ISHACK AI BOT

Rocky Linux: CVE-2024-8394: thunderbird (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 09/06/2024 Created 09/18/2024 Added 09/17/2024 Modified 01/28/2025 Description When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2. Solution(s) rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2024-8394 CVE - 2024-8394 https://errata.rockylinux.org/RLSA-2024:6683 https://errata.rockylinux.org/RLSA-2024:6684

Rocky Linux: CVE-2024-34158: podman (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/06/2024 Created 10/03/2024 Added 10/02/2024 Modified 11/18/2024 Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Solution(s) rocky-upgrade-aardvark-dns rocky-upgrade-buildah rocky-upgrade-buildah-debuginfo rocky-upgrade-buildah-debugsource rocky-upgrade-buildah-tests rocky-upgrade-buildah-tests-debuginfo rocky-upgrade-conmon rocky-upgrade-conmon-debuginfo rocky-upgrade-conmon-debugsource rocky-upgrade-containernetworking-plugins rocky-upgrade-containernetworking-plugins-debuginfo rocky-upgrade-containernetworking-plugins-debugsource rocky-upgrade-containers-common rocky-upgrade-crit rocky-upgrade-criu rocky-upgrade-criu-debuginfo rocky-upgrade-criu-debugsource rocky-upgrade-criu-devel rocky-upgrade-criu-libs rocky-upgrade-criu-libs-debuginfo rocky-upgrade-crun rocky-upgrade-crun-debuginfo rocky-upgrade-crun-debugsource rocky-upgrade-delve rocky-upgrade-delve-debuginfo rocky-upgrade-delve-debugsource rocky-upgrade-fuse-overlayfs rocky-upgrade-fuse-overlayfs-debuginfo rocky-upgrade-fuse-overlayfs-debugsource rocky-upgrade-go-toolset rocky-upgrade-golang rocky-upgrade-golang-bin rocky-upgrade-libslirp rocky-upgrade-libslirp-debuginfo rocky-upgrade-libslirp-debugsource rocky-upgrade-libslirp-devel rocky-upgrade-netavark rocky-upgrade-oci-seccomp-bpf-hook rocky-upgrade-oci-seccomp-bpf-hook-debuginfo rocky-upgrade-oci-seccomp-bpf-hook-debugsource rocky-upgrade-podman rocky-upgrade-podman-catatonit rocky-upgrade-podman-catatonit-debuginfo rocky-upgrade-podman-debuginfo rocky-upgrade-podman-debugsource rocky-upgrade-podman-gvproxy rocky-upgrade-podman-gvproxy-debuginfo rocky-upgrade-podman-plugins rocky-upgrade-podman-plugins-debuginfo rocky-upgrade-podman-remote rocky-upgrade-podman-remote-debuginfo rocky-upgrade-podman-tests rocky-upgrade-python3-criu rocky-upgrade-runc rocky-upgrade-runc-debuginfo rocky-upgrade-runc-debugsource rocky-upgrade-skopeo rocky-upgrade-skopeo-tests rocky-upgrade-slirp4netns rocky-upgrade-slirp4netns-debuginfo rocky-upgrade-slirp4netns-debugsource rocky-upgrade-toolbox rocky-upgrade-toolbox-debuginfo rocky-upgrade-toolbox-debugsource rocky-upgrade-toolbox-tests References https://attackerkb.com/topics/cve-2024-34158 CVE - 2024-34158 https://errata.rockylinux.org/RLSA-2024:6908 https://errata.rockylinux.org/RLSA-2024:6913 https://errata.rockylinux.org/RLSA-2024:8038 https://errata.rockylinux.org/RLSA-2024:8039

Huawei EulerOS: CVE-2024-34156: golang security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/06/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Solution(s) huawei-euleros-2_0_sp11-upgrade-golang huawei-euleros-2_0_sp11-upgrade-golang-devel huawei-euleros-2_0_sp11-upgrade-golang-help References https://attackerkb.com/topics/cve-2024-34156 CVE - 2024-34156 EulerOS-SA-2024-2981

Oracle Linux: CVE-2024-7652: ELSA-2024-6683:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:C) Published 09/06/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/17/2025 Description An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox &lt; 128, Firefox ESR &lt; 115.13, Thunderbird &lt; 115.13, and Thunderbird &lt; 128. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-7652 CVE - 2024-7652 ELSA-2024-6683 ELSA-2024-6684 ELSA-2024-6681 ELSA-2024-6682 ELSA-2024-6838

Huawei EulerOS: CVE-2024-34155: golang security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/06/2024 Created 01/15/2025 Added 01/14/2025 Modified 01/14/2025 Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. Solution(s) huawei-euleros-2_0_sp10-upgrade-golang huawei-euleros-2_0_sp10-upgrade-golang-devel huawei-euleros-2_0_sp10-upgrade-golang-help References https://attackerkb.com/topics/cve-2024-34155 CVE - 2024-34155 EulerOS-SA-2025-1022

Alpine Linux: CVE-2024-34155: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/06/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/01/2024 Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. Solution(s) alpine-linux-upgrade-go References https://attackerkb.com/topics/cve-2024-34155 CVE - 2024-34155 https://security.alpinelinux.org/vuln/CVE-2024-34155

Amazon Linux AMI 2: CVE-2024-34158: Security patch for golang (ALAS-2024-2643) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/06/2024 Created 10/03/2024 Added 10/03/2024 Modified 10/03/2024 Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Solution(s) amazon-linux-ami-2-upgrade-golang amazon-linux-ami-2-upgrade-golang-bin amazon-linux-ami-2-upgrade-golang-docs amazon-linux-ami-2-upgrade-golang-misc amazon-linux-ami-2-upgrade-golang-shared amazon-linux-ami-2-upgrade-golang-src amazon-linux-ami-2-upgrade-golang-tests References https://attackerkb.com/topics/cve-2024-34158 AL2/ALAS-2024-2643 CVE - 2024-34158

Red Hat: CVE-2024-34156: encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/06/2024 Created 09/25/2024 Added 09/24/2024 Modified 02/10/2025 Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-delve redhat-upgrade-delve-debuginfo redhat-upgrade-delve-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-git-lfs redhat-upgrade-git-lfs-debuginfo redhat-upgrade-git-lfs-debugsource redhat-upgrade-go-toolset redhat-upgrade-golang redhat-upgrade-golang-bin redhat-upgrade-golang-docs redhat-upgrade-golang-misc redhat-upgrade-golang-race redhat-upgrade-golang-src redhat-upgrade-golang-tests redhat-upgrade-grafana redhat-upgrade-grafana-debuginfo redhat-upgrade-grafana-debugsource redhat-upgrade-grafana-pcp redhat-upgrade-grafana-pcp-debuginfo redhat-upgrade-grafana-pcp-debugsource redhat-upgrade-grafana-selinux redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-osbuild-composer redhat-upgrade-osbuild-composer-core redhat-upgrade-osbuild-composer-core-debuginfo redhat-upgrade-osbuild-composer-debuginfo redhat-upgrade-osbuild-composer-debugsource redhat-upgrade-osbuild-composer-dnf-json redhat-upgrade-osbuild-composer-tests-debuginfo redhat-upgrade-osbuild-composer-worker redhat-upgrade-osbuild-composer-worker-debuginfo redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-debuginfo redhat-upgrade-skopeo-debugsource redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2024-34156 RHSA-2024:11216 RHSA-2024:11217 RHSA-2024:6908 RHSA-2024:6912 RHSA-2024:6913 RHSA-2024:6914 RHSA-2024:6946 RHSA-2024:6947 RHSA-2024:7135 RHSA-2024:7136 RHSA-2024:7202 RHSA-2024:7203 RHSA-2024:7204 RHSA-2024:7206 RHSA-2024:7207 RHSA-2024:7262 RHSA-2024:7350 RHSA-2024:7456 RHSA-2024:7769 RHSA-2024:7818 RHSA-2024:7819 RHSA-2024:7820 RHSA-2024:7821 RHSA-2024:8038 RHSA-2024:8039 RHSA-2024:8110 RHSA-2024:8111 RHSA-2024:8112 RHSA-2024:9454 RHSA-2024:9456 RHSA-2024:9459 RHSA-2024:9472 RHSA-2024:9473 View more

Huawei EulerOS: CVE-2024-34156: golang security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/06/2024 Created 11/12/2024 Added 11/11/2024 Modified 11/11/2024 Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Solution(s) huawei-euleros-2_0_sp9-upgrade-golang huawei-euleros-2_0_sp9-upgrade-golang-devel huawei-euleros-2_0_sp9-upgrade-golang-help References https://attackerkb.com/topics/cve-2024-34156 CVE - 2024-34156 EulerOS-SA-2024-2830

Red Hat: CVE-2024-34158: go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 09/06/2024 Created 09/25/2024 Added 09/24/2024 Modified 11/13/2024 Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-delve redhat-upgrade-delve-debuginfo redhat-upgrade-delve-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-go-toolset redhat-upgrade-golang redhat-upgrade-golang-bin redhat-upgrade-golang-docs redhat-upgrade-golang-misc redhat-upgrade-golang-src redhat-upgrade-golang-tests redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2024-34158 RHSA-2024:6908 RHSA-2024:6913 RHSA-2024:8038 RHSA-2024:8039 RHSA-2024:8112 RHSA-2024:9454 RHSA-2024:9459 View more

Huawei EulerOS: CVE-2024-34158: golang security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/06/2024 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Solution(s) huawei-euleros-2_0_sp11-upgrade-golang huawei-euleros-2_0_sp11-upgrade-golang-devel huawei-euleros-2_0_sp11-upgrade-golang-help References https://attackerkb.com/topics/cve-2024-34158 CVE - 2024-34158 EulerOS-SA-2025-1157

Alma Linux: CVE-2024-34156: Important: go-toolset:rhel8 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/06/2024 Created 09/27/2024 Added 09/26/2024 Modified 12/24/2024 Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-delve alma-upgrade-fuse-overlayfs alma-upgrade-git-lfs alma-upgrade-go-toolset alma-upgrade-golang alma-upgrade-golang-bin alma-upgrade-golang-docs alma-upgrade-golang-misc alma-upgrade-golang-src alma-upgrade-golang-tests alma-upgrade-grafana alma-upgrade-grafana-pcp alma-upgrade-grafana-selinux alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-osbuild-composer alma-upgrade-osbuild-composer-core alma-upgrade-osbuild-composer-worker alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2024-34156 CVE - 2024-34156 https://errata.almalinux.org/8/ALSA-2024-6908.html https://errata.almalinux.org/8/ALSA-2024-7135.html https://errata.almalinux.org/8/ALSA-2024-7262.html https://errata.almalinux.org/8/ALSA-2024-8038.html https://errata.almalinux.org/9/ALSA-2024-11216.html https://errata.almalinux.org/9/ALSA-2024-11217.html https://errata.almalinux.org/9/ALSA-2024-6913.html https://errata.almalinux.org/9/ALSA-2024-6946.html https://errata.almalinux.org/9/ALSA-2024-6947.html https://errata.almalinux.org/9/ALSA-2024-7136.html https://errata.almalinux.org/9/ALSA-2024-7204.html https://errata.almalinux.org/9/ALSA-2024-8039.html https://errata.almalinux.org/9/ALSA-2024-8110.html https://errata.almalinux.org/9/ALSA-2024-8111.html https://errata.almalinux.org/9/ALSA-2024-8112.html https://errata.almalinux.org/9/ALSA-2024-9454.html https://errata.almalinux.org/9/ALSA-2024-9456.html https://errata.almalinux.org/9/ALSA-2024-9459.html https://errata.almalinux.org/9/ALSA-2024-9472.html https://errata.almalinux.org/9/ALSA-2024-9473.html View more

Red Hat: CVE-2024-8394: thunderbird: Crash when aborting verification of OTR chat (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/06/2024 Created 09/18/2024 Added 09/18/2024 Modified 09/18/2024 Description When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2. Solution(s) redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-8394 RHSA-2024:6683 RHSA-2024:6684 RHSA-2024:6719 RHSA-2024:6720

Alma Linux: CVE-2024-34155: Important: go-toolset:rhel8 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/06/2024 Created 09/27/2024 Added 09/26/2024 Modified 11/19/2024 Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-delve alma-upgrade-fuse-overlayfs alma-upgrade-go-toolset alma-upgrade-golang alma-upgrade-golang-bin alma-upgrade-golang-docs alma-upgrade-golang-misc alma-upgrade-golang-src alma-upgrade-golang-tests alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2024-34155 CVE - 2024-34155 https://errata.almalinux.org/8/ALSA-2024-6908.html https://errata.almalinux.org/8/ALSA-2024-8038.html https://errata.almalinux.org/9/ALSA-2024-6913.html https://errata.almalinux.org/9/ALSA-2024-8039.html https://errata.almalinux.org/9/ALSA-2024-8112.html https://errata.almalinux.org/9/ALSA-2024-9454.html https://errata.almalinux.org/9/ALSA-2024-9459.html View more

Debian: CVE-2024-42491: asterisk -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/05/2024 Created 10/23/2024 Added 10/22/2024 Modified 10/22/2024 Description Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations. Solution(s) debian-upgrade-asterisk References https://attackerkb.com/topics/cve-2024-42491 CVE - 2024-42491 DLA-3925-1

Alpine Linux: CVE-2024-42491: Vulnerability in Multiple Components Severity 6 CVSS (AV:N/AC:M/Au:S/C:N/I:N/A:C) Published 09/05/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/10/2024 Description Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations. Solution(s) alpine-linux-upgrade-asterisk References https://attackerkb.com/topics/cve-2024-42491 CVE - 2024-42491 https://security.alpinelinux.org/vuln/CVE-2024-42491

FreeBSD: (Multiple Advisories) (CVE-2024-45287): FreeBSD -- Integer overflow in libnv Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/05/2024 Created 09/10/2024 Added 09/06/2024 Modified 01/28/2025 Description A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. Solution(s) freebsd-upgrade-base-13_3-release-p6 freebsd-upgrade-base-13_3-release-p7 freebsd-upgrade-base-13_4-release-p1 freebsd-upgrade-base-14_0-release-p10 freebsd-upgrade-base-14_0-release-p11 freebsd-upgrade-base-14_1-release-p4 freebsd-upgrade-base-14_1-release-p5 References CVE-2024-45287

Alpine Linux: CVE-2024-45158: Vulnerability in Multiple Components Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/05/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/02/2024 Description An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.) Solution(s) alpine-linux-upgrade-mbedtls References https://attackerkb.com/topics/cve-2024-45158 CVE - 2024-45158 https://security.alpinelinux.org/vuln/CVE-2024-45158

Alpine Linux: CVE-2024-45157: Vulnerability in Multiple Components Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/05/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/02/2024 Description An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled. Solution(s) alpine-linux-upgrade-mbedtls References https://attackerkb.com/topics/cve-2024-45157 CVE - 2024-45157 https://security.alpinelinux.org/vuln/CVE-2024-45157

Amazon Linux AMI 2: CVE-2024-44974: Security patch for kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/04/2024 Created 10/03/2024 Added 10/03/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to be read later on. If the entry is dereferenced after the RCU unlock, reading info could cause a Use-after-Free. A simple solution is to copy the required info while inside the RCU protected section to avoid any risk of UaF later. The address ID might need to be modified later to handle the ID0 case later, so a copy seems OK to deal with. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-226-214-879 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-167-112-165 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2024-44974 AL2/ALASKERNEL-5.10-2024-070 AL2/ALASKERNEL-5.15-2024-055 CVE - 2024-44974

FreeBSD: VID-9BD5E47B-6B50-11EF-9A62-002590C1F29C (CVE-2024-8178): FreeBSD -- Multiple issues in ctl(4) CAM Target Layer Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/04/2024 Created 09/10/2024 Added 09/06/2024 Modified 01/28/2025 Description The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. Solution(s) freebsd-upgrade-base-13_3-release-p6 freebsd-upgrade-base-14_0-release-p10 freebsd-upgrade-base-14_1-release-p4 References CVE-2024-8178

Debian: CVE-2024-45000: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/04/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: fs/netfs/fscache_cookie: add missing "n_accesses" check This fixes a NULL pointer dereference bug due to a data race which looks like this: BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018 Workqueue: events_unbound netfs_rreq_write_to_cache_work RIP: 0010:cachefiles_prepare_write+0x30/0xa0 Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 <48> 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10 RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286 RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000 RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438 RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001 R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68 R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00 FS:0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000 CS:0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0 Call Trace: <TASK> ? __die+0x1f/0x70 ? page_fault_oops+0x15d/0x440 ? search_module_extables+0xe/0x40 ? fixup_exception+0x22/0x2f0 ? exc_page_fault+0x5f/0x100 ? asm_exc_page_fault+0x22/0x30 ? cachefiles_prepare_write+0x30/0xa0 netfs_rreq_write_to_cache_work+0x135/0x2e0 process_one_work+0x137/0x2c0 worker_thread+0x2e9/0x400 ? __pfx_worker_thread+0x10/0x10 kthread+0xcc/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Modules linked in: CR2: 0000000000000008 ---[ end trace 0000000000000000 ]--- This happened because fscache_cookie_state_machine() was slow and was still running while another process invoked fscache_unuse_cookie(); this led to a fscache_cookie_lru_do_one() call, setting the FSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by fscache_cookie_state_machine(), withdrawing the cookie via cachefiles_withdraw_cookie(), clearing cookie->cache_priv. At the same time, yet another process invoked cachefiles_prepare_write(), which found a NULL pointer in this code line: struct cachefiles_object *object = cachefiles_cres_object(cres); The next line crashes, obviously: struct cachefiles_cache *cache = object->volume->cache; During cachefiles_prepare_write(), the "n_accesses" counter is non-zero (via fscache_begin_operation()).The cookie must not be withdrawn until it drops to zero. The counter is checked by fscache_cookie_state_machine() before switching to FSCACHE_COOKIE_STATE_RELINQUISHING and FSCACHE_COOKIE_STATE_WITHDRAWING (in "case FSCACHE_COOKIE_STATE_FAILED"), but not for FSCACHE_COOKIE_STATE_LRU_DISCARDING ("case FSCACHE_COOKIE_STATE_ACTIVE"). This patch adds the missing check.With a non-zero access counter, the function returns and the next fscache_end_cookie_access() call will queue another fscache_cookie_state_machine() call to handle the still-pending FSCACHE_COOKIE_DO_LRU_DISCARD. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-45000 CVE - 2024-45000 DSA-5782-1

Debian: CVE-2024-44990: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/04/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-44990 CVE - 2024-44990 DSA-5782-1

Debian: CVE-2024-44968: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/04/2024 Created 09/07/2024 Added 09/06/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers hoist the access into the non-preemptible region where the pointer is actually used. But of course it's valid that the compiler keeps it at the place where the code puts it which rightfully triggers: BUG: using smp_processor_id() in preemptible [00000000] code: caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0 Move it to the actual usage site which is in a non-preemptible region. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-44968 CVE - 2024-44968 DLA-3912-1

Debian: CVE-2024-45008: linux, linux-6.1 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/04/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/03/2025 Description In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this patch chose 1024. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-45008 CVE - 2024-45008 DSA-5782-1