6712-1 - It was discovered that Net::CIDR::Lite incorrectly handled extra zero characters at the beginning of IP address strings. A remote attacker could possibly use this issue to bypass access controls.

Ubuntu Security Notice USN-6713-1

Ubuntu Security Notice 6713-1 - It was discovered that QPDF incorrectly handled certain memory operations when decoding JSON files. If a user or automated system were tricked into processing a specially crafted JSON file, QPDF could be made to crash, resulting in a denial of service, or possibly execute arbitrary code.