Red Hat Security Advisory 2024-2645-03

Red Hat Security Advisory 2024-2645-03 - An update for podman is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Ubuntu Security Notice USN-6760-1

Ubuntu Security Notice 6760-1 - George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.

Kernel Live Patch Security Notice LSN-0103-1

Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

Microsoft PlayReady Cryptography Weakness

There is yet another attack possible against Protected Media Path process beyond the one involving two global XOR keys. The new attack may also result in the extraction of a plaintext content key value.

Red Hat Security Advisory 2024-2633-03

Red Hat Security Advisory 2024-2633-03 - Updated container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.

Red Hat Security Advisory 2024-2639-03

Red Hat Security Advisory 2024-2639-03 - The Migration Toolkit for Containers 1.7.15 is now available.

Red Hat Security Advisory 2024-2631-03

Red Hat Security Advisory 2024-2631-03 - An update is now available for Red Hat Ceph Storage 6.1 in the Red Hat Ecosystem Catalog.

Red Hat Security Advisory 2024-2624-03

Red Hat Security Advisory 2024-2624-03 - Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service.

Red Hat Security Advisory 2024-2625-03

Red Hat Security Advisory 2024-2625-03 - An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2621-03

Red Hat Security Advisory 2024-2621-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2627-03

Red Hat Security Advisory 2024-2627-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-2619-03

Red Hat Security Advisory 2024-2619-03 - An update for rh-mysql80-mysql is now available for Red Hat Software Collections.

Red Hat Security Advisory 2024-2628-03

Red Hat Security Advisory 2024-2628-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-2585-03

Red Hat Security Advisory 2024-2585-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-2586-03

Red Hat Security Advisory 2024-2586-03 - An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2587-03

Red Hat Security Advisory 2024-2587-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2616-03

Red Hat Security Advisory 2024-2616-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2583-03

Red Hat Security Advisory 2024-2583-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2584-03

Red Hat Security Advisory 2024-2584-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2582-03

Red Hat Security Advisory 2024-2582-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-2577-03

Red Hat Security Advisory 2024-2577-03 - An update for shadow-utils is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-2580-03

Red Hat Security Advisory 2024-2580-03 - An update for yajl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-2581-03

Red Hat Security Advisory 2024-2581-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2575-03

Red Hat Security Advisory 2024-2575-03 - An update for expat is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2570-03

Red Hat Security Advisory 2024-2570-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2024-2571-03

Red Hat Security Advisory 2024-2571-03 - An update for sssd is now available for Red Hat Enterprise Linux 9.

Ubuntu Security Notice USN-6758-1

Ubuntu Security Notice 6758-1 - It was discovered that the JSON5 parse method incorrectly handled the parsing of keys named __proto__. An attacker could possibly use this issue to pollute the prototype of the returned object, setting arbitrary or unexpected keys, and cause a denial of service, allow unintended access to network services or have other unspecified impact, depending on the application's use of the module.

Ubuntu Security Notice USN-6761-1

Ubuntu Security Notice 6761-1 - It was discovered that Anope did not properly process credentials for suspended accounts. An attacker could possibly use this issue to normally login to the platform as a suspended user after changing their password.

Ubuntu Security Notice USN-6757-1

Ubuntu Security Notice 6757-1 - It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that PHP incorrectly handled certain cookies. An attacker could possibly use this issue to cookie by pass.

Red Hat Security Advisory 2024-2528-03

Red Hat Security Advisory 2024-2528-03 - An update for mingw-glib2 is now available for Red Hat Enterprise Linux 9.

Ubuntu Security Notice USN-6759-1

Ubuntu Security Notice 6759-1 - It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service.

Red Hat Security Advisory 2024-2517-03

Red Hat Security Advisory 2024-2517-03 - An update for wpa_supplicant is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-2463-03

Red Hat Security Advisory 2024-2463-03 - An update for systemd is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2525-03

Red Hat Security Advisory 2024-2525-03 - An update for mingw-pixman is now available for Red Hat Enterprise Linux 9. Issues addressed include integer overflow and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-2483-03

Red Hat Security Advisory 2024-2483-03 - An update for traceroute is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2504-03

Red Hat Security Advisory 2024-2504-03 - An update for libssh is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2512-03

Red Hat Security Advisory 2024-2512-03 - An update for file is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer over-read vulnerability.

Red Hat Security Advisory 2024-2456-03

Red Hat Security Advisory 2024-2456-03 - An update for grub2 is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, out of bounds read, and out of bounds write vulnerabilities.

Red Hat Security Advisory 2024-2410-03

Red Hat Security Advisory 2024-2410-03 - An update for harfbuzz is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2433-03

Red Hat Security Advisory 2024-2433-03 - An update for avahi is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2437-03

Red Hat Security Advisory 2024-2437-03 - An update for exfatprogs is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2438-03

Red Hat Security Advisory 2024-2438-03 - An update for pam is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2447-03

Red Hat Security Advisory 2024-2447-03 - An update for openssl and openssl-fips-provider is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2377-03

Red Hat Security Advisory 2024-2377-03 - An update for zziplib is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2387-03

Red Hat Security Advisory 2024-2387-03 - An update for mod_jk and mod_proxy_cluster is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting and information leakage vulnerabilities.

Red Hat Security Advisory 2024-2394-03

Red Hat Security Advisory 2024-2394-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, double free, integer overflow, memory exhaustion, memory leak, null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2396-03

Red Hat Security Advisory 2024-2396-03 - An update for squashfs-tools is now available for Red Hat Enterprise Linux 9. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2024-2368-03

Red Hat Security Advisory 2024-2368-03 - An update for mod_http2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2348-03

Red Hat Security Advisory 2024-2348-03 - An update for python-jinja2 is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2353-03

Red Hat Security Advisory 2024-2353-03 - An update for mingw components is now available for Red Hat Enterprise Linux 9. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-2366-03

Red Hat Security Advisory 2024-2366-03 - An update for freeglut is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.

Debian Security Advisory 5675-1

Debian Linux Security Advisory 5675-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ubuntu Security Notice USN-6744-3

Ubuntu Security Notice 6744-3 - USN-6744-1 fixed a vulnerability in Pillow. This update provides the corresponding updates for Ubuntu 24.04 LTS. Hugo van Kemenade discovered that Pillow was not properly performing bounds checks when processing an ICC file, which could lead to a buffer overflow. If a user or automated system were tricked into processing a specially crafted ICC file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-6733-2

Ubuntu Security Notice 6733-2 - USN-6733-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding updates for Ubuntu 24.04 LTS. It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.

Ubuntu Security Notice USN-6734-2

Ubuntu Security Notice 6734-2 - USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled certain RPC library API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service.

Ubuntu Security Notice USN-6718-3

Ubuntu Security Notice 6718-3 - USN-6718-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 24.04 LTS. Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.

Ubuntu Security Notice USN-6756-1

Ubuntu Security Notice 6756-1 - It was discovered that less mishandled newline characters in file names. If a user or automated system were tricked into opening specially crafted files, an attacker could possibly use this issue to execute arbitrary commands on the host.

Ubuntu Security Notice USN-6737-2

Ubuntu Security Notice 6737-2 - USN-6737-1 fixed a vulnerability in the GNU C Library. This update provides the corresponding update for Ubuntu 24.04 LTS. Charles Fol discovered that the GNU C Library iconv feature incorrectly handled certain input sequences. An attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6729-3

Ubuntu Security Notice 6729-3 - USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service.

Ubuntu Security Notice USN-6755-1

Ubuntu Security Notice 6755-1 - Ingo Brückl discovered that cpio contained a path traversal vulnerability. If a user or automated system were tricked into extracting a specially crafted cpio archive, an attacker could possibly use this issue to write arbitrary files outside the target directory on the host, even if using the option --no-absolute-filenames.