ISHACK AI BOT

Huawei EulerOS: CVE-2024-45008: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/04/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this patch chose 1024. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-45008 CVE - 2024-45008 EulerOS-SA-2024-2983

Oracle Linux: CVE-2024-44965: ELSA-2024-12782: Unbreakable Enterprise kernel-container security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/04/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pti_clone_pgtable() alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then #DF from the stack guard. It turned out that pti_clone_pgtable() had alignment assumptions on the start address, notably it hard assumes start is PMD aligned. This is true on x86_64, but very much not true on i386. These assumptions can cause the end condition to malfunction, leading to a 'short' clone. Guess what happens when the user mapping has a short copy of the entry text? Use the correct increment form for addr to avoid alignment assumptions. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-44965 CVE - 2024-44965 ELSA-2024-12782 ELSA-2024-12780 ELSA-2024-12815

Oracle Linux: CVE-2024-44958: ELSA-2024-12815: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/04/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance sched_smt_present dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0 Call Trace: <TASK> __static_key_slow_dec_cpuslocked+0x16/0x70 sched_cpu_deactivate+0x26e/0x2a0 cpuhp_invoke_callback+0x3ad/0x10d0 cpuhp_thread_fun+0x3f5/0x680 smpboot_thread_fn+0x56d/0x8d0 kthread+0x309/0x400 ret_from_fork+0x41/0x70 ret_from_fork_asm+0x1b/0x30 </TASK> Because when cpuset_cpu_inactive() fails in sched_cpu_deactivate(), the cpu offline failed, but sched_smt_present is decremented before calling sched_cpu_deactivate(), it leads to unbalanced dec/inc, so fix it by incrementing sched_smt_present in the error path. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-44958 CVE - 2024-44958 ELSA-2024-12815

Huawei EulerOS: CVE-2024-44995: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/04/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start ¦ ? ...... setup tc ¦ ¦? ?DOWN: napi_disable() napi_disable()(skip) ¦ ¦¦ ?? ............ ¦¦ ?¦ napi_enable()¦ ? UINIT: netif_napi_del() ¦ ? ...... ¦ ? INIT: netif_napi_add() ¦ ? ...... global reset start ¦¦ ?? UP: napi_enable()(skip)...... ¦¦ ?? ...... napi_disable() In reset process, the driver will DOWN the port and then UINIT, in this case, the setup tc process will UP the port before UINIT, so cause the problem. Adds a DOWN process in UINIT to fix it. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-44995 CVE - 2024-44995 EulerOS-SA-2024-2953

Debian: CVE-2024-44949: linux, linux-6.1 -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/04/2024 Created 12/03/2024 Added 12/02/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that's the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-44949 CVE - 2024-44949 DSA-5818-1

Debian: CVE-2024-8382: firefox-esr, thunderbird -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/06/2024 Added 09/05/2024 Modified 01/28/2025 Description Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-8382 CVE - 2024-8382 DLA-3869-1 DSA-5765-1

Ubuntu: (Multiple Advisories) (CVE-2024-8389): Firefox vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/07/2024 Added 09/06/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-8389 CVE - 2024-8389 USN-6992-1 USN-6992-2

MFSA2024-39 Firefox: Security Vulnerabilities fixed in Firefox 130 (CVE-2024-8385) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/05/2024 Added 09/05/2024 Modified 01/28/2025 Description A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. Solution(s) mozilla-firefox-upgrade-130_0 References https://attackerkb.com/topics/cve-2024-8385 CVE - 2024-8385 http://www.mozilla.org/security/announce/2024/mfsa2024-39.html

MFSA2024-41 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.15 (CVE-2024-8384) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/05/2024 Added 09/05/2024 Modified 01/28/2025 Description The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. Solution(s) mozilla-firefox-esr-upgrade-115_15 References https://attackerkb.com/topics/cve-2024-8384 CVE - 2024-8384 http://www.mozilla.org/security/announce/2024/mfsa2024-41.html

MFSA2024-39 Firefox: Security Vulnerabilities fixed in Firefox 130 (CVE-2024-8381) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/05/2024 Added 09/05/2024 Modified 01/28/2025 Description A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. Solution(s) mozilla-firefox-upgrade-130_0 References https://attackerkb.com/topics/cve-2024-8381 CVE - 2024-8381 http://www.mozilla.org/security/announce/2024/mfsa2024-39.html

MFSA2024-40 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.2 (CVE-2024-8387) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/05/2024 Added 09/05/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. Solution(s) mozilla-firefox-esr-upgrade-128_2 References https://attackerkb.com/topics/cve-2024-8387 CVE - 2024-8387 http://www.mozilla.org/security/announce/2024/mfsa2024-40.html

MFSA2024-40 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.2 (CVE-2024-8382) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/05/2024 Added 09/05/2024 Modified 01/28/2025 Description Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. Solution(s) mozilla-firefox-esr-upgrade-128_2 References https://attackerkb.com/topics/cve-2024-8382 CVE - 2024-8382 http://www.mozilla.org/security/announce/2024/mfsa2024-40.html

MFSA2024-40 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.2 (CVE-2024-8383) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 09/03/2024 Created 09/05/2024 Added 09/05/2024 Modified 01/30/2025 Description Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. Solution(s) mozilla-firefox-esr-upgrade-128_2 References https://attackerkb.com/topics/cve-2024-8383 CVE - 2024-8383 http://www.mozilla.org/security/announce/2024/mfsa2024-40.html

Huawei EulerOS: CVE-2024-6232: python3 security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/03/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. Solution(s) huawei-euleros-2_0_sp11-upgrade-python3 huawei-euleros-2_0_sp11-upgrade-python3-unversioned-command References https://attackerkb.com/topics/cve-2024-6232 CVE - 2024-6232 EulerOS-SA-2024-2985

Huawei EulerOS: CVE-2024-45310: docker-runc security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/03/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3. Some workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual user on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested. Solution(s) huawei-euleros-2_0_sp11-upgrade-docker-runc References https://attackerkb.com/topics/cve-2024-45310 CVE - 2024-45310 EulerOS-SA-2024-2979

MFSA2024-41 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.15 (CVE-2024-8382) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/05/2024 Added 09/05/2024 Modified 01/28/2025 Description Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. Solution(s) mozilla-firefox-esr-upgrade-115_15 References https://attackerkb.com/topics/cve-2024-8382 CVE - 2024-8382 http://www.mozilla.org/security/announce/2024/mfsa2024-41.html

FreeBSD: VID-A3A1CAF5-6BA1-11EF-B9E8-B42E991FC52E (CVE-2024-8381): firefox -- multiple vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/10/2024 Added 09/06/2024 Modified 01/28/2025 Description A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. Solution(s) freebsd-upgrade-package-firefox References CVE-2024-8381

FreeBSD: VID-A3A1CAF5-6BA1-11EF-B9E8-B42E991FC52E (CVE-2024-8383): firefox -- multiple vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 09/03/2024 Created 09/10/2024 Added 09/06/2024 Modified 01/28/2025 Description Firefox normally asks for confirmation before asking the operating system to find an application to handle a scheme that the browser does not support. It did not ask before doing so for the Usenet-related schemes news: and snews:. Since most operating systems don't have a trusted newsreader installed by default, an unscrupulous program that the user downloaded could register itself as a handler. The website that served the application download could then launch that application at will. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Firefox ESR < 115.15. Solution(s) freebsd-upgrade-package-firefox References CVE-2024-8383

FreeBSD: VID-A3A1CAF5-6BA1-11EF-B9E8-B42E991FC52E (CVE-2024-8385): firefox -- multiple vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/10/2024 Added 09/06/2024 Modified 01/28/2025 Description A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. Solution(s) freebsd-upgrade-package-firefox References CVE-2024-8385

Oracle Linux: CVE-2024-8385: ELSA-2024-6683:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 11/13/2024 Added 10/16/2024 Modified 01/17/2025 Description A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox &lt; 130, Firefox ESR &lt; 128.2, and Thunderbird &lt; 128.2. The Mozilla Foundation&apos;s Security Advisory: A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-8385 CVE - 2024-8385 ELSA-2024-6683 ELSA-2024-6684 ELSA-2024-6681 ELSA-2024-6682 ELSA-2024-6838

FreeBSD: VID-FCB0E00F-D7D3-49B6-A4A1-852528230912 (CVE-2024-7970): electron31 -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 10/26/2024 Added 10/25/2024 Modified 01/28/2025 Description Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-electron31 References CVE-2024-7970

Oracle Linux: CVE-2024-8387: ELSA-2024-6683:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 11/13/2024 Added 10/16/2024 Modified 01/17/2025 Description Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox &lt; 130, Firefox ESR &lt; 128.2, and Thunderbird &lt; 128.2. The Mozilla Foundation&apos;s Security Advisory: Memory safety bugs are present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort, some of these could have been exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-8387 CVE - 2024-8387 ELSA-2024-6683 ELSA-2024-6684 ELSA-2024-6681 ELSA-2024-6682 ELSA-2024-6838

Oracle Linux: CVE-2024-6232: ELSA-2024-6975:python3 security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/03/2024 Created 10/24/2024 Added 10/16/2024 Modified 01/07/2025 Description There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives. A regular expression denial of service (ReDos) vulnerability was found in Python&apos;s tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive. Solution(s) oracle-linux-upgrade-platform-python oracle-linux-upgrade-platform-python-debug oracle-linux-upgrade-platform-python-devel oracle-linux-upgrade-python3 oracle-linux-upgrade-python3-11 oracle-linux-upgrade-python3-11-debug oracle-linux-upgrade-python3-11-devel oracle-linux-upgrade-python3-11-idle oracle-linux-upgrade-python3-11-libs oracle-linux-upgrade-python3-11-rpm-macros oracle-linux-upgrade-python3-11-test oracle-linux-upgrade-python3-11-tkinter oracle-linux-upgrade-python3-12 oracle-linux-upgrade-python3-12-debug oracle-linux-upgrade-python3-12-devel oracle-linux-upgrade-python3-12-idle oracle-linux-upgrade-python3-12-libs oracle-linux-upgrade-python3-12-rpm-macros oracle-linux-upgrade-python3-12-test oracle-linux-upgrade-python3-12-tkinter oracle-linux-upgrade-python39 oracle-linux-upgrade-python39-cffi oracle-linux-upgrade-python39-chardet oracle-linux-upgrade-python39-cryptography oracle-linux-upgrade-python39-debug oracle-linux-upgrade-python39-devel oracle-linux-upgrade-python39-idle oracle-linux-upgrade-python39-idna oracle-linux-upgrade-python39-libs oracle-linux-upgrade-python39-lxml oracle-linux-upgrade-python39-mod-wsgi oracle-linux-upgrade-python39-numpy oracle-linux-upgrade-python39-numpy-doc oracle-linux-upgrade-python39-numpy-f2py oracle-linux-upgrade-python39-pip oracle-linux-upgrade-python39-pip-wheel oracle-linux-upgrade-python39-ply oracle-linux-upgrade-python39-psutil oracle-linux-upgrade-python39-psycopg2 oracle-linux-upgrade-python39-psycopg2-doc oracle-linux-upgrade-python39-psycopg2-tests oracle-linux-upgrade-python39-pycparser oracle-linux-upgrade-python39-pymysql oracle-linux-upgrade-python39-pysocks oracle-linux-upgrade-python39-pyyaml oracle-linux-upgrade-python39-requests oracle-linux-upgrade-python39-rpm-macros oracle-linux-upgrade-python39-scipy oracle-linux-upgrade-python39-setuptools oracle-linux-upgrade-python39-setuptools-wheel oracle-linux-upgrade-python39-six oracle-linux-upgrade-python39-test oracle-linux-upgrade-python39-tkinter oracle-linux-upgrade-python39-toml oracle-linux-upgrade-python39-urllib3 oracle-linux-upgrade-python39-wheel oracle-linux-upgrade-python39-wheel-wheel oracle-linux-upgrade-python3-debug oracle-linux-upgrade-python3-devel oracle-linux-upgrade-python3-idle oracle-linux-upgrade-python3-libs oracle-linux-upgrade-python3-test oracle-linux-upgrade-python3-tkinter oracle-linux-upgrade-python-unversioned-command References https://attackerkb.com/topics/cve-2024-6232 CVE - 2024-6232 ELSA-2024-6975 ELSA-2024-8447 ELSA-2024-8836 ELSA-2024-8446 ELSA-2024-8374 ELSA-2024-8359 ELSA-2024-8838 ELSA-2024-9468 ELSA-2024-9451 ELSA-2024-9450 View more

Oracle Linux: CVE-2024-8382: ELSA-2024-6683:thunderbird security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/17/2025 Description Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. This vulnerability affects Firefox &lt; 130, Firefox ESR &lt; 128.2, Firefox ESR &lt; 115.15, Thunderbird &lt; 128.2, and Thunderbird &lt; 115.15. The Mozilla Foundation&apos;s Security Advisory: Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks ran for those events. Web content that tried to use those interfaces would not be able to use them with elevated privileges, but their presence would indicate certain browser features had been used, such as when a user opened the Dev Tools console. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-8382 CVE - 2024-8382 ELSA-2024-6683 ELSA-2024-6684 ELSA-2024-6681 ELSA-2024-6682 ELSA-2024-6838

FreeBSD: VID-FCB0E00F-D7D3-49B6-A4A1-852528230912 (CVE-2024-8362): electron31 -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 10/26/2024 Added 10/25/2024 Modified 01/28/2025 Description Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-electron31 References CVE-2024-8362