ISHACK AI BOT

Amazon Linux 2023: CVE-2024-45616: Low priority package update for opensc Severity 4 CVSS (AV:L/AC:H/Au:N/C:P/I:P/A:P) Published 09/02/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card. Solution(s) amazon-linux-2023-upgrade-opensc amazon-linux-2023-upgrade-opensc-debuginfo amazon-linux-2023-upgrade-opensc-debugsource References https://attackerkb.com/topics/cve-2024-45616 CVE - 2024-45616 https://alas.aws.amazon.com/AL2023/ALAS-2024-775.html

MFSA2024-40 Firefox: Security Vulnerabilities fixed in Firefox ESR 128.2 (CVE-2024-8384) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/03/2024 Created 09/05/2024 Added 09/05/2024 Modified 01/28/2025 Description The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, Firefox ESR < 115.15, Thunderbird < 128.2, and Thunderbird < 115.15. Solution(s) mozilla-firefox-esr-upgrade-128_2 References https://attackerkb.com/topics/cve-2024-8384 CVE - 2024-8384 http://www.mozilla.org/security/announce/2024/mfsa2024-40.html

Debian: CVE-2024-44944: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/02/2024 Created 09/03/2024 Added 09/02/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-44944 CVE - 2024-44944 DLA-3912-1

Ubuntu: (Multiple Advisories) (CVE-2024-23184): Dovecot vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/02/2024 Created 09/04/2024 Added 09/03/2024 Modified 09/17/2024 Description Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. An external attacker can send specially crafted messages that consume target system resources and cause outage. One can implement restrictions on address headers on MTA component preceding Dovecot. No publicly available exploits are known. Solution(s) ubuntu-upgrade-dovecot-core References https://attackerkb.com/topics/cve-2024-23184 CVE - 2024-23184 USN-6982-1 USN-7013-1

Amazon Linux 2023: CVE-2024-45619: Low priority package update for opensc Severity 5 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:P) Published 09/02/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. Solution(s) amazon-linux-2023-upgrade-opensc amazon-linux-2023-upgrade-opensc-debuginfo amazon-linux-2023-upgrade-opensc-debugsource References https://attackerkb.com/topics/cve-2024-45619 CVE - 2024-45619 https://alas.aws.amazon.com/AL2023/ALAS-2024-775.html

Amazon Linux 2023: CVE-2024-45615: Low priority package update for opensc Severity 4 CVSS (AV:L/AC:H/Au:N/C:P/I:P/A:P) Published 09/02/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missinginitialization of variables expected to be initialized (as arguments to other functions, etc.). Solution(s) amazon-linux-2023-upgrade-opensc amazon-linux-2023-upgrade-opensc-debuginfo amazon-linux-2023-upgrade-opensc-debugsource References https://attackerkb.com/topics/cve-2024-45615 CVE - 2024-45615 https://alas.aws.amazon.com/AL2023/ALAS-2024-775.html

Ubuntu: (Multiple Advisories) (CVE-2024-23185): Dovecot vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/02/2024 Created 09/04/2024 Added 09/03/2024 Modified 09/17/2024 Description Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known. Solution(s) ubuntu-upgrade-dovecot-core References https://attackerkb.com/topics/cve-2024-23185 CVE - 2024-23185 USN-6982-1 USN-7013-1

Debian: CVE-2024-44947: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/02/2024 Created 10/08/2024 Added 10/07/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-44947 CVE - 2024-44947 DSA-5782-1

Amazon Linux 2023: CVE-2024-45618: Low priority package update for opensc Severity 4 CVSS (AV:L/AC:H/Au:N/C:P/I:P/A:P) Published 09/02/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. Solution(s) amazon-linux-2023-upgrade-opensc amazon-linux-2023-upgrade-opensc-debuginfo amazon-linux-2023-upgrade-opensc-debugsource References https://attackerkb.com/topics/cve-2024-45618 CVE - 2024-45618 https://alas.aws.amazon.com/AL2023/ALAS-2024-775.html

Ubuntu: (Multiple Advisories) (CVE-2024-44947): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/02/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). Solution(s) ubuntu-upgrade-linux-image-4-15-0-1138-oracle ubuntu-upgrade-linux-image-4-15-0-1159-kvm ubuntu-upgrade-linux-image-4-15-0-1169-gcp ubuntu-upgrade-linux-image-4-15-0-1176-aws ubuntu-upgrade-linux-image-4-15-0-1184-azure ubuntu-upgrade-linux-image-4-15-0-232-generic ubuntu-upgrade-linux-image-4-15-0-232-lowlatency ubuntu-upgrade-linux-image-4-4-0-1139-aws ubuntu-upgrade-linux-image-4-4-0-1140-kvm ubuntu-upgrade-linux-image-4-4-0-1177-aws ubuntu-upgrade-linux-image-4-4-0-262-generic ubuntu-upgrade-linux-image-4-4-0-262-lowlatency ubuntu-upgrade-linux-image-5-15-0-1038-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1055-gkeop ubuntu-upgrade-linux-image-5-15-0-1065-ibm ubuntu-upgrade-linux-image-5-15-0-1065-raspi ubuntu-upgrade-linux-image-5-15-0-1067-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1067-nvidia ubuntu-upgrade-linux-image-5-15-0-1067-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1069-gke ubuntu-upgrade-linux-image-5-15-0-1069-kvm ubuntu-upgrade-linux-image-5-15-0-1070-oracle ubuntu-upgrade-linux-image-5-15-0-1071-gcp ubuntu-upgrade-linux-image-5-15-0-1072-aws ubuntu-upgrade-linux-image-5-15-0-1075-azure ubuntu-upgrade-linux-image-5-15-0-1078-azure ubuntu-upgrade-linux-image-5-15-0-125-generic ubuntu-upgrade-linux-image-5-15-0-125-generic-64k ubuntu-upgrade-linux-image-5-15-0-125-generic-lpae ubuntu-upgrade-linux-image-5-15-0-125-lowlatency ubuntu-upgrade-linux-image-5-15-0-125-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1044-iot ubuntu-upgrade-linux-image-5-4-0-1054-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1082-ibm ubuntu-upgrade-linux-image-5-4-0-1094-bluefield ubuntu-upgrade-linux-image-5-4-0-1102-gkeop ubuntu-upgrade-linux-image-5-4-0-1119-raspi ubuntu-upgrade-linux-image-5-4-0-1123-kvm ubuntu-upgrade-linux-image-5-4-0-1134-oracle ubuntu-upgrade-linux-image-5-4-0-1135-aws ubuntu-upgrade-linux-image-5-4-0-1139-azure ubuntu-upgrade-linux-image-5-4-0-1139-gcp ubuntu-upgrade-linux-image-5-4-0-1140-azure ubuntu-upgrade-linux-image-5-4-0-200-generic ubuntu-upgrade-linux-image-5-4-0-200-generic-lpae ubuntu-upgrade-linux-image-5-4-0-200-lowlatency ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1015-gke ubuntu-upgrade-linux-image-6-8-0-1016-raspi ubuntu-upgrade-linux-image-6-8-0-1017-ibm ubuntu-upgrade-linux-image-6-8-0-1017-oracle ubuntu-upgrade-linux-image-6-8-0-1017-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1018-oem ubuntu-upgrade-linux-image-6-8-0-1019-gcp ubuntu-upgrade-linux-image-6-8-0-1019-nvidia ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1020-aws ubuntu-upgrade-linux-image-6-8-0-1020-azure ubuntu-upgrade-linux-image-6-8-0-1020-azure-fde ubuntu-upgrade-linux-image-6-8-0-50-generic ubuntu-upgrade-linux-image-6-8-0-50-generic-64k ubuntu-upgrade-linux-image-6-8-0-50-lowlatency ubuntu-upgrade-linux-image-6-8-0-50-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-44947 CVE - 2024-44947 USN-7088-1 USN-7088-2 USN-7088-3 USN-7088-4 USN-7088-5 USN-7100-1 USN-7100-2 USN-7119-1 USN-7123-1 USN-7144-1 USN-7154-1 USN-7154-2 USN-7155-1 USN-7156-1 USN-7183-1 USN-7184-1 USN-7185-1 USN-7185-2 USN-7194-1 USN-7196-1 View more

Huawei EulerOS: CVE-2024-44947: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/02/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-44947 CVE - 2024-44947 EulerOS-SA-2024-2983

Red Hat: CVE-2024-44947: kernel: fuse: Initialize beyond-EOF page contents before setting uptodate (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/02/2024 Created 12/06/2024 Added 12/05/2024 Modified 12/05/2024 Description In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of the page that are beyond end-of-file) before marking the page uptodate. The current code can leave beyond-EOF page contents uninitialized, which makes these uninitialized page contents visible to userspace via mmap(). This is an information leak, but only affects systems which do not enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the corresponding kernel command line parameter). Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-44947 RHSA-2024:9315

Red Hat: CVE-2024-45491: libexpat: Integer Overflow or Wraparound (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 09/20/2024 Added 09/19/2024 Modified 11/07/2024 Description An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) redhat-upgrade-expat redhat-upgrade-expat-debuginfo redhat-upgrade-expat-debugsource redhat-upgrade-expat-devel redhat-upgrade-xmlrpc-c redhat-upgrade-xmlrpc-c-apps-debuginfo redhat-upgrade-xmlrpc-c-c redhat-upgrade-xmlrpc-c-c-debuginfo redhat-upgrade-xmlrpc-c-client redhat-upgrade-xmlrpc-c-client-debuginfo redhat-upgrade-xmlrpc-c-debuginfo redhat-upgrade-xmlrpc-c-debugsource redhat-upgrade-xmlrpc-c-devel References CVE-2024-45491 RHSA-2024:6754 RHSA-2024:6989 RHSA-2024:8859

Debian: CVE-2024-4741: openssl -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/02/2024 Created 09/03/2024 Added 09/02/2024 Modified 12/02/2024 Description Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) debian-upgrade-openssl References https://attackerkb.com/topics/cve-2024-4741 CVE - 2024-4741 DLA-3942-1

VMware Photon OS: CVE-2024-45306 Severity 4 CVSS (AV:L/AC:H/Au:N/C:P/I:P/A:P) Published 09/02/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-45306 CVE - 2024-45306

Red Hat: CVE-2024-45492: libexpat: integer overflow (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 09/20/2024 Added 09/19/2024 Modified 09/25/2024 Description An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) redhat-upgrade-expat redhat-upgrade-expat-debuginfo redhat-upgrade-expat-debugsource redhat-upgrade-expat-devel References CVE-2024-45492 RHSA-2024:6754 RHSA-2024:6989

Huawei EulerOS: CVE-2024-45492: expat security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/30/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) huawei-euleros-2_0_sp11-upgrade-expat References https://attackerkb.com/topics/cve-2024-45492 CVE - 2024-45492 EulerOS-SA-2024-2980

Huawei EulerOS: CVE-2024-45491: xmlrpc-c security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/30/2024 Created 12/13/2024 Added 12/12/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) huawei-euleros-2_0_sp11-upgrade-xmlrpc-c-help References https://attackerkb.com/topics/cve-2024-45491 CVE - 2024-45491 EulerOS-SA-2024-2990

Alma Linux: CVE-2024-45492: Moderate: expat security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/30/2024 Created 09/24/2024 Added 09/23/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Solution(s) alma-upgrade-expat alma-upgrade-expat-devel References https://attackerkb.com/topics/cve-2024-45492 CVE - 2024-45492 https://errata.almalinux.org/8/ALSA-2024-6989.html https://errata.almalinux.org/9/ALSA-2024-6754.html

Oracle Linux: CVE-2024-45491: ELSA-2024-6754:expat security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 10/24/2024 Added 10/16/2024 Modified 01/07/2025 Description An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX. Solution(s) oracle-linux-upgrade-expat oracle-linux-upgrade-expat-devel oracle-linux-upgrade-xmlrpc-c oracle-linux-upgrade-xmlrpc-c-c oracle-linux-upgrade-xmlrpc-c-client oracle-linux-upgrade-xmlrpc-c-devel References https://attackerkb.com/topics/cve-2024-45491 CVE - 2024-45491 ELSA-2024-6754 ELSA-2024-6989 ELSA-2024-8859

Amazon Linux AMI 2: CVE-2024-45490: Security patch for expat (ALAS-2024-2710) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 12/21/2024 Added 12/20/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. Solution(s) amazon-linux-ami-2-upgrade-expat amazon-linux-ami-2-upgrade-expat-debuginfo amazon-linux-ami-2-upgrade-expat-devel amazon-linux-ami-2-upgrade-expat-static References https://attackerkb.com/topics/cve-2024-45490 AL2/ALAS-2024-2710 CVE - 2024-45490

Amazon Linux AMI 2: CVE-2024-44944: Security patch for kernel (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/30/2024 Created 09/17/2024 Added 09/16/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-353-270-569 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-224-212-876 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-165-110-161 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2024-44944 AL2/ALAS-2024-2658 AL2/ALASKERNEL-5.10-2024-069 AL2/ALASKERNEL-5.15-2024-051 AL2/ALASKERNEL-5.4-2024-083 CVE - 2024-44944

Alma Linux: CVE-2024-8235: Moderate: libvirt security update (ALSA-2024-9128) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterfaced. This issue could allow clients connecting to the read-only socket to crash the virtinterfaced daemon. Solution(s) alma-upgrade-libvirt alma-upgrade-libvirt-client alma-upgrade-libvirt-client-qemu alma-upgrade-libvirt-daemon alma-upgrade-libvirt-daemon-common alma-upgrade-libvirt-daemon-config-network alma-upgrade-libvirt-daemon-config-nwfilter alma-upgrade-libvirt-daemon-driver-interface alma-upgrade-libvirt-daemon-driver-network alma-upgrade-libvirt-daemon-driver-nodedev alma-upgrade-libvirt-daemon-driver-nwfilter alma-upgrade-libvirt-daemon-driver-qemu alma-upgrade-libvirt-daemon-driver-secret alma-upgrade-libvirt-daemon-driver-storage alma-upgrade-libvirt-daemon-driver-storage-core alma-upgrade-libvirt-daemon-driver-storage-disk alma-upgrade-libvirt-daemon-driver-storage-iscsi alma-upgrade-libvirt-daemon-driver-storage-logical alma-upgrade-libvirt-daemon-driver-storage-mpath alma-upgrade-libvirt-daemon-driver-storage-rbd alma-upgrade-libvirt-daemon-driver-storage-scsi alma-upgrade-libvirt-daemon-kvm alma-upgrade-libvirt-daemon-lock alma-upgrade-libvirt-daemon-log alma-upgrade-libvirt-daemon-plugin-lockd alma-upgrade-libvirt-daemon-plugin-sanlock alma-upgrade-libvirt-daemon-proxy alma-upgrade-libvirt-devel alma-upgrade-libvirt-docs alma-upgrade-libvirt-libs alma-upgrade-libvirt-nss alma-upgrade-libvirt-ssh-proxy References https://attackerkb.com/topics/cve-2024-8235 CVE - 2024-8235 https://errata.almalinux.org/9/ALSA-2024-9128.html

Huawei EulerOS: CVE-2024-44944: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/30/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-44944 CVE - 2024-44944 EulerOS-SA-2024-2888

FreeBSD: (Multiple Advisories) (CVE-2024-45490): qt6-webengine -- Multiple vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/30/2024 Created 10/01/2024 Added 09/29/2024 Modified 01/28/2025 Description An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. Solution(s) freebsd-upgrade-package-expat freebsd-upgrade-package-qt5-webengine freebsd-upgrade-package-qt6-webengine References CVE-2024-45490