ISHACK AI BOT

SUSE: CVE-2024-9264: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 10/18/2024 Created 01/01/2025 Added 12/31/2024 Modified 01/28/2025 Description The SQL Expressions experimental feature of Grafana allows for the evaluation of `duckdb` queries containing user input. These queries are insufficiently sanitized before being passed to `duckdb`, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack.The `duckdb` binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions. Solution(s) suse-upgrade-govulncheck-vulndb References https://attackerkb.com/topics/cve-2024-9264 CVE - 2024-9264

Debian: CVE-2024-47674: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/17/2024 Created 10/18/2024 Added 10/17/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it is just a raw mapping of PFNs with no reference counting of a 'struct page'. That's all very much intentional, but it does mean that it's easy to mess up the cleanup in case of errors.Yes, a failed mmap() will always eventually clean up any partial mappings, but without any explicit lifetime in the page table mapping itself, it's very easy to do the error handling in the wrong order. In particular, it's easy to mistakenly free the physical backing store before the page tables are actually cleaned up and (temporarily) have stale dangling PTE entries. To make this situation less error-prone, just make sure that any partial pfn mapping is torn down early, before any other error handling. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-47674 CVE - 2024-47674 DLA-4008-1

Apache Solr: CVE-2024-45216: Apache Solr: Authentication bypass possible using a fake URL Path ending Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/16/2024 Created 10/18/2024 Added 10/17/2024 Modified 10/17/2024 Description Improper Authentication vulnerability in Apache Solr. Solr instances using the PKIAuthenticationPlugin, which is enabled by default when Solr Authentication is used, are vulnerable to Authentication bypass. A fake ending at the end of any Solr API URL path, will allow requests to skip Authentication while maintaining the API contract with the original URL Path. This fake ending looks like an unprotected API path, however it is stripped off internally after authentication but before API routing. This issue affects Apache Solr: from 5.3.0 before 8.11.4, from 9.0.0 before 9.7.0. Users are recommended to upgrade to version 9.7.0, or 8.11.4, which fix the issue. Solution(s) apache-solr-upgrade-latest References https://attackerkb.com/topics/cve-2024-45216 CVE - 2024-45216 https://solr.apache.org/security.html#cve-2024-45216-apache-solr-authentication-bypass-possible-using-a-fake-url-path-ending

Apache Solr: CVE-2024-45217: Apache Solr: ConfigSets created during a backup restore command are trusted implicitly Severity 8 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:N) Published 10/16/2024 Created 10/18/2024 Added 10/17/2024 Modified 10/17/2024 Description Insecure Default Initialization of Resource vulnerability in Apache Solr. New ConfigSets that are created via a Restore command, which copy a configSet from the backup and give it a new name, are created without setting the "trusted" metadata. ConfigSets that do not contain the flag are trusted implicitly if the metadata is missing, therefore this leads to "trusted" ConfigSets that may not have been created with an Authenticated request. "trusted" ConfigSets are able to load custom code into classloaders, therefore the flag is supposed to only be set when the request that uploads the ConfigSet is Authenticated & Authorized. This issue affects Apache Solr: from 6.6.0 before 8.11.4, from 9.0.0 before 9.7.0. This issue does not affect Solr instances that are secured via Authentication/Authorization. Users are primarily recommended to use Authentication and Authorization when running Solr. However, upgrading to version 9.7.0, or 8.11.4 will mitigate this issue otherwise. Solution(s) apache-solr-upgrade-latest References https://attackerkb.com/topics/cve-2024-45217 CVE - 2024-45217 https://solr.apache.org/security.html#cve-2024-45217-apache-solr-configsets-created-during-a-backup-restore-command-are-trusted-implicitly

Amazon Linux AMI 2: CVE-2024-9143: Security patch for edk2 (ALAS-2024-2722) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/16/2024 Created 12/21/2024 Added 12/20/2024 Modified 12/20/2024 Description Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates.Any problematic use-cases would have to be using an "exotic" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds.Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) amazon-linux-ami-2-upgrade-edk2-aarch64 amazon-linux-ami-2-upgrade-edk2-debuginfo amazon-linux-ami-2-upgrade-edk2-ovmf amazon-linux-ami-2-upgrade-edk2-tools amazon-linux-ami-2-upgrade-edk2-tools-doc References https://attackerkb.com/topics/cve-2024-9143 AL2/ALAS-2024-2722 CVE - 2024-9143

FreeBSD: VID-C6F4177C-8E29-11EF-98E7-84A93843EB75 (CVE-2024-9143): OpenSSL -- OOB memory access vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/16/2024 Created 10/22/2024 Added 10/21/2024 Modified 10/21/2024 Description Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates.Any problematic use-cases would have to be using an "exotic" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds.Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) freebsd-upgrade-package-openssl freebsd-upgrade-package-openssl-quictls freebsd-upgrade-package-openssl31 freebsd-upgrade-package-openssl31-quictls freebsd-upgrade-package-openssl32 freebsd-upgrade-package-openssl33 References CVE-2024-9143

F5 Networks: CVE-2024-45844: K000140061: BIG-IP monitors vulnerability CVE-2024-45844 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/16/2024 Created 11/12/2024 Added 11/11/2024 Modified 12/06/2024 Description BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2024-45844 CVE - 2024-45844 https://my.f5.com/manage/s/article/K000140061

Apple Safari security update for CVE-2024-44206 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 10/16/2024 Created 10/17/2024 Added 10/16/2024 Modified 01/28/2025 Description An issue in the handling of URL protocols was addressed with improved logic. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. A user may be able to bypass some web content restrictions. Solution(s) apple-safari-upgrade-17_6 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-44206 CVE - 2024-44206 http://support.apple.com/en-us/120913

Ubuntu: USN-7264-1 (CVE-2024-9143): OpenSSL vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/16/2024 Created 02/13/2025 Added 02/12/2025 Modified 02/13/2025 Description Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates.Any problematic use-cases would have to be using an "exotic" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds.Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) ubuntu-upgrade-libssl3t64 ubuntu-upgrade-openssl References https://attackerkb.com/topics/cve-2024-9143 CVE - 2024-9143 USN-7264-1 https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41 https://openssl-library.org/news/secadv/20241016.txt https://ubuntu.com/security/notices/USN-7264-1 https://www.cve.org/CVERecord?id=CVE-2024-9143 View more

SolarWinds Serv-U: CVE-2024-45711: Directory Traversal Vulnerability in Serv-U Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 10/16/2024 Created 11/15/2024 Added 11/14/2024 Modified 11/14/2024 Description SolarWinds Serv-U 15.4.2 and previous versions contain a directory traversal vulnerability where remote code execution is possible depending on privileges given to the authenticated user. Solution(s) solarwinds-serv-u-upgrade-latest References https://attackerkb.com/topics/cve-2024-45711 CVE - 2024-45711 https://www.solarwinds.com/trust-center/security-advisories/cve-2024-45711

Google Chrome Vulnerability: CVE-2024-9963 Insufficient data validation in Downloads Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/16/2024 Created 10/17/2024 Added 10/16/2024 Modified 01/28/2025 Description Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-9963 CVE - 2024-9963

Google Chrome Vulnerability: CVE-2024-9958 Inappropriate implementation in PictureInPicture Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/16/2024 Created 10/17/2024 Added 10/16/2024 Modified 01/28/2025 Description Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-9958 CVE - 2024-9958

Google Chrome Vulnerability: CVE-2024-9966 Inappropriate implementation in Navigations Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/16/2024 Created 10/17/2024 Added 10/16/2024 Modified 01/28/2025 Description Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-9966 CVE - 2024-9966 https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

Google Chrome Vulnerability: CVE-2024-9955 Use after free in Web Authentication Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/16/2024 Created 10/17/2024 Added 10/16/2024 Modified 01/28/2025 Description Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-9955 CVE - 2024-9955

Google Chrome Vulnerability: CVE-2024-9960 Use after free in Dawn Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 10/16/2024 Created 10/17/2024 Added 10/16/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-9960 CVE - 2024-9960

Google Chrome Vulnerability: CVE-2024-9962 Inappropriate implementation in Permissions Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/16/2024 Created 10/17/2024 Added 10/16/2024 Modified 01/28/2025 Description Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-9962 CVE - 2024-9962

Google Chrome Vulnerability: CVE-2024-9965 Insufficient data validation in DevTools Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/16/2024 Created 10/17/2024 Added 10/16/2024 Modified 01/28/2025 Description Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-9965 CVE - 2024-9965 https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

Debian: CVE-2024-9143: openssl -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/16/2024 Created 11/05/2024 Added 11/04/2024 Modified 12/02/2024 Description Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates.Any problematic use-cases would have to be using an "exotic" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds.Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) debian-upgrade-openssl References https://attackerkb.com/topics/cve-2024-9143 CVE - 2024-9143 DLA-3942-1

Apple Safari security update for CVE-2024-44185 Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 10/16/2024 Created 10/17/2024 Added 10/16/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in tvOS 17.6, visionOS 1.3, Safari 17.6, watchOS 10.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) apple-safari-upgrade-17_6 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2024-44185 CVE - 2024-44185 http://support.apple.com/en-us/120913

Huawei EulerOS: CVE-2024-9143: openssl security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/16/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates.Any problematic use-cases would have to be using an "exotic" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds.Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) huawei-euleros-2_0_sp12-upgrade-openssl huawei-euleros-2_0_sp12-upgrade-openssl-libs huawei-euleros-2_0_sp12-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2024-9143 CVE - 2024-9143 EulerOS-SA-2024-2956

Huawei EulerOS: CVE-2024-9143: openssl security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/16/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only "named curves" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates.Any problematic use-cases would have to be using an "exotic" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with "exotic" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds.Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) huawei-euleros-2_0_sp11-upgrade-openssl huawei-euleros-2_0_sp11-upgrade-openssl-libs huawei-euleros-2_0_sp11-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2024-9143 CVE - 2024-9143 EulerOS-SA-2024-2984

Debian: CVE-2022-4973: wordpress -- security update Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 10/16/2024 Created 10/22/2024 Added 10/21/2024 Modified 01/28/2025 Description WordPress Core, in versions up to 6.0.2, is vulnerable to Authenticated Stored Cross-Site Scripting that can be exploited by users with access to the WordPress post and page editor, typically consisting of Authors, Contributors, and Editors making it possible to inject arbitrary web scripts into posts and pages that execute if the the_meta(); function is called on that page. Solution(s) debian-upgrade-wordpress References https://attackerkb.com/topics/cve-2022-4973 CVE - 2022-4973

Google Chrome Vulnerability: CVE-2024-9964 Inappropriate implementation in Payments Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/16/2024 Created 10/17/2024 Added 10/16/2024 Modified 01/28/2025 Description Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-9964 CVE - 2024-9964

Red Hat: CVE-2024-9676: Podman: Buildah: CRI-O: symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 10/15/2024 Created 11/14/2024 Added 11/13/2024 Modified 02/10/2025 Description A vulnerability was found in Podman, Buildah, and CRI-O. A symlink traversal vulnerability in the containers/storage library can cause Podman, Buildah, and CRI-O to hang and result in a denial of service via OOM kill when running a malicious image using an automatically assigned user namespace (`--userns=auto` in Podman and Buildah). The containers/storage library will read /etc/passwd inside the container, but does not properly validate if that file is a symlink, which can be used to cause the library to read an arbitrary file on the host. Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2024-9676 RHSA-2024:10289 RHSA-2024:9051 RHSA-2024:9454 RHSA-2024:9459 RHSA-2024:9926

Ubuntu: USN-7082-1 (CVE-2024-41311): libheif vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/15/2024 Created 10/25/2024 Added 10/24/2024 Modified 10/24/2024 Description In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. Solution(s) ubuntu-upgrade-libheif1 References https://attackerkb.com/topics/cve-2024-41311 CVE - 2024-41311 USN-7082-1