ISHACK AI BOT

Debian: CVE-2024-42472: flatpak -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/15/2024 Created 08/20/2024 Added 08/19/2024 Modified 08/19/2024 Description Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox. Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code. For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission. Solution(s) debian-upgrade-flatpak References https://attackerkb.com/topics/cve-2024-42472 CVE - 2024-42472 DSA-5749-1

Oracle Linux: CVE-2024-23185: ELSA-2024-6529:dovecot security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 08/15/2024 Created 10/18/2024 Added 10/16/2024 Modified 12/01/2024 Description Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser, it starts building up "full_value" buffer out of the smaller chunks. The full_value buffer has no size limit, so large headers can cause large memory usage. It doesn't matter whether it's a single long header line, or a single header split into multiple lines. This bug exists in all Dovecot versions. Incoming mails typically have some size limits set by MTA, so even largest possible header size may still fit into Dovecot's vsz_limit. So attackers probably can't DoS a victim user this way. A user could APPEND larger mails though, allowing them to DoS themselves (although maybe cause some memory issues for the backend in general). One can implement restrictions on headers on MTA component preceding Dovecot. No publicly available exploits are known. A security issue was found in Dovecot. Very large headers can lead to resource exhaustion when parsing messages. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to the message-header-parser, it starts building up a "full_value" buffer out of the smaller chunks. The full_value buffer has no size limit so large headers can cause large memory usage. This issue occurs whether it is a single long header line or a single header split into multiple lines. Solution(s) oracle-linux-upgrade-dovecot oracle-linux-upgrade-dovecot-devel oracle-linux-upgrade-dovecot-mysql oracle-linux-upgrade-dovecot-pgsql oracle-linux-upgrade-dovecot-pigeonhole References https://attackerkb.com/topics/cve-2024-23185 CVE - 2024-23185 ELSA-2024-6529 ELSA-2024-6973

Nginx: Buffer overread in the ngx_http_mp4_module (CVE-2024-7347) Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:N/A:C) Published 08/15/2024 Created 08/16/2024 Added 08/15/2024 Modified 01/28/2025 Description NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) nginx-nginx-upgrade-1_26_2 nginx-nginx-upgrade-1_27_1 References https://attackerkb.com/topics/cve-2024-7347 CVE - 2024-7347

Alpine Linux: CVE-2024-42472: Vulnerability in Multiple Components Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 08/15/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/02/2024 Description Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox. Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code. For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission. Solution(s) alpine-linux-upgrade-bubblewrap alpine-linux-upgrade-flatpak References https://attackerkb.com/topics/cve-2024-42472 CVE - 2024-42472 https://security.alpinelinux.org/vuln/CVE-2024-42472

BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257) Disclosed 08/15/2024 Created 10/15/2024 Description This module exploits two vulnerabilities in the BYOB (Build Your Own Botnet) web GUI: 1. CVE-2024-45256: Unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. 2. CVE-2024-45257: Authenticated command injection in the payload generation page. These vulnerabilities remain unpatched. Author(s) chebuya Valentin Lobstein Platform Linux,Unix Architectures ARCH_CMD Development Source Code History

Red Hat: CVE-2024-42472: flatpak: Access to files outside sandbox for apps using persistent= (--persist) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 08/15/2024 Created 09/07/2024 Added 09/06/2024 Modified 11/13/2024 Description Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox. Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code. For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission. Solution(s) redhat-upgrade-bubblewrap redhat-upgrade-bubblewrap-debuginfo redhat-upgrade-bubblewrap-debugsource redhat-upgrade-flatpak redhat-upgrade-flatpak-debuginfo redhat-upgrade-flatpak-debugsource redhat-upgrade-flatpak-devel redhat-upgrade-flatpak-libs redhat-upgrade-flatpak-libs-debuginfo redhat-upgrade-flatpak-selinux redhat-upgrade-flatpak-session-helper redhat-upgrade-flatpak-session-helper-debuginfo redhat-upgrade-flatpak-tests-debuginfo References CVE-2024-42472 RHSA-2024:6355 RHSA-2024:6356 RHSA-2024:6419 RHSA-2024:6422 RHSA-2024:9449

VMware Photon OS: CVE-2024-43374 Severity 4 CVSS (AV:L/AC:H/Au:N/C:P/I:P/A:P) Published 08/15/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-43374 CVE - 2024-43374

Red Hat OpenShift: CVE-2024-42353: webob: WebOb's location header normalization during redirect leads to open redirect Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/14/2024 Created 09/26/2024 Added 09/25/2024 Modified 01/30/2025 Description WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8. Solution(s) linuxrpm-upgrade-python-webob References https://attackerkb.com/topics/cve-2024-42353 CVE - 2024-42353 RHSA-2024:6775 RHSA-2024:6827 RHSA-2024:7182 RHSA-2024:7187 RHSA-2024:7590 RHSA-2024:7941 RHSA-2024:9983 RHSA-2024:9989 View more

Amazon Linux 2023: CVE-2024-42472: Important priority package update for bubblewrap (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 08/14/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox. Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code. For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission. A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the designated sandbox. As a result, the attacker could potentially manipulate the file system, leading to unauthorized actions that compromise the security and integrity of the system. Solution(s) amazon-linux-2023-upgrade-bubblewrap amazon-linux-2023-upgrade-bubblewrap-debuginfo amazon-linux-2023-upgrade-bubblewrap-debugsource amazon-linux-2023-upgrade-flatpak amazon-linux-2023-upgrade-flatpak-debuginfo amazon-linux-2023-upgrade-flatpak-debugsource amazon-linux-2023-upgrade-flatpak-devel amazon-linux-2023-upgrade-flatpak-libs amazon-linux-2023-upgrade-flatpak-libs-debuginfo amazon-linux-2023-upgrade-flatpak-selinux amazon-linux-2023-upgrade-flatpak-session-helper amazon-linux-2023-upgrade-flatpak-session-helper-debuginfo amazon-linux-2023-upgrade-flatpak-tests amazon-linux-2023-upgrade-flatpak-tests-debuginfo References https://attackerkb.com/topics/cve-2024-42472 CVE - 2024-42472 https://alas.aws.amazon.com/AL2023/ALAS-2024-726.html https://alas.aws.amazon.com/AL2023/ALAS-2024-745.html

Alpine Linux: CVE-2024-43374: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:H/Au:N/C:P/I:P/A:P) Published 08/15/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/02/2024 Description The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2024-43374 CVE - 2024-43374 https://security.alpinelinux.org/vuln/CVE-2024-43374

IBM AIX: java_nov2024_advisory (CVE-2024-27267): Vulnerability in IBM Java SDK affects AIX Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/14/2024 Created 11/21/2024 Added 11/20/2024 Modified 01/28/2025 Description The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads.IBM X-Force ID:284573. Solution(s) ibm-aix-java_nov2024_advisory References https://attackerkb.com/topics/cve-2024-27267 CVE - 2024-27267 https://aix.software.ibm.com/aix/efixes/security/java_nov2024_advisory.asc

SUSE: CVE-2024-24853: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/14/2024 Created 08/20/2024 Added 08/19/2024 Modified 08/19/2024 Description Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) suse-upgrade-ucode-intel References https://attackerkb.com/topics/cve-2024-24853 CVE - 2024-24853

Red Hat: CVE-2024-27267: ibm-java: Race condition may cause Denial of Service (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 08/14/2024 Created 09/20/2024 Added 09/20/2024 Modified 09/20/2024 Description The Object Request Broker (ORB) in IBM SDK, Java Technology Edition 7.1.0.0 through 7.1.5.18 and 8.0.0.0 through 8.0.8.26 is vulnerable to remote denial of service, caused by a race condition in the management of ORB listener threads.IBM X-Force ID:284573. Solution(s) redhat-upgrade-java-1-8-0-ibm redhat-upgrade-java-1-8-0-ibm-demo redhat-upgrade-java-1-8-0-ibm-devel redhat-upgrade-java-1-8-0-ibm-headless redhat-upgrade-java-1-8-0-ibm-jdbc redhat-upgrade-java-1-8-0-ibm-plugin redhat-upgrade-java-1-8-0-ibm-src redhat-upgrade-java-1-8-0-ibm-webstart References CVE-2024-27267 RHSA-2024:6595

Amazon Linux AMI 2: CVE-2024-42259: Security patch for kernel (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/14/2024 Created 09/06/2024 Added 09/05/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cause page fault access. Fix the calculation of the starting and ending addresses, the total size is now deduced from the difference between the end and start addresses. Additionally, the calculations have been rewritten in a clearer and more understandable form. [Joonas: Add Requires: tag] Requires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset") (cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417) Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-224-212-876 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-165-110-161 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2024-42259 AL2/ALASKERNEL-5.10-2024-069 AL2/ALASKERNEL-5.15-2024-051 CVE - 2024-42259

Amazon Linux AMI 2: CVE-2024-42353: Security patch for python-webob (ALAS-2025-2726) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/14/2024 Created 01/11/2025 Added 01/10/2025 Modified 01/30/2025 Description WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8. Solution(s) amazon-linux-ami-2-upgrade-python-webob References https://attackerkb.com/topics/cve-2024-42353 AL2/ALAS-2025-2726 CVE - 2024-42353

Amazon Linux 2023: CVE-2023-49141: Important priority package update for microcode_ctl Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 08/14/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Improper isolation in some Intel(R) Processors stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. Solution(s) amazon-linux-2023-upgrade-microcode-ctl References https://attackerkb.com/topics/cve-2023-49141 CVE - 2023-49141 https://alas.aws.amazon.com/AL2023/ALAS-2024-716.html

Oracle Linux: CVE-2024-42472: ELSA-2024-6356:bubblewrap and flatpak security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 08/14/2024 Created 11/13/2024 Added 10/16/2024 Modified 12/24/2024 Description Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the application permissions (represented as `--persist=subdir` in the command-line interface), that means that an application which otherwise doesn't have access to the real user home directory will see an empty home directory with a writeable subdirectory `subdir`. Behind the scenes, this directory is actually a bind mount and the data is stored in the per-application directory as `~/.var/app/$APPID/subdir`. This allows existing apps that are not aware of the per-application directory to still work as intended without general home directory access. However, the application does have write access to the application directory `~/.var/app/$APPID` where this directory is stored. If the source directory for the `persistent`/`--persist` option is replaced by a symlink, then the next time the application is started, the bind mount will follow the symlink and mount whatever it points to into the sandbox. Partial protection against this vulnerability can be provided by patching Flatpak using the patches in commits ceec2ffc and 98f79773. However, this leaves a race condition that could be exploited by two instances of a malicious app running in parallel. Closing the race condition requires updating or patching the version of bubblewrap that is used by Flatpak to add the new `--bind-fd` option using the patch and then patching Flatpak to use it. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=bwrap` (1.15.x) or `--with-system-bubblewrap=bwrap` (1.14.x or older), or a similar option, then the version of bubblewrap that needs to be patched is a system copy that is distributed separately, typically `/usr/bin/bwrap`. This configuration is the one that is typically used in Linux distributions. If Flatpak has been configured at build-time with `-Dsystem_bubblewrap=` (1.15.x) or with `--without-system-bubblewrap` (1.14.x or older), then it is the bundled version of bubblewrap that is included with Flatpak that must be patched. This is typically installed as `/usr/libexec/flatpak-bwrap`. This configuration is the default when building from source code. For the 1.14.x stable branch, these changes are included in Flatpak 1.14.10. The bundled version of bubblewrap included in this release has been updated to 0.6.3. For the 1.15.x development branch, these changes are included in Flatpak 1.15.10. The bundled version of bubblewrap in this release is a Meson "wrap" subproject, which has been updated to 0.10.0. The 1.12.x and 1.10.x branches will not be updated for this vulnerability. Long-term support OS distributions should backport the individual changes into their versions of Flatpak and bubblewrap, or update to newer versions if their stability policy allows it. As a workaround, avoid using applications using the `persistent` (`--persist`) permission. A sandbox escape vulnerability was found in Flatpak due to a symlink-following issue when mounting persistent directories. This flaw allows a local user or attacker to craft a symbolic link that can bypass the intended restrictions, enabling access to and modification of files outside the designated sandbox. As a result, the attacker could potentially manipulate the file system, leading to unauthorized actions that compromise the security and integrity of the system. Solution(s) oracle-linux-upgrade-bubblewrap oracle-linux-upgrade-flatpak oracle-linux-upgrade-flatpak-builder oracle-linux-upgrade-flatpak-devel oracle-linux-upgrade-flatpak-libs oracle-linux-upgrade-flatpak-selinux oracle-linux-upgrade-flatpak-session-helper References https://attackerkb.com/topics/cve-2024-42472 CVE - 2024-42472 ELSA-2024-6356 ELSA-2024-6417 ELSA-2024-6422 ELSA-2024-9449

Oracle Linux: CVE-2024-42259: ELSA-2024-12782: Unbreakable Enterprise kernel-container security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:M/C:N/I:N/A:C) Published 08/14/2024 Created 10/18/2024 Added 10/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cause page fault access. Fix the calculation of the starting and ending addresses, the total size is now deduced from the difference between the end and start addresses. Additionally, the calculations have been rewritten in a clearer and more understandable form. [Joonas: Add Requires: tag] Requires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset") (cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417) Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-42259 CVE - 2024-42259 ELSA-2024-12782 ELSA-2024-12780 ELSA-2024-12815 ELSA-2024-12868

F5 Networks: CVE-2024-39778: K05710614: BIG-IP HSB vulnerability CVE-2024-39778 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/14/2024 Created 08/27/2024 Added 08/23/2024 Modified 01/28/2025 Description When a stateless virtual server is configured on BIG-IP system with a High-Speed Bridge (HSB), undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2024-39778 CVE - 2024-39778 https://my.f5.com/manage/s/article/K05710614

Alpine Linux: CVE-2024-24853: Vulnerability in Multiple Components Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 08/14/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/02/2024 Description Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) alpine-linux-upgrade-intel-ucode References https://attackerkb.com/topics/cve-2024-24853 CVE - 2024-24853 https://security.alpinelinux.org/vuln/CVE-2024-24853

Gentoo Linux: CVE-2024-7347: nginx: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:N/A:C) Published 08/14/2024 Created 10/01/2024 Added 09/30/2024 Modified 01/28/2025 Description NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) gentoo-linux-upgrade-www-servers-nginx References https://attackerkb.com/topics/cve-2024-7347 CVE - 2024-7347 202409-32

Alpine Linux: CVE-2024-7347: Out-of-bounds Read Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 08/14/2024 Created 10/02/2024 Added 10/01/2024 Modified 10/14/2024 Description NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module, which might allow an attacker to over-read NGINX worker memory resulting in its termination, using a specially crafted mp4 file. The issue only affects NGINX if it is built with the ngx_http_mp4_module and the mp4 directive is used in the configuration file. Additionally, the attack is possible only if an attacker can trigger the processing of a specially crafted mp4 file with the ngx_http_mp4_module. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) alpine-linux-upgrade-nginx References https://attackerkb.com/topics/cve-2024-7347 CVE - 2024-7347 https://security.alpinelinux.org/vuln/CVE-2024-7347

Ubuntu: (Multiple Advisories) (CVE-2024-42259): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/14/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cause page fault access. Fix the calculation of the starting and ending addresses, the total size is now deduced from the difference between the end and start addresses. Additionally, the calculations have been rewritten in a clearer and more understandable form. [Joonas: Add Requires: tag] Requires: 60a2066c5005 ("drm/i915/gem: Adjust vma offset for framebuffer mmap offset") (cherry picked from commit 97b6784753da06d9d40232328efc5c5367e53417) Solution(s) ubuntu-upgrade-linux-image-5-15-0-1038-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1055-gkeop ubuntu-upgrade-linux-image-5-15-0-1065-ibm ubuntu-upgrade-linux-image-5-15-0-1065-raspi ubuntu-upgrade-linux-image-5-15-0-1067-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1067-nvidia ubuntu-upgrade-linux-image-5-15-0-1067-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1069-gke ubuntu-upgrade-linux-image-5-15-0-1069-kvm ubuntu-upgrade-linux-image-5-15-0-1070-oracle ubuntu-upgrade-linux-image-5-15-0-1071-gcp ubuntu-upgrade-linux-image-5-15-0-1072-aws ubuntu-upgrade-linux-image-5-15-0-1075-azure ubuntu-upgrade-linux-image-5-15-0-1078-azure ubuntu-upgrade-linux-image-5-15-0-125-generic ubuntu-upgrade-linux-image-5-15-0-125-generic-64k ubuntu-upgrade-linux-image-5-15-0-125-generic-lpae ubuntu-upgrade-linux-image-5-15-0-125-lowlatency ubuntu-upgrade-linux-image-5-15-0-125-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1044-iot ubuntu-upgrade-linux-image-5-4-0-1054-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1082-ibm ubuntu-upgrade-linux-image-5-4-0-1094-bluefield ubuntu-upgrade-linux-image-5-4-0-1102-gkeop ubuntu-upgrade-linux-image-5-4-0-1119-raspi ubuntu-upgrade-linux-image-5-4-0-1123-kvm ubuntu-upgrade-linux-image-5-4-0-1134-oracle ubuntu-upgrade-linux-image-5-4-0-1135-aws ubuntu-upgrade-linux-image-5-4-0-1139-azure ubuntu-upgrade-linux-image-5-4-0-1139-gcp ubuntu-upgrade-linux-image-5-4-0-1140-azure ubuntu-upgrade-linux-image-5-4-0-200-generic ubuntu-upgrade-linux-image-5-4-0-200-generic-lpae ubuntu-upgrade-linux-image-5-4-0-200-lowlatency ubuntu-upgrade-linux-image-6-8-0-1002-gkeop ubuntu-upgrade-linux-image-6-8-0-1015-gke ubuntu-upgrade-linux-image-6-8-0-1016-raspi ubuntu-upgrade-linux-image-6-8-0-1017-ibm ubuntu-upgrade-linux-image-6-8-0-1017-oracle ubuntu-upgrade-linux-image-6-8-0-1017-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1018-oem ubuntu-upgrade-linux-image-6-8-0-1019-gcp ubuntu-upgrade-linux-image-6-8-0-1019-nvidia ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1019-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1020-aws ubuntu-upgrade-linux-image-6-8-0-1020-azure ubuntu-upgrade-linux-image-6-8-0-1020-azure-fde ubuntu-upgrade-linux-image-6-8-0-50-generic ubuntu-upgrade-linux-image-6-8-0-50-generic-64k ubuntu-upgrade-linux-image-6-8-0-50-lowlatency ubuntu-upgrade-linux-image-6-8-0-50-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-gkeop-6-8 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-24-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-24-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-42259 CVE - 2024-42259 USN-7088-1 USN-7088-2 USN-7088-3 USN-7088-4 USN-7088-5 USN-7100-1 USN-7100-2 USN-7119-1 USN-7123-1 USN-7144-1 USN-7154-1 USN-7154-2 USN-7155-1 USN-7156-1 USN-7194-1 USN-7196-1 View more

Amazon Linux AMI: CVE-2024-24980: Security patch for microcode_ctl (ALAS-2024-1950) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 08/14/2024 Created 11/05/2024 Added 11/01/2024 Modified 11/01/2024 Description Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Solution(s) amazon-linux-upgrade-microcode_ctl References ALAS-2024-1950 CVE-2024-24980

Dell iDRAC: CVE-2024-6387: DSA-2024-342: Security Update for Dell iDRAC9 OpenSSH Vulnerability Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/14/2024 Created 12/13/2024 Added 12/12/2024 Modified 12/12/2024 Description A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Solution(s) dell-idrac-upgrade-latest References https://attackerkb.com/topics/cve-2024-6387 https://www.dell.com/support/kbdoc/en-ai/000227795/dsa-2024-342-security-update-for-dell-idrac9-openssh-vulnerability CVE - 2024-6387