ISHACK AI BOT

Ubuntu: USN-6934-1 (CVE-2024-21142): MySQL vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 07/16/2024 Created 08/02/2024 Added 08/01/2024 Modified 01/28/2025 Description Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).Supported versions that are affected are 8.0.37 and prior and8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). Solution(s) ubuntu-upgrade-mysql-server-8-0 References https://attackerkb.com/topics/cve-2024-21142 CVE - 2024-21142 USN-6934-1

Huawei EulerOS: CVE-2022-48863: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/16/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix memory leak in dsp_pipeline_build() dsp_pipeline_build() allocates dup pointer by kstrdup(cfg), but then it updates dup variable by strsep(&dup, "|"). As a result when it calls kfree(dup), the dup variable contains NULL. Found by Linux Driver Verification project (linuxtesting.org) with SVACE. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48863 CVE - 2022-48863 EulerOS-SA-2024-2907

Red Hat: CVE-2022-48866: kernel: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:C) Published 07/16/2024 Created 09/26/2024 Added 09/25/2024 Modified 09/25/2024 Description In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints. Code should not blindly access usb_host_interface::endpoint array, since it may contain less endpoints than code expects. Fix it by adding missing validaion check and print an error if number of endpoints do not match expected number Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2022-48866 RHSA-2024:7000 RHSA-2024:7001

Huawei EulerOS: CVE-2022-48788: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/16/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in order to fully prevent a race where this check is not reliable the error recovery work must flush async_event_work before continuing to destroy the admin queue after setting the ctrl state to RESETTING such that there is no race .submit_async_event and the error recovery handler itself changing the ctrl state. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48788 CVE - 2022-48788 EulerOS-SA-2024-2888

Huawei EulerOS: CVE-2024-6345: python-setuptools security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/15/2024 Created 11/12/2024 Added 11/11/2024 Modified 11/11/2024 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) huawei-euleros-2_0_sp9-upgrade-python-setuptools huawei-euleros-2_0_sp9-upgrade-python3-setuptools References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345 EulerOS-SA-2024-2837

Huawei EulerOS: CVE-2024-41007: kernel security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 07/15/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-41007 CVE - 2024-41007 EulerOS-SA-2024-2441

SUSE: CVE-2024-6345: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/15/2024 Created 08/16/2024 Added 08/15/2024 Modified 12/30/2024 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) suse-upgrade-python-setuptools suse-upgrade-python2-setuptools suse-upgrade-python3-setuptools suse-upgrade-python3-setuptools-test suse-upgrade-python3-setuptools-wheel suse-upgrade-python310-setuptools suse-upgrade-python311-setuptools suse-upgrade-python311-setuptools-wheel suse-upgrade-python312-setuptools suse-upgrade-python36-setuptools suse-upgrade-python39-setuptools References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345

Debian: CVE-2024-41007: linux, linux-6.1 -- security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 07/15/2024 Created 08/14/2024 Added 08/14/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-41007 CVE - 2024-41007 DSA-5747-1

Red Hat: CVE-2024-6345: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/15/2024 Created 08/08/2024 Added 08/07/2024 Modified 10/17/2024 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) redhat-upgrade-cython-debugsource redhat-upgrade-fence-agents-aliyun redhat-upgrade-fence-agents-aliyun-debuginfo redhat-upgrade-fence-agents-all redhat-upgrade-fence-agents-amt-ws redhat-upgrade-fence-agents-apc redhat-upgrade-fence-agents-apc-snmp redhat-upgrade-fence-agents-aws redhat-upgrade-fence-agents-azure-arm redhat-upgrade-fence-agents-bladecenter redhat-upgrade-fence-agents-brocade redhat-upgrade-fence-agents-cisco-mds redhat-upgrade-fence-agents-cisco-ucs redhat-upgrade-fence-agents-common redhat-upgrade-fence-agents-compute redhat-upgrade-fence-agents-debuginfo redhat-upgrade-fence-agents-debugsource redhat-upgrade-fence-agents-drac5 redhat-upgrade-fence-agents-eaton-snmp redhat-upgrade-fence-agents-emerson redhat-upgrade-fence-agents-eps redhat-upgrade-fence-agents-gce redhat-upgrade-fence-agents-heuristics-ping redhat-upgrade-fence-agents-hpblade redhat-upgrade-fence-agents-ibm-powervs redhat-upgrade-fence-agents-ibm-vpc redhat-upgrade-fence-agents-ibmblade redhat-upgrade-fence-agents-ifmib redhat-upgrade-fence-agents-ilo-moonshot redhat-upgrade-fence-agents-ilo-mp redhat-upgrade-fence-agents-ilo-ssh redhat-upgrade-fence-agents-ilo2 redhat-upgrade-fence-agents-intelmodular redhat-upgrade-fence-agents-ipdu redhat-upgrade-fence-agents-ipmilan redhat-upgrade-fence-agents-kdump redhat-upgrade-fence-agents-kdump-debuginfo redhat-upgrade-fence-agents-kubevirt redhat-upgrade-fence-agents-kubevirt-debuginfo redhat-upgrade-fence-agents-lpar redhat-upgrade-fence-agents-mpath redhat-upgrade-fence-agents-openstack redhat-upgrade-fence-agents-redfish redhat-upgrade-fence-agents-rhevm redhat-upgrade-fence-agents-rsa redhat-upgrade-fence-agents-rsb redhat-upgrade-fence-agents-sbd redhat-upgrade-fence-agents-scsi redhat-upgrade-fence-agents-virsh redhat-upgrade-fence-agents-vmware-rest redhat-upgrade-fence-agents-vmware-soap redhat-upgrade-fence-agents-wti redhat-upgrade-fence-agents-zvm redhat-upgrade-fence-virt redhat-upgrade-fence-virt-debuginfo redhat-upgrade-fence-virtd redhat-upgrade-fence-virtd-cpg redhat-upgrade-fence-virtd-cpg-debuginfo redhat-upgrade-fence-virtd-debuginfo redhat-upgrade-fence-virtd-libvirt redhat-upgrade-fence-virtd-libvirt-debuginfo redhat-upgrade-fence-virtd-multicast redhat-upgrade-fence-virtd-multicast-debuginfo redhat-upgrade-fence-virtd-serial redhat-upgrade-fence-virtd-serial-debuginfo redhat-upgrade-fence-virtd-tcp redhat-upgrade-fence-virtd-tcp-debuginfo redhat-upgrade-ha-cloud-support redhat-upgrade-ha-cloud-support-debuginfo redhat-upgrade-numpy-debugsource redhat-upgrade-platform-python-setuptools redhat-upgrade-python-cffi-debugsource redhat-upgrade-python-cryptography-debugsource redhat-upgrade-python-lxml-debugsource redhat-upgrade-python-psutil-debugsource redhat-upgrade-python-psycopg2-debugsource redhat-upgrade-python3-11-setuptools redhat-upgrade-python3-11-setuptools-wheel redhat-upgrade-python3-12-setuptools redhat-upgrade-python3-12-setuptools-wheel redhat-upgrade-python3-setuptools redhat-upgrade-python3-setuptools-wheel redhat-upgrade-python39 redhat-upgrade-python39-attrs redhat-upgrade-python39-cffi redhat-upgrade-python39-cffi-debuginfo redhat-upgrade-python39-chardet redhat-upgrade-python39-cryptography redhat-upgrade-python39-cryptography-debuginfo redhat-upgrade-python39-cython redhat-upgrade-python39-cython-debuginfo redhat-upgrade-python39-debug redhat-upgrade-python39-debuginfo redhat-upgrade-python39-debugsource redhat-upgrade-python39-devel redhat-upgrade-python39-idle redhat-upgrade-python39-idna redhat-upgrade-python39-iniconfig redhat-upgrade-python39-libs redhat-upgrade-python39-lxml redhat-upgrade-python39-lxml-debuginfo redhat-upgrade-python39-mod_wsgi redhat-upgrade-python39-more-itertools redhat-upgrade-python39-numpy redhat-upgrade-python39-numpy-debuginfo redhat-upgrade-python39-numpy-doc redhat-upgrade-python39-numpy-f2py redhat-upgrade-python39-packaging redhat-upgrade-python39-pip redhat-upgrade-python39-pip-wheel redhat-upgrade-python39-pluggy redhat-upgrade-python39-ply redhat-upgrade-python39-psutil redhat-upgrade-python39-psutil-debuginfo redhat-upgrade-python39-psycopg2 redhat-upgrade-python39-psycopg2-debuginfo redhat-upgrade-python39-psycopg2-doc redhat-upgrade-python39-psycopg2-tests redhat-upgrade-python39-py redhat-upgrade-python39-pybind11 redhat-upgrade-python39-pybind11-devel redhat-upgrade-python39-pycparser redhat-upgrade-python39-pymysql redhat-upgrade-python39-pyparsing redhat-upgrade-python39-pysocks redhat-upgrade-python39-pytest redhat-upgrade-python39-pyyaml redhat-upgrade-python39-pyyaml-debuginfo redhat-upgrade-python39-requests redhat-upgrade-python39-rpm-macros redhat-upgrade-python39-scipy redhat-upgrade-python39-scipy-debuginfo redhat-upgrade-python39-setuptools redhat-upgrade-python39-setuptools-wheel redhat-upgrade-python39-six redhat-upgrade-python39-test redhat-upgrade-python39-tkinter redhat-upgrade-python39-toml redhat-upgrade-python39-urllib3 redhat-upgrade-python39-wcwidth redhat-upgrade-python39-wheel redhat-upgrade-python39-wheel-wheel redhat-upgrade-pyyaml-debugsource redhat-upgrade-resource-agents redhat-upgrade-resource-agents-aliyun redhat-upgrade-resource-agents-aliyun-debuginfo redhat-upgrade-resource-agents-debuginfo redhat-upgrade-resource-agents-debugsource redhat-upgrade-resource-agents-gcp redhat-upgrade-resource-agents-paf redhat-upgrade-scipy-debugsource References CVE-2024-6345 RHSA-2024:5000 RHSA-2024:5002 RHSA-2024:5084 RHSA-2024:5137 RHSA-2024:5279 RHSA-2024:5530 RHSA-2024:5531 RHSA-2024:5532 RHSA-2024:5533 RHSA-2024:5534 RHSA-2024:5962 RHSA-2024:6309 RHSA-2024:6311 RHSA-2024:6312 RHSA-2024:6611 RHSA-2024:6726 RHSA-2024:8168 RHSA-2024:8179 View more

Alma Linux: CVE-2024-6345: Important: python3.12-setuptools security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/15/2024 Created 08/23/2024 Added 08/22/2024 Modified 02/13/2025 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) alma-upgrade-fence-agents-aliyun alma-upgrade-fence-agents-all alma-upgrade-fence-agents-amt-ws alma-upgrade-fence-agents-apc alma-upgrade-fence-agents-apc-snmp alma-upgrade-fence-agents-aws alma-upgrade-fence-agents-azure-arm alma-upgrade-fence-agents-bladecenter alma-upgrade-fence-agents-brocade alma-upgrade-fence-agents-cisco-mds alma-upgrade-fence-agents-cisco-ucs alma-upgrade-fence-agents-common alma-upgrade-fence-agents-compute alma-upgrade-fence-agents-drac5 alma-upgrade-fence-agents-eaton-snmp alma-upgrade-fence-agents-emerson alma-upgrade-fence-agents-eps alma-upgrade-fence-agents-gce alma-upgrade-fence-agents-heuristics-ping alma-upgrade-fence-agents-hpblade alma-upgrade-fence-agents-ibm-powervs alma-upgrade-fence-agents-ibm-vpc alma-upgrade-fence-agents-ibmblade alma-upgrade-fence-agents-ifmib alma-upgrade-fence-agents-ilo-moonshot alma-upgrade-fence-agents-ilo-mp alma-upgrade-fence-agents-ilo-ssh alma-upgrade-fence-agents-ilo2 alma-upgrade-fence-agents-intelmodular alma-upgrade-fence-agents-ipdu alma-upgrade-fence-agents-ipmilan alma-upgrade-fence-agents-kdump alma-upgrade-fence-agents-kubevirt alma-upgrade-fence-agents-lpar alma-upgrade-fence-agents-mpath alma-upgrade-fence-agents-openstack alma-upgrade-fence-agents-redfish alma-upgrade-fence-agents-rhevm alma-upgrade-fence-agents-rsa alma-upgrade-fence-agents-rsb alma-upgrade-fence-agents-sbd alma-upgrade-fence-agents-scsi alma-upgrade-fence-agents-virsh alma-upgrade-fence-agents-vmware-rest alma-upgrade-fence-agents-vmware-soap alma-upgrade-fence-agents-wti alma-upgrade-fence-agents-zvm alma-upgrade-fence-virt alma-upgrade-fence-virtd alma-upgrade-fence-virtd-cpg alma-upgrade-fence-virtd-libvirt alma-upgrade-fence-virtd-multicast alma-upgrade-fence-virtd-serial alma-upgrade-fence-virtd-tcp alma-upgrade-ha-cloud-support alma-upgrade-platform-python-setuptools alma-upgrade-python3-setuptools alma-upgrade-python3-setuptools-wheel alma-upgrade-python3.11-setuptools alma-upgrade-python3.11-setuptools-wheel alma-upgrade-python3.12-setuptools alma-upgrade-python3.12-setuptools-wheel alma-upgrade-python39 alma-upgrade-python39-attrs alma-upgrade-python39-cffi alma-upgrade-python39-chardet alma-upgrade-python39-cryptography alma-upgrade-python39-cython alma-upgrade-python39-debug alma-upgrade-python39-devel alma-upgrade-python39-idle alma-upgrade-python39-idna alma-upgrade-python39-iniconfig alma-upgrade-python39-libs alma-upgrade-python39-lxml alma-upgrade-python39-mod_wsgi alma-upgrade-python39-more-itertools alma-upgrade-python39-numpy alma-upgrade-python39-numpy-doc alma-upgrade-python39-numpy-f2py alma-upgrade-python39-packaging alma-upgrade-python39-pip alma-upgrade-python39-pip-wheel alma-upgrade-python39-pluggy alma-upgrade-python39-ply alma-upgrade-python39-psutil alma-upgrade-python39-psycopg2 alma-upgrade-python39-psycopg2-doc alma-upgrade-python39-psycopg2-tests alma-upgrade-python39-py alma-upgrade-python39-pybind11 alma-upgrade-python39-pybind11-devel alma-upgrade-python39-pycparser alma-upgrade-python39-pymysql alma-upgrade-python39-pyparsing alma-upgrade-python39-pysocks alma-upgrade-python39-pytest alma-upgrade-python39-pyyaml alma-upgrade-python39-requests alma-upgrade-python39-rpm-macros alma-upgrade-python39-scipy alma-upgrade-python39-setuptools alma-upgrade-python39-setuptools-wheel alma-upgrade-python39-six alma-upgrade-python39-test alma-upgrade-python39-tkinter alma-upgrade-python39-toml alma-upgrade-python39-urllib3 alma-upgrade-python39-wcwidth alma-upgrade-python39-wheel alma-upgrade-python39-wheel-wheel alma-upgrade-resource-agents alma-upgrade-resource-agents-aliyun alma-upgrade-resource-agents-gcp alma-upgrade-resource-agents-paf References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345 https://errata.almalinux.org/8/ALSA-2024-5530.html https://errata.almalinux.org/8/ALSA-2024-5531.html https://errata.almalinux.org/8/ALSA-2024-5532.html https://errata.almalinux.org/8/ALSA-2024-5962.html https://errata.almalinux.org/8/ALSA-2024-6309.html https://errata.almalinux.org/8/ALSA-2024-6311.html https://errata.almalinux.org/9/ALSA-2024-5279.html https://errata.almalinux.org/9/ALSA-2024-5533.html https://errata.almalinux.org/9/ALSA-2024-5534.html https://errata.almalinux.org/9/ALSA-2024-6726.html View more

Red Hat: CVE-2024-41007: kernel: tcp: avoid too many retransmit packets (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 07/15/2024 Created 09/26/2024 Added 09/25/2024 Modified 02/10/2025 Description In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2024-41007 RHSA-2024:10771 RHSA-2024:7000 RHSA-2024:7001 RHSA-2024:9315

Huawei EulerOS: CVE-2024-41007: kernel security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 07/15/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-41007 CVE - 2024-41007 EulerOS-SA-2024-2544

Rocky Linux: CVE-2024-6345: fence-agents (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/15/2024 Created 08/23/2024 Added 10/02/2024 Modified 11/18/2024 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) rocky-upgrade-fence-agents-aliyun rocky-upgrade-fence-agents-all rocky-upgrade-fence-agents-aws rocky-upgrade-fence-agents-azure-arm rocky-upgrade-fence-agents-compute rocky-upgrade-fence-agents-gce rocky-upgrade-fence-agents-kdump rocky-upgrade-fence-agents-kdump-debuginfo rocky-upgrade-fence-agents-kubevirt rocky-upgrade-fence-agents-kubevirt-debuginfo rocky-upgrade-fence-agents-openstack rocky-upgrade-fence-agents-redfish rocky-upgrade-fence-agents-zvm rocky-upgrade-fence-virt rocky-upgrade-fence-virt-debuginfo rocky-upgrade-fence-virtd rocky-upgrade-fence-virtd-cpg rocky-upgrade-fence-virtd-cpg-debuginfo rocky-upgrade-fence-virtd-debuginfo rocky-upgrade-fence-virtd-libvirt rocky-upgrade-fence-virtd-libvirt-debuginfo rocky-upgrade-fence-virtd-multicast rocky-upgrade-fence-virtd-multicast-debuginfo rocky-upgrade-fence-virtd-serial rocky-upgrade-fence-virtd-serial-debuginfo rocky-upgrade-fence-virtd-tcp rocky-upgrade-fence-virtd-tcp-debuginfo rocky-upgrade-ha-cloud-support rocky-upgrade-ha-cloud-support-debuginfo References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345 https://errata.rockylinux.org/RLSA-2024:5279 https://errata.rockylinux.org/RLSA-2024:5530 https://errata.rockylinux.org/RLSA-2024:5531 https://errata.rockylinux.org/RLSA-2024:5532 https://errata.rockylinux.org/RLSA-2024:5533 https://errata.rockylinux.org/RLSA-2024:6726 View more

Oracle WebLogic: CVE-2024-6345 : Critical Patch Update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/15/2024 Created 10/23/2024 Added 10/18/2024 Modified 10/18/2024 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) oracle-weblogic-oct-2024-cpu-14_1_1_0_0 References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345 http://www.oracle.com/security-alerts/cpuoct2024.html https://support.oracle.com/rs?type=doc&id=3048255.2

Huawei EulerOS: CVE-2024-41007: kernel security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 07/15/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-41007 CVE - 2024-41007 EulerOS-SA-2024-2585

VMware Photon OS: CVE-2024-6345 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/15/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345

Huawei EulerOS: CVE-2024-6345: python-setuptools security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/15/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) huawei-euleros-2_0_sp11-upgrade-python-setuptools huawei-euleros-2_0_sp11-upgrade-python3-setuptools References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345 EulerOS-SA-2024-2592

Ubuntu: USN-7002-1 (CVE-2024-6345): Setuptools vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/15/2024 Created 09/14/2024 Added 09/13/2024 Modified 11/15/2024 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) ubuntu-pro-upgrade-pypy-setuptools ubuntu-pro-upgrade-python-setuptools ubuntu-pro-upgrade-python3-setuptools References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345 USN-7002-1

Rocky Linux: CVE-2024-41007: kernel-rt (RLSA-2024-7001) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 07/15/2024 Created 10/03/2024 Added 10/02/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4. Solution(s) rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra References https://attackerkb.com/topics/cve-2024-41007 CVE - 2024-41007 https://errata.rockylinux.org/RLSA-2024:7001

Alpine Linux: CVE-2024-6345: Code Injection Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/15/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/01/2024 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) alpine-linux-upgrade-py3-setuptools References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345 https://security.alpinelinux.org/vuln/CVE-2024-6345

Huawei EulerOS: CVE-2024-6345: python-setuptools security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/15/2024 Created 11/12/2024 Added 11/11/2024 Modified 11/11/2024 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) huawei-euleros-2_0_sp10-upgrade-python-setuptools huawei-euleros-2_0_sp10-upgrade-python3-setuptools References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345 EulerOS-SA-2024-2913

IBM AIX: python_advisory11 (CVE-2024-6345): Vulnerability in python affects AIX Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/15/2024 Created 08/14/2024 Added 08/13/2024 Modified 10/31/2024 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) ibm-aix-python_advisory11 References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345 https://aix.software.ibm.com/aix/efixes/security/python_advisory11.asc

Huawei EulerOS: CVE-2024-6345: python-setuptools security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/15/2024 Created 11/06/2024 Added 11/05/2024 Modified 11/05/2024 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) huawei-euleros-2_0_sp12-upgrade-python-setuptools References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345 EulerOS-SA-2024-2803

Red Hat OpenShift: CVE-2024-6345: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/15/2024 Created 10/18/2024 Added 10/17/2024 Modified 12/17/2024 Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0. Solution(s) linuxrpm-upgrade-rhcos References https://attackerkb.com/topics/cve-2024-6345 CVE - 2024-6345 RHSA-2024:10135 RHSA-2024:11109 RHSA-2024:5000 RHSA-2024:5002 RHSA-2024:5040 RHSA-2024:5078 RHSA-2024:5084 RHSA-2024:5137 RHSA-2024:5279 RHSA-2024:5389 RHSA-2024:5530 RHSA-2024:5531 RHSA-2024:5532 RHSA-2024:5533 RHSA-2024:5534 RHSA-2024:5962 RHSA-2024:6220 RHSA-2024:6309 RHSA-2024:6311 RHSA-2024:6312 RHSA-2024:6488 RHSA-2024:6611 RHSA-2024:6612 RHSA-2024:6661 RHSA-2024:6662 RHSA-2024:6667 RHSA-2024:6726 RHSA-2024:6907 RHSA-2024:7213 RHSA-2024:7374 RHSA-2024:7922 RHSA-2024:8168 RHSA-2024:8170 RHSA-2024:8171 RHSA-2024:8172 RHSA-2024:8173 RHSA-2024:8179 View more

Huawei EulerOS: CVE-2024-41007: kernel security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 07/15/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_timeout, but would use standard exponential backoff for the retransmits. Also worth noting that before commit e89688e3e978 ("net: tcp: fix unexcepted socket die when snd_wnd is 0"), the issue would last 2 minutes instead of 4. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-41007 CVE - 2024-41007 EulerOS-SA-2024-2394