ISHACK AI BOT

Alpine Linux: CVE-2024-33870: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/03/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/10/2024 Description An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. Solution(s) alpine-linux-upgrade-ghostscript References https://attackerkb.com/topics/cve-2024-33870 CVE - 2024-33870 https://security.alpinelinux.org/vuln/CVE-2024-33870

Debian: CVE-2023-52169: 7zip, p7zip -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/03/2024 Created 11/12/2024 Added 11/11/2024 Modified 11/11/2024 Description The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process. Solution(s) debian-upgrade-7zip debian-upgrade-p7zip References https://attackerkb.com/topics/cve-2023-52169 CVE - 2023-52169

Amazon Linux 2023: CVE-2024-29506: Medium priority package update for ghostscript Severity 6 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:P) Published 07/03/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. A flaw was found in Ghostscript. The `PDFDEBUG` flag controls the value of `ctx->args.debug`. In `pdfi_apply_filter`. This issue enables the execution of a `memcpy` into a stack buffer, without bounds checks. A filter name larger than 100 will overflow the `str` buffer, which may lead to an application crash or other unexpected behavior. Solution(s) amazon-linux-2023-upgrade-ghostscript amazon-linux-2023-upgrade-ghostscript-debuginfo amazon-linux-2023-upgrade-ghostscript-debugsource amazon-linux-2023-upgrade-ghostscript-doc amazon-linux-2023-upgrade-ghostscript-gtk amazon-linux-2023-upgrade-ghostscript-gtk-debuginfo amazon-linux-2023-upgrade-ghostscript-tools-dvipdf amazon-linux-2023-upgrade-ghostscript-tools-fonts amazon-linux-2023-upgrade-ghostscript-tools-printing amazon-linux-2023-upgrade-ghostscript-x11 amazon-linux-2023-upgrade-ghostscript-x11-debuginfo amazon-linux-2023-upgrade-libgs amazon-linux-2023-upgrade-libgs-debuginfo amazon-linux-2023-upgrade-libgs-devel References https://attackerkb.com/topics/cve-2024-29506 CVE - 2024-29506 https://alas.aws.amazon.com/AL2023/ALAS-2024-692.html

Debian: CVE-2024-29507: ghostscript -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/03/2024 Created 09/03/2024 Added 09/02/2024 Modified 09/02/2024 Description Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters. Solution(s) debian-upgrade-ghostscript References https://attackerkb.com/topics/cve-2024-29507 CVE - 2024-29507 DSA-5760-1

Artifex Ghostscript: (CVE-2024-29511) Directory traversal issue allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/03/2024 Created 07/10/2024 Added 07/08/2024 Modified 11/19/2024 Description Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and writing of error messages to arbitrary files) via OCRLanguage. For example, exploitation can use debug_file /tmp/out and user_patterns_file /etc/passwd. Solution(s) ghostscript-upgrade-10_03_1 References https://attackerkb.com/topics/cve-2024-29511 CVE - 2024-29511

Debian: CVE-2024-29508: ghostscript -- security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 07/03/2024 Created 09/03/2024 Added 09/02/2024 Modified 01/28/2025 Description Artifex Ghostscript before 10.03.0 has a heap-based pointer disclosure (observable in a constructed BaseFont name) in the function pdf_base_font_alloc. Solution(s) debian-upgrade-ghostscript References https://attackerkb.com/topics/cve-2024-29508 CVE - 2024-29508 DSA-5760-1

Debian: CVE-2024-29509: ghostscript -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/03/2024 Created 09/03/2024 Added 09/02/2024 Modified 01/28/2025 Description Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword (e.g., for runpdf) has a \000 byte in the middle. Solution(s) debian-upgrade-ghostscript References https://attackerkb.com/topics/cve-2024-29509 CVE - 2024-29509 DSA-5760-1

SUSE: CVE-2024-34750: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/03/2024 Created 07/12/2024 Added 07/12/2024 Modified 07/16/2024 Description Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. Solution(s) suse-upgrade-tomcat suse-upgrade-tomcat-admin-webapps suse-upgrade-tomcat-docs-webapp suse-upgrade-tomcat-el-3_0-api suse-upgrade-tomcat-embed suse-upgrade-tomcat-javadoc suse-upgrade-tomcat-jsp-2_3-api suse-upgrade-tomcat-jsvc suse-upgrade-tomcat-lib suse-upgrade-tomcat-servlet-4_0-api suse-upgrade-tomcat-webapps suse-upgrade-tomcat10 suse-upgrade-tomcat10-admin-webapps suse-upgrade-tomcat10-doc suse-upgrade-tomcat10-docs-webapp suse-upgrade-tomcat10-el-5_0-api suse-upgrade-tomcat10-embed suse-upgrade-tomcat10-jsp-3_1-api suse-upgrade-tomcat10-jsvc suse-upgrade-tomcat10-lib suse-upgrade-tomcat10-servlet-6_0-api suse-upgrade-tomcat10-webapps References https://attackerkb.com/topics/cve-2024-34750 CVE - 2024-34750

Debian: CVE-2023-52168: 7zip, p7zip -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/03/2024 Created 11/12/2024 Added 11/11/2024 Modified 11/11/2024 Description The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc. Solution(s) debian-upgrade-7zip debian-upgrade-p7zip References https://attackerkb.com/topics/cve-2023-52168 CVE - 2023-52168

Amazon Linux AMI 2: CVE-2024-34750: Security patch for tomcat (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/03/2024 Created 08/14/2024 Added 08/14/2024 Modified 08/14/2024 Description Improper Handling of Exceptional Conditions, Uncontrolled Resource Consumption vulnerability in Apache Tomcat. When processing an HTTP/2 stream, Tomcat did not handle some cases of excessive HTTP headers correctly. This led to a miscounting of active HTTP/2 streams which in turn led to the use of an incorrect infinite timeout which allowed connections to remain open which should have been closed. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.0-M1 through 9.0.89. Users are recommended to upgrade to version 11.0.0-M21, 10.1.25 or 9.0.90, which fixes the issue. Solution(s) amazon-linux-ami-2-upgrade-tomcat amazon-linux-ami-2-upgrade-tomcat-admin-webapps amazon-linux-ami-2-upgrade-tomcat-docs-webapp amazon-linux-ami-2-upgrade-tomcat-el-3-0-api amazon-linux-ami-2-upgrade-tomcat-javadoc amazon-linux-ami-2-upgrade-tomcat-jsp-2-3-api amazon-linux-ami-2-upgrade-tomcat-jsvc amazon-linux-ami-2-upgrade-tomcat-lib amazon-linux-ami-2-upgrade-tomcat-servlet-3-1-api amazon-linux-ami-2-upgrade-tomcat-servlet-4-0-api amazon-linux-ami-2-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2024-34750 AL2/ALASTOMCAT8.5-2024-020 AL2/ALASTOMCAT9-2024-014 CVE - 2024-34750

Artifex Ghostscript: (CVE-2024-29506) Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/03/2024 Created 07/10/2024 Added 07/08/2024 Modified 01/28/2025 Description Artifex Ghostscript before 10.03.0 has a stack-based buffer overflow in the pdfi_apply_filter() function via a long PDF filter name. Solution(s) ghostscript-upgrade-10_03_0 References https://attackerkb.com/topics/cve-2024-29506 CVE - 2024-29506

Gentoo Linux: CVE-2024-39844: ZNC: Remote Code Execution Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/03/2024 Created 09/26/2024 Added 09/25/2024 Modified 09/25/2024 Description In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK. Solution(s) gentoo-linux-upgrade-net-irc-znc References https://attackerkb.com/topics/cve-2024-39844 CVE - 2024-39844 202409-23

Gentoo Linux: CVE-2024-29510: GPL Ghostscript: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/03/2024 Created 09/24/2024 Added 09/23/2024 Modified 09/23/2024 Description Artifex Ghostscript before 10.03.1 allows memory corruption, and SAFER sandbox bypass, via format string injection with a uniprint device. Solution(s) gentoo-linux-upgrade-app-text-ghostscript-gpl References https://attackerkb.com/topics/cve-2024-29510 CVE - 2024-29510 202409-03

SUSE: CVE-2023-52169: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/03/2024 Created 07/15/2024 Added 07/15/2024 Modified 07/31/2024 Description The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process. Solution(s) suse-upgrade-p7zip suse-upgrade-p7zip-doc suse-upgrade-p7zip-full References https://attackerkb.com/topics/cve-2023-52169 CVE - 2023-52169

Ubuntu: USN-6897-1 (CVE-2024-29507): Ghostscript vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/03/2024 Created 07/16/2024 Added 07/16/2024 Modified 10/23/2024 Description Artifex Ghostscript before 10.03.0 sometimes has a stack-based buffer overflow via the CIDFSubstPath and CIDFSubstFont parameters. Solution(s) ubuntu-upgrade-ghostscript ubuntu-upgrade-libgs10 References https://attackerkb.com/topics/cve-2024-29507 CVE - 2024-29507 USN-6897-1

Gentoo Linux: CVE-2024-38519: yt-dlp: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 10/01/2024 Added 09/30/2024 Modified 09/30/2024 Description `yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). Since `yt-dlp` and `youtube-dl` also read config from the working directory (and on Windows executables will be executed from the `yt-dlp` or `youtube-dl` directory), this could lead to arbitrary code being executed. `yt-dlp` version 2024.07.01 fixes this issue by whitelisting the allowed extensions. `youtube-dl` fixes this issue in commit `d42a222` on the `master` branch and in nightly builds tagged 2024-07-03 or later. This might mean some very uncommon extensions might not get downloaded, however it will also limit the possible exploitation surface. In addition to upgrading, have `.%(ext)s` at the end of the output template and make sure the user trusts the websites that they are downloading from. Also, make sure to never download to a directory within PATH or other sensitive locations like one's user directory, `system32`, or other binaries locations. For users who are not able to upgrade, keep the default output template (`-o "%(title)s [%(id)s].%(ext)s`); make sure the extension of the media to download is a common video/audio/sub/... one; try to avoid the generic extractor; and/or use `--ignore-config --config-location ...` to not load config from common locations. Solution(s) gentoo-linux-upgrade-net-misc-yt-dlp References https://attackerkb.com/topics/cve-2024-38519 CVE - 2024-38519 202409-30

FreeBSD: (Multiple Advisories) (CVE-2024-24791): oauth2-proxy -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 07/04/2024 Added 07/03/2024 Modified 10/22/2024 Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Solution(s) freebsd-upgrade-package-go121 freebsd-upgrade-package-go122 freebsd-upgrade-package-oauth2-proxy References CVE-2024-24791

Ubuntu: USN-6887-1 (CVE-2024-39894): OpenSSH vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 07/10/2024 Added 07/10/2024 Modified 10/23/2024 Description OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. Solution(s) ubuntu-upgrade-openssh-client ubuntu-upgrade-openssh-server References https://attackerkb.com/topics/cve-2024-39894 CVE - 2024-39894 USN-6887-1

Alma Linux: CVE-2024-24791: Important: go-toolset:rhel8 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 09/27/2024 Added 09/26/2024 Modified 11/20/2024 Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-delve alma-upgrade-fuse-overlayfs alma-upgrade-go-toolset alma-upgrade-golang alma-upgrade-golang-bin alma-upgrade-golang-docs alma-upgrade-golang-misc alma-upgrade-golang-src alma-upgrade-golang-tests alma-upgrade-grafana alma-upgrade-grafana-selinux alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2024-24791 CVE - 2024-24791 https://errata.almalinux.org/8/ALSA-2024-6908.html https://errata.almalinux.org/8/ALSA-2024-6969.html https://errata.almalinux.org/8/ALSA-2024-7349.html https://errata.almalinux.org/9/ALSA-2024-6913.html https://errata.almalinux.org/9/ALSA-2024-9089.html https://errata.almalinux.org/9/ALSA-2024-9097.html https://errata.almalinux.org/9/ALSA-2024-9098.html https://errata.almalinux.org/9/ALSA-2024-9115.html https://errata.almalinux.org/9/ALSA-2024-9135.html View more

Huawei EulerOS: CVE-2024-24791: golang security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Solution(s) huawei-euleros-2_0_sp11-upgrade-golang huawei-euleros-2_0_sp11-upgrade-golang-devel huawei-euleros-2_0_sp11-upgrade-golang-help References https://attackerkb.com/topics/cve-2024-24791 CVE - 2024-24791 EulerOS-SA-2024-2580

VMware Photon OS: CVE-2024-24791 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/02/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-24791 CVE - 2024-24791

Ubuntu: (Multiple Advisories) (CVE-2023-24531): Go vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 10/12/2024 Added 10/11/2024 Modified 11/15/2024 Description Command go env is documented as outputting a shell script containing the Go environment. However, go env doesn't sanitize values, so executing its output as a shell script can cause various bad bahaviors, including executing arbitrary commands or inserting new environment variables. This issue is relatively minor because, in general, if an attacker can set arbitrary environment variables on a system, they have better attack vectors than making "go env" print them out. Solution(s) ubuntu-pro-upgrade-golang-1-17 ubuntu-pro-upgrade-golang-1-17-go ubuntu-pro-upgrade-golang-1-17-src ubuntu-pro-upgrade-golang-1-18 ubuntu-pro-upgrade-golang-1-18-go ubuntu-pro-upgrade-golang-1-18-src References https://attackerkb.com/topics/cve-2023-24531 CVE - 2023-24531 USN-7061-1 USN-7109-1

Red Hat: CVE-2024-4467: QEMU: 'qemu-img info' leads to host file read/write (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/02/2024 Created 07/03/2024 Added 07/03/2024 Modified 09/13/2024 Description A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. Solution(s) redhat-upgrade-hivex redhat-upgrade-hivex-debuginfo redhat-upgrade-hivex-debugsource redhat-upgrade-hivex-devel redhat-upgrade-libguestfs redhat-upgrade-libguestfs-appliance redhat-upgrade-libguestfs-bash-completion redhat-upgrade-libguestfs-debuginfo redhat-upgrade-libguestfs-debugsource redhat-upgrade-libguestfs-devel redhat-upgrade-libguestfs-gfs2 redhat-upgrade-libguestfs-gobject redhat-upgrade-libguestfs-gobject-debuginfo redhat-upgrade-libguestfs-gobject-devel redhat-upgrade-libguestfs-inspect-icons redhat-upgrade-libguestfs-java redhat-upgrade-libguestfs-java-debuginfo redhat-upgrade-libguestfs-java-devel redhat-upgrade-libguestfs-javadoc redhat-upgrade-libguestfs-man-pages-ja redhat-upgrade-libguestfs-man-pages-uk redhat-upgrade-libguestfs-rescue redhat-upgrade-libguestfs-rsync redhat-upgrade-libguestfs-tools redhat-upgrade-libguestfs-tools-c redhat-upgrade-libguestfs-tools-c-debuginfo redhat-upgrade-libguestfs-winsupport redhat-upgrade-libguestfs-xfs redhat-upgrade-libiscsi redhat-upgrade-libiscsi-debuginfo redhat-upgrade-libiscsi-debugsource redhat-upgrade-libiscsi-devel redhat-upgrade-libiscsi-utils redhat-upgrade-libiscsi-utils-debuginfo redhat-upgrade-libnbd redhat-upgrade-libnbd-bash-completion redhat-upgrade-libnbd-debuginfo redhat-upgrade-libnbd-debugsource redhat-upgrade-libnbd-devel redhat-upgrade-libtpms redhat-upgrade-libtpms-debuginfo redhat-upgrade-libtpms-debugsource redhat-upgrade-libtpms-devel redhat-upgrade-libvirt redhat-upgrade-libvirt-client redhat-upgrade-libvirt-client-debuginfo redhat-upgrade-libvirt-daemon redhat-upgrade-libvirt-daemon-config-network redhat-upgrade-libvirt-daemon-config-nwfilter redhat-upgrade-libvirt-daemon-debuginfo redhat-upgrade-libvirt-daemon-driver-interface redhat-upgrade-libvirt-daemon-driver-interface-debuginfo redhat-upgrade-libvirt-daemon-driver-network redhat-upgrade-libvirt-daemon-driver-network-debuginfo redhat-upgrade-libvirt-daemon-driver-nodedev redhat-upgrade-libvirt-daemon-driver-nodedev-debuginfo redhat-upgrade-libvirt-daemon-driver-nwfilter redhat-upgrade-libvirt-daemon-driver-nwfilter-debuginfo redhat-upgrade-libvirt-daemon-driver-qemu redhat-upgrade-libvirt-daemon-driver-qemu-debuginfo redhat-upgrade-libvirt-daemon-driver-secret redhat-upgrade-libvirt-daemon-driver-secret-debuginfo redhat-upgrade-libvirt-daemon-driver-storage redhat-upgrade-libvirt-daemon-driver-storage-core redhat-upgrade-libvirt-daemon-driver-storage-core-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-disk redhat-upgrade-libvirt-daemon-driver-storage-disk-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-gluster redhat-upgrade-libvirt-daemon-driver-storage-gluster-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-iscsi redhat-upgrade-libvirt-daemon-driver-storage-iscsi-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-iscsi-direct redhat-upgrade-libvirt-daemon-driver-storage-iscsi-direct-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-logical redhat-upgrade-libvirt-daemon-driver-storage-logical-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-mpath redhat-upgrade-libvirt-daemon-driver-storage-mpath-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-rbd redhat-upgrade-libvirt-daemon-driver-storage-rbd-debuginfo redhat-upgrade-libvirt-daemon-driver-storage-scsi redhat-upgrade-libvirt-daemon-driver-storage-scsi-debuginfo redhat-upgrade-libvirt-daemon-kvm redhat-upgrade-libvirt-dbus redhat-upgrade-libvirt-dbus-debuginfo redhat-upgrade-libvirt-dbus-debugsource redhat-upgrade-libvirt-debuginfo redhat-upgrade-libvirt-debugsource redhat-upgrade-libvirt-devel redhat-upgrade-libvirt-docs redhat-upgrade-libvirt-libs redhat-upgrade-libvirt-libs-debuginfo redhat-upgrade-libvirt-lock-sanlock redhat-upgrade-libvirt-lock-sanlock-debuginfo redhat-upgrade-libvirt-nss redhat-upgrade-libvirt-nss-debuginfo redhat-upgrade-libvirt-python-debugsource redhat-upgrade-libvirt-wireshark redhat-upgrade-libvirt-wireshark-debuginfo redhat-upgrade-lua-guestfs redhat-upgrade-lua-guestfs-debuginfo redhat-upgrade-nbdfuse redhat-upgrade-nbdfuse-debuginfo redhat-upgrade-nbdkit redhat-upgrade-nbdkit-bash-completion redhat-upgrade-nbdkit-basic-filters redhat-upgrade-nbdkit-basic-filters-debuginfo redhat-upgrade-nbdkit-basic-plugins redhat-upgrade-nbdkit-basic-plugins-debuginfo redhat-upgrade-nbdkit-curl-plugin redhat-upgrade-nbdkit-curl-plugin-debuginfo redhat-upgrade-nbdkit-debuginfo redhat-upgrade-nbdkit-debugsource redhat-upgrade-nbdkit-devel redhat-upgrade-nbdkit-example-plugins redhat-upgrade-nbdkit-example-plugins-debuginfo redhat-upgrade-nbdkit-gzip-filter redhat-upgrade-nbdkit-gzip-filter-debuginfo redhat-upgrade-nbdkit-gzip-plugin redhat-upgrade-nbdkit-gzip-plugin-debuginfo redhat-upgrade-nbdkit-linuxdisk-plugin redhat-upgrade-nbdkit-linuxdisk-plugin-debuginfo redhat-upgrade-nbdkit-nbd-plugin redhat-upgrade-nbdkit-nbd-plugin-debuginfo redhat-upgrade-nbdkit-python-plugin redhat-upgrade-nbdkit-python-plugin-debuginfo redhat-upgrade-nbdkit-server redhat-upgrade-nbdkit-server-debuginfo redhat-upgrade-nbdkit-ssh-plugin redhat-upgrade-nbdkit-ssh-plugin-debuginfo redhat-upgrade-nbdkit-tar-filter redhat-upgrade-nbdkit-tar-filter-debuginfo redhat-upgrade-nbdkit-tar-plugin redhat-upgrade-nbdkit-tar-plugin-debuginfo redhat-upgrade-nbdkit-tmpdisk-plugin redhat-upgrade-nbdkit-tmpdisk-plugin-debuginfo redhat-upgrade-nbdkit-vddk-plugin redhat-upgrade-nbdkit-vddk-plugin-debuginfo redhat-upgrade-nbdkit-xz-filter redhat-upgrade-nbdkit-xz-filter-debuginfo redhat-upgrade-netcf redhat-upgrade-netcf-debuginfo redhat-upgrade-netcf-debugsource redhat-upgrade-netcf-devel redhat-upgrade-netcf-libs redhat-upgrade-netcf-libs-debuginfo redhat-upgrade-ocaml-hivex redhat-upgrade-ocaml-hivex-debuginfo redhat-upgrade-ocaml-hivex-devel redhat-upgrade-ocaml-libguestfs redhat-upgrade-ocaml-libguestfs-debuginfo redhat-upgrade-ocaml-libguestfs-devel redhat-upgrade-ocaml-libnbd redhat-upgrade-ocaml-libnbd-debuginfo redhat-upgrade-ocaml-libnbd-devel redhat-upgrade-perl-hivex redhat-upgrade-perl-hivex-debuginfo redhat-upgrade-perl-sys-guestfs redhat-upgrade-perl-sys-guestfs-debuginfo redhat-upgrade-perl-sys-virt redhat-upgrade-perl-sys-virt-debuginfo redhat-upgrade-perl-sys-virt-debugsource redhat-upgrade-python3-hivex redhat-upgrade-python3-hivex-debuginfo redhat-upgrade-python3-libguestfs redhat-upgrade-python3-libguestfs-debuginfo redhat-upgrade-python3-libnbd redhat-upgrade-python3-libnbd-debuginfo redhat-upgrade-python3-libvirt redhat-upgrade-python3-libvirt-debuginfo redhat-upgrade-qemu-guest-agent redhat-upgrade-qemu-guest-agent-debuginfo redhat-upgrade-qemu-img redhat-upgrade-qemu-img-debuginfo redhat-upgrade-qemu-kvm redhat-upgrade-qemu-kvm-audio-dbus-debuginfo redhat-upgrade-qemu-kvm-audio-pa redhat-upgrade-qemu-kvm-audio-pa-debuginfo redhat-upgrade-qemu-kvm-block-blkio redhat-upgrade-qemu-kvm-block-blkio-debuginfo redhat-upgrade-qemu-kvm-block-curl redhat-upgrade-qemu-kvm-block-curl-debuginfo redhat-upgrade-qemu-kvm-block-gluster redhat-upgrade-qemu-kvm-block-gluster-debuginfo redhat-upgrade-qemu-kvm-block-iscsi redhat-upgrade-qemu-kvm-block-iscsi-debuginfo redhat-upgrade-qemu-kvm-block-rbd redhat-upgrade-qemu-kvm-block-rbd-debuginfo redhat-upgrade-qemu-kvm-block-ssh redhat-upgrade-qemu-kvm-block-ssh-debuginfo redhat-upgrade-qemu-kvm-common redhat-upgrade-qemu-kvm-common-debuginfo redhat-upgrade-qemu-kvm-core redhat-upgrade-qemu-kvm-core-debuginfo redhat-upgrade-qemu-kvm-debuginfo redhat-upgrade-qemu-kvm-debugsource redhat-upgrade-qemu-kvm-device-display-virtio-gpu redhat-upgrade-qemu-kvm-device-display-virtio-gpu-ccw redhat-upgrade-qemu-kvm-device-display-virtio-gpu-ccw-debuginfo redhat-upgrade-qemu-kvm-device-display-virtio-gpu-debuginfo redhat-upgrade-qemu-kvm-device-display-virtio-gpu-pci redhat-upgrade-qemu-kvm-device-display-virtio-gpu-pci-debuginfo redhat-upgrade-qemu-kvm-device-display-virtio-vga redhat-upgrade-qemu-kvm-device-display-virtio-vga-debuginfo redhat-upgrade-qemu-kvm-device-usb-host redhat-upgrade-qemu-kvm-device-usb-host-debuginfo redhat-upgrade-qemu-kvm-device-usb-redirect redhat-upgrade-qemu-kvm-device-usb-redirect-debuginfo redhat-upgrade-qemu-kvm-docs redhat-upgrade-qemu-kvm-hw-usbredir redhat-upgrade-qemu-kvm-hw-usbredir-debuginfo redhat-upgrade-qemu-kvm-tests redhat-upgrade-qemu-kvm-tests-debuginfo redhat-upgrade-qemu-kvm-tools redhat-upgrade-qemu-kvm-tools-debuginfo redhat-upgrade-qemu-kvm-ui-dbus-debuginfo redhat-upgrade-qemu-kvm-ui-egl-headless redhat-upgrade-qemu-kvm-ui-egl-headless-debuginfo redhat-upgrade-qemu-kvm-ui-opengl redhat-upgrade-qemu-kvm-ui-opengl-debuginfo redhat-upgrade-qemu-kvm-ui-spice redhat-upgrade-qemu-kvm-ui-spice-debuginfo redhat-upgrade-qemu-pr-helper redhat-upgrade-qemu-pr-helper-debuginfo redhat-upgrade-ruby-hivex redhat-upgrade-ruby-hivex-debuginfo redhat-upgrade-ruby-libguestfs redhat-upgrade-ruby-libguestfs-debuginfo redhat-upgrade-seabios redhat-upgrade-seabios-bin redhat-upgrade-seavgabios-bin redhat-upgrade-sgabios redhat-upgrade-sgabios-bin redhat-upgrade-slof redhat-upgrade-supermin redhat-upgrade-supermin-debuginfo redhat-upgrade-supermin-debugsource redhat-upgrade-supermin-devel redhat-upgrade-swtpm redhat-upgrade-swtpm-debuginfo redhat-upgrade-swtpm-debugsource redhat-upgrade-swtpm-devel redhat-upgrade-swtpm-libs redhat-upgrade-swtpm-libs-debuginfo redhat-upgrade-swtpm-tools redhat-upgrade-swtpm-tools-debuginfo redhat-upgrade-swtpm-tools-pkcs11 redhat-upgrade-virt-dib redhat-upgrade-virt-dib-debuginfo redhat-upgrade-virt-v2v redhat-upgrade-virt-v2v-bash-completion redhat-upgrade-virt-v2v-debuginfo redhat-upgrade-virt-v2v-debugsource redhat-upgrade-virt-v2v-man-pages-ja redhat-upgrade-virt-v2v-man-pages-uk References CVE-2024-4467 RHSA-2024:4277 RHSA-2024:4278 RHSA-2024:4372 RHSA-2024:4420

Amazon Linux 2023: CVE-2024-24791: Medium priority package update for golang Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 07/02/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service. Solution(s) amazon-linux-2023-upgrade-golang amazon-linux-2023-upgrade-golang-bin amazon-linux-2023-upgrade-golang-docs amazon-linux-2023-upgrade-golang-misc amazon-linux-2023-upgrade-golang-shared amazon-linux-2023-upgrade-golang-src amazon-linux-2023-upgrade-golang-tests References https://attackerkb.com/topics/cve-2024-24791 CVE - 2024-24791 https://alas.aws.amazon.com/AL2023/ALAS-2024-666.html

Huawei EulerOS: CVE-2024-24791: golang security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 11/12/2024 Added 11/11/2024 Modified 11/11/2024 Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Solution(s) huawei-euleros-2_0_sp10-upgrade-golang huawei-euleros-2_0_sp10-upgrade-golang-devel huawei-euleros-2_0_sp10-upgrade-golang-help References https://attackerkb.com/topics/cve-2024-24791 CVE - 2024-24791 EulerOS-SA-2024-2906