Gentoo Linux Security Advisory 202405-16

Gentoo Linux Security Advisory 202405-16 - A vulnerability has been discovered in Apache Commons BCEL, which can lead to remote code execution. Versions greater than or equal to 6.6.0 are affected.

Gentoo Linux Security Advisory 202405-14

Gentoo Linux Security Advisory 202405-14 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.13_p20240322 are affected.

Gentoo Linux Security Advisory 202405-15

Gentoo Linux Security Advisory 202405-15 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to remote code execution. Versions greater than or equal to 115.8.0:esr are affected.

Gentoo Linux Security Advisory 202405-12

Gentoo Linux Security Advisory 202405-12 - Multiple vulnerabilities have been discovered in Pillow, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 10.2.0 are affected.

Gentoo Linux Security Advisory 202405-13

Gentoo Linux Security Advisory 202405-13 - A vulnerability has been discovered in borgmatic, which can lead to shell injection. Versions greater than or equal to 1.8.8 are affected.

Gentoo Linux Security Advisory 202405-10

Gentoo Linux Security Advisory 202405-10 - A vulnerability has been discovered in Setuptools, which can lead to denial of service. Versions greater than or equal to 65.5.1 are affected.

Gentoo Linux Security Advisory 202405-06

Gentoo Linux Security Advisory 202405-6 - Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.2 are affected.

Gentoo Linux Security Advisory 202405-11

Gentoo Linux Security Advisory 202405-11 - Multiple vulnerabilities have been discovered in MIT krb5, the worst of which could lead to remote code execution. Versions greater than or equal to 1.21.2 are affected.

Gentoo Linux Security Advisory 202405-07

Gentoo Linux Security Advisory 202405-7 - Multiple vulnerabilities have been discovered in HTMLDOC, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.9.16 are affected.

Gentoo Linux Security Advisory 202405-08

Gentoo Linux Security Advisory 202405-8 - Multiple vulnerabilities have been discovered in strongSwan, the worst of which could possibly lead to remote code execution. Versions greater than or equal to 5.9.10 are affected.

Gentoo Linux Security Advisory 202405-09

Gentoo Linux Security Advisory 202405-9 - Multiple vulnerabilities have been found in MediaInfo and MediaInfoLib, the worst of which could allow user-assisted remote code execution. Versions greater than or equal to 23.10 are affected.

Debian Security Advisory 5677-1

Debian Linux Security Advisory 5677-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in information disclosure, denial of service or the execution of arbitrary code.

Debian Security Advisory 5678-1

Debian Linux Security Advisory 5678-1 - Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code.

Debian Security Advisory 5679-1

Debian Linux Security Advisory 5679-1 - Several vulnerabilities were discovered in less, a file pager, which may result in the execution of arbitrary commands if a file with a specially crafted file name is processed.

Gentoo Linux Security Advisory 202405-05

Gentoo Linux Security Advisory 202405-5 - Multiple vulnerabilities have been discovered in MPlayer, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 1.5 are affected.

Live2D Cubism Heap Corruption

Live2D Cubism suffers from a heap corruption vulnerability.

Gentoo Linux Security Advisory 202405-03

Gentoo Linux Security Advisory 202405-3 - A vulnerability has been discovered in Dalli, which can lead to code injection. Versions greater than or equal to 3.2.3 are affected.

Gentoo Linux Security Advisory 202405-04

Gentoo Linux Security Advisory 202405-4 - Multiple vulnerabilities have been discovered in systemd, the worst of which can lead to a denial of service. Versions greater than or equal to 252.4 are affected.

Gentoo Linux Security Advisory 202405-02

Gentoo Linux Security Advisory 202405-2 - Multiple vulnerabilities have been discovered in ImageMagick, the worst of which can lead to remote code execution. Versions greater than or equal to 6.9.13.0 are affected.

Red Hat Security Advisory 2024-2699-03

Red Hat Security Advisory 2024-2699-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2700-03

Red Hat Security Advisory 2024-2700-03 - An update for varnish is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

Gentoo Linux Security Advisory 202405-01

Gentoo Linux Security Advisory 202405-1 - Multiple vulnerabilities have been discovered in Python and PyPy3, the worst of which can lead to privilege escalation. Versions greater than or equal to 3.10.14:3.10 are affected.

Red Hat Security Advisory 2024-2697-03

Red Hat Security Advisory 2024-2697-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2696-03

Red Hat Security Advisory 2024-2696-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Ubuntu Security Notice USN-6757-2

Ubuntu Security Notice 6757-2 - USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.

Ubuntu Security Notice USN-6762-1

Ubuntu Security Notice 6762-1 - It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library might allow context-dependent attackers to cause a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution. This issue only affected Ubuntu 14.04 LTS.

Red Hat Security Advisory 2024-2679-03

Red Hat Security Advisory 2024-2679-03 - An update for libxml2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-2674-03

Red Hat Security Advisory 2024-2674-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-2054-03

Red Hat Security Advisory 2024-2054-03 - Red Hat OpenShift Container Platform release 4.14.23 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-2049-03

Red Hat Security Advisory 2024-2049-03 - Red Hat OpenShift Container Platform release 4.13.41 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2068-03

Red Hat Security Advisory 2024-2068-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2071-03

Red Hat Security Advisory 2024-2071-03 - Red Hat OpenShift Container Platform release 4.15.11 is now available with updates to packages and images that fix several bugs and add enhancements.

Debian Security Advisory 5676-1

Debian Linux Security Advisory 5676-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ubuntu Security Notice USN-6747-2

Ubuntu Security Notice 6747-2 - USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory during JIT optimizations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Nan Wang discovered that Firefox did not properly manage memory during WASM garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

Red Hat Security Advisory 2024-2651-03

Red Hat Security Advisory 2024-2651-03 - An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2645-03

Red Hat Security Advisory 2024-2645-03 - An update for podman is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Ubuntu Security Notice USN-6760-1

Ubuntu Security Notice 6760-1 - George-Andrei Iosif and David Fernandez Gonzalez discovered that Gerbv did not properly initialize a data structure when parsing certain nested RS-274X format files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.

Kernel Live Patch Security Notice LSN-0103-1

Lonial Con discovered that the netfilter subsystem in the Linux kernel contained a memory leak when handling certain element flush operations. A local attacker could use this to expose sensitive information (kernel memory). Xingyuan Mo discovered that the netfilter subsystem in the Linux kernel did not properly handle inactive elements in its PIPAPO data structure, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other issues were also addressed.

Microsoft PlayReady Cryptography Weakness

There is yet another attack possible against Protected Media Path process beyond the one involving two global XOR keys. The new attack may also result in the extraction of a plaintext content key value.

Red Hat Security Advisory 2024-2633-03

Red Hat Security Advisory 2024-2633-03 - Updated container image for Red Hat Ceph Storage 6.1 is now available in the Red Hat Ecosystem Catalog.

Red Hat Security Advisory 2024-2639-03

Red Hat Security Advisory 2024-2639-03 - The Migration Toolkit for Containers 1.7.15 is now available.

Red Hat Security Advisory 2024-2631-03

Red Hat Security Advisory 2024-2631-03 - An update is now available for Red Hat Ceph Storage 6.1 in the Red Hat Ecosystem Catalog.

Red Hat Security Advisory 2024-2624-03

Red Hat Security Advisory 2024-2624-03 - Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service.

Red Hat Security Advisory 2024-2625-03

Red Hat Security Advisory 2024-2625-03 - An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2621-03

Red Hat Security Advisory 2024-2621-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-2627-03

Red Hat Security Advisory 2024-2627-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-2619-03

Red Hat Security Advisory 2024-2619-03 - An update for rh-mysql80-mysql is now available for Red Hat Software Collections.

Red Hat Security Advisory 2024-2628-03

Red Hat Security Advisory 2024-2628-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-2585-03

Red Hat Security Advisory 2024-2585-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-2586-03

Red Hat Security Advisory 2024-2586-03 - An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2587-03

Red Hat Security Advisory 2024-2587-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2616-03

Red Hat Security Advisory 2024-2616-03 - An update for tigervnc is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-2583-03

Red Hat Security Advisory 2024-2583-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Security Advisory 2024-2584-03

Red Hat Security Advisory 2024-2584-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2582-03

Red Hat Security Advisory 2024-2582-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-2577-03

Red Hat Security Advisory 2024-2577-03 - An update for shadow-utils is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-2580-03

Red Hat Security Advisory 2024-2580-03 - An update for yajl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a memory leak vulnerability.

Red Hat Security Advisory 2024-2581-03

Red Hat Security Advisory 2024-2581-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2575-03

Red Hat Security Advisory 2024-2575-03 - An update for expat is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-2570-03

Red Hat Security Advisory 2024-2570-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9. Issues addressed include an information leakage vulnerability.