ISHACK AI BOT

SUSE: CVE-2024-39894: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 07/12/2024 Added 07/11/2024 Modified 07/11/2024 Description OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. Solution(s) suse-upgrade-openssh suse-upgrade-openssh-askpass-gnome suse-upgrade-openssh-cavs suse-upgrade-openssh-clients suse-upgrade-openssh-common suse-upgrade-openssh-fips suse-upgrade-openssh-helpers suse-upgrade-openssh-server suse-upgrade-openssh-server-config-disallow-rootlogin References https://attackerkb.com/topics/cve-2024-39894 CVE - 2024-39894

SUSE: CVE-2024-38519: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 08/07/2024 Added 08/06/2024 Modified 08/06/2024 Description `yt-dlp` and `youtube-dl` are command-line audio/video downloaders. Prior to the fixed versions, `yt-dlp` and `youtube-dl` do not limit the extensions of downloaded files, which could lead to arbitrary filenames being created in the download folder (and path traversal on Windows). Since `yt-dlp` and `youtube-dl` also read config from the working directory (and on Windows executables will be executed from the `yt-dlp` or `youtube-dl` directory), this could lead to arbitrary code being executed. `yt-dlp` version 2024.07.01 fixes this issue by whitelisting the allowed extensions. `youtube-dl` fixes this issue in commit `d42a222` on the `master` branch and in nightly builds tagged 2024-07-03 or later. This might mean some very uncommon extensions might not get downloaded, however it will also limit the possible exploitation surface. In addition to upgrading, have `.%(ext)s` at the end of the output template and make sure the user trusts the websites that they are downloading from. Also, make sure to never download to a directory within PATH or other sensitive locations like one's user directory, `system32`, or other binaries locations. For users who are not able to upgrade, keep the default output template (`-o "%(title)s [%(id)s].%(ext)s`); make sure the extension of the media to download is a common video/audio/sub/... one; try to avoid the generic extractor; and/or use `--ignore-config --config-location ...` to not load config from common locations. Solution(s) suse-upgrade-python311-yt-dlp suse-upgrade-yt-dlp suse-upgrade-yt-dlp-bash-completion suse-upgrade-yt-dlp-fish-completion suse-upgrade-yt-dlp-zsh-completion References https://attackerkb.com/topics/cve-2024-38519 CVE - 2024-38519

SUSE: CVE-2024-24791: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 07/04/2024 Added 07/04/2024 Modified 07/09/2024 Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Solution(s) suse-upgrade-go1-21 suse-upgrade-go1-21-doc suse-upgrade-go1-21-race suse-upgrade-go1-22 suse-upgrade-go1-22-doc suse-upgrade-go1-22-race References https://attackerkb.com/topics/cve-2024-24791 CVE - 2024-24791

Oracle Linux: CVE-2024-4467: ELSA-2024-4278:qemu-kvm security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/02/2024 Created 07/04/2024 Added 07/03/2024 Modified 12/17/2024 Description A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. Solution(s) oracle-linux-upgrade-hivex oracle-linux-upgrade-hivex-devel oracle-linux-upgrade-libguestfs oracle-linux-upgrade-libguestfs-appliance oracle-linux-upgrade-libguestfs-bash-completion oracle-linux-upgrade-libguestfs-devel oracle-linux-upgrade-libguestfs-gfs2 oracle-linux-upgrade-libguestfs-gobject oracle-linux-upgrade-libguestfs-gobject-devel oracle-linux-upgrade-libguestfs-inspect-icons oracle-linux-upgrade-libguestfs-java oracle-linux-upgrade-libguestfs-java-devel oracle-linux-upgrade-libguestfs-javadoc oracle-linux-upgrade-libguestfs-man-pages-ja oracle-linux-upgrade-libguestfs-man-pages-uk oracle-linux-upgrade-libguestfs-rescue oracle-linux-upgrade-libguestfs-rsync oracle-linux-upgrade-libguestfs-tools oracle-linux-upgrade-libguestfs-tools-c oracle-linux-upgrade-libguestfs-winsupport oracle-linux-upgrade-libguestfs-xfs oracle-linux-upgrade-libiscsi oracle-linux-upgrade-libiscsi-devel oracle-linux-upgrade-libiscsi-utils oracle-linux-upgrade-libnbd oracle-linux-upgrade-libnbd-bash-completion oracle-linux-upgrade-libnbd-devel oracle-linux-upgrade-libtpms oracle-linux-upgrade-libtpms-devel oracle-linux-upgrade-libvirt oracle-linux-upgrade-libvirt-client oracle-linux-upgrade-libvirt-client-qemu oracle-linux-upgrade-libvirt-daemon oracle-linux-upgrade-libvirt-daemon-config-network oracle-linux-upgrade-libvirt-daemon-config-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-interface oracle-linux-upgrade-libvirt-daemon-driver-network oracle-linux-upgrade-libvirt-daemon-driver-nodedev oracle-linux-upgrade-libvirt-daemon-driver-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-qemu oracle-linux-upgrade-libvirt-daemon-driver-secret oracle-linux-upgrade-libvirt-daemon-driver-storage oracle-linux-upgrade-libvirt-daemon-driver-storage-core oracle-linux-upgrade-libvirt-daemon-driver-storage-disk oracle-linux-upgrade-libvirt-daemon-driver-storage-gluster oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi-direct oracle-linux-upgrade-libvirt-daemon-driver-storage-logical oracle-linux-upgrade-libvirt-daemon-driver-storage-mpath oracle-linux-upgrade-libvirt-daemon-driver-storage-rbd oracle-linux-upgrade-libvirt-daemon-driver-storage-scsi oracle-linux-upgrade-libvirt-daemon-kvm oracle-linux-upgrade-libvirt-dbus oracle-linux-upgrade-libvirt-devel oracle-linux-upgrade-libvirt-docs oracle-linux-upgrade-libvirt-libs oracle-linux-upgrade-libvirt-lock-sanlock oracle-linux-upgrade-libvirt-nss oracle-linux-upgrade-libvirt-wireshark oracle-linux-upgrade-lua-guestfs oracle-linux-upgrade-nbdfuse oracle-linux-upgrade-nbdkit oracle-linux-upgrade-nbdkit-bash-completion oracle-linux-upgrade-nbdkit-basic-filters oracle-linux-upgrade-nbdkit-basic-plugins oracle-linux-upgrade-nbdkit-curl-plugin oracle-linux-upgrade-nbdkit-devel oracle-linux-upgrade-nbdkit-example-plugins oracle-linux-upgrade-nbdkit-gzip-filter oracle-linux-upgrade-nbdkit-gzip-plugin oracle-linux-upgrade-nbdkit-linuxdisk-plugin oracle-linux-upgrade-nbdkit-nbd-plugin oracle-linux-upgrade-nbdkit-python-plugin oracle-linux-upgrade-nbdkit-server oracle-linux-upgrade-nbdkit-ssh-plugin oracle-linux-upgrade-nbdkit-tar-filter oracle-linux-upgrade-nbdkit-tar-plugin oracle-linux-upgrade-nbdkit-tmpdisk-plugin oracle-linux-upgrade-nbdkit-vddk-plugin oracle-linux-upgrade-nbdkit-xz-filter oracle-linux-upgrade-netcf oracle-linux-upgrade-netcf-devel oracle-linux-upgrade-netcf-libs oracle-linux-upgrade-ocaml-hivex oracle-linux-upgrade-ocaml-hivex-devel oracle-linux-upgrade-ocaml-libguestfs oracle-linux-upgrade-ocaml-libguestfs-devel oracle-linux-upgrade-ocaml-libnbd oracle-linux-upgrade-ocaml-libnbd-devel oracle-linux-upgrade-perl-hivex oracle-linux-upgrade-perl-sys-guestfs oracle-linux-upgrade-perl-sys-virt oracle-linux-upgrade-python3-hivex oracle-linux-upgrade-python3-libguestfs oracle-linux-upgrade-python3-libnbd oracle-linux-upgrade-python3-libvirt oracle-linux-upgrade-qemu-guest-agent oracle-linux-upgrade-qemu-img oracle-linux-upgrade-qemu-kvm oracle-linux-upgrade-qemu-kvm-audio-pa oracle-linux-upgrade-qemu-kvm-block-blkio oracle-linux-upgrade-qemu-kvm-block-curl oracle-linux-upgrade-qemu-kvm-block-gluster oracle-linux-upgrade-qemu-kvm-block-iscsi oracle-linux-upgrade-qemu-kvm-block-rbd oracle-linux-upgrade-qemu-kvm-block-ssh oracle-linux-upgrade-qemu-kvm-common oracle-linux-upgrade-qemu-kvm-core oracle-linux-upgrade-qemu-kvm-device-display-virtio-gpu oracle-linux-upgrade-qemu-kvm-device-display-virtio-gpu-pci oracle-linux-upgrade-qemu-kvm-device-display-virtio-vga oracle-linux-upgrade-qemu-kvm-device-usb-host oracle-linux-upgrade-qemu-kvm-device-usb-redirect oracle-linux-upgrade-qemu-kvm-docs oracle-linux-upgrade-qemu-kvm-hw-usbredir oracle-linux-upgrade-qemu-kvm-tests oracle-linux-upgrade-qemu-kvm-tools oracle-linux-upgrade-qemu-kvm-ui-egl-headless oracle-linux-upgrade-qemu-kvm-ui-opengl oracle-linux-upgrade-qemu-kvm-ui-spice oracle-linux-upgrade-qemu-pr-helper oracle-linux-upgrade-qemu-virtiofsd oracle-linux-upgrade-ruby-hivex oracle-linux-upgrade-ruby-libguestfs oracle-linux-upgrade-seabios oracle-linux-upgrade-seabios-bin oracle-linux-upgrade-seavgabios-bin oracle-linux-upgrade-sgabios oracle-linux-upgrade-sgabios-bin oracle-linux-upgrade-supermin oracle-linux-upgrade-supermin-devel oracle-linux-upgrade-swtpm oracle-linux-upgrade-swtpm-devel oracle-linux-upgrade-swtpm-libs oracle-linux-upgrade-swtpm-tools oracle-linux-upgrade-swtpm-tools-pkcs11 oracle-linux-upgrade-virt-dib oracle-linux-upgrade-virt-v2v oracle-linux-upgrade-virt-v2v-bash-completion oracle-linux-upgrade-virt-v2v-man-pages-ja oracle-linux-upgrade-virt-v2v-man-pages-uk References https://attackerkb.com/topics/cve-2024-4467 CVE - 2024-4467 ELSA-2024-4278 ELSA-2024-12674 ELSA-2024-12604 ELSA-2024-4420

SUSE: CVE-2024-33869: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 07/03/2024 Added 07/03/2024 Modified 07/09/2024 Description An issue was discovered in Artifex Ghostscript before 10.03.1. Path traversal and command execution can occur (via a crafted PostScript document) because of path reduction in base/gpmisc.c. For example, restrictions on use of %pipe% can be bypassed via the aa/../%pipe%command# output filename. Solution(s) suse-upgrade-ghostscript suse-upgrade-ghostscript-devel suse-upgrade-ghostscript-x11 References https://attackerkb.com/topics/cve-2024-33869 CVE - 2024-33869

Debian: CVE-2024-4467: qemu -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 09/03/2024 Added 09/02/2024 Modified 09/02/2024 Description A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. Solution(s) debian-upgrade-qemu References https://attackerkb.com/topics/cve-2024-4467 CVE - 2024-4467

Cisco IOS-XR: CVE-2024-6387: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/02/2024 Created 07/23/2024 Added 07/23/2024 Modified 07/23/2024 Description On July 1, 2024, the Qualys Threat Research Unit (TRU) disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server (sshd) in glibc-based Linux systems. CVE-2024-6387: A signal handler race condition was found in sshd, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then the sshd SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). For a description of this vulnerability, see the Qualys Security Advisory ["https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"]. This advisory will be updated as additional information becomes available. Solution(s) update-xros References https://attackerkb.com/topics/cve-2024-6387 CVE - 2024-6387 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024 cisco-sa-openssh-rce-2024

Ubuntu: (Multiple Advisories) (CVE-2024-24791): Go vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 10/25/2024 Added 10/24/2024 Modified 11/15/2024 Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Solution(s) ubuntu-pro-upgrade-golang-1-17 ubuntu-pro-upgrade-golang-1-17-go ubuntu-pro-upgrade-golang-1-17-src ubuntu-pro-upgrade-golang-1-18 ubuntu-pro-upgrade-golang-1-18-go ubuntu-pro-upgrade-golang-1-18-src ubuntu-pro-upgrade-golang-1-22 ubuntu-pro-upgrade-golang-1-22-go ubuntu-pro-upgrade-golang-1-22-src References https://attackerkb.com/topics/cve-2024-24791 CVE - 2024-24791 USN-7081-1 USN-7109-1 USN-7111-1

Cisco XE: CVE-2024-6387: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/02/2024 Created 07/23/2024 Added 07/23/2024 Modified 07/23/2024 Description On July 1, 2024, the Qualys Threat Research Unit (TRU) disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server (sshd) in glibc-based Linux systems. CVE-2024-6387: A signal handler race condition was found in sshd, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then the sshd SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). For a description of this vulnerability, see the Qualys Security Advisory ["https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"]. This advisory will be updated as additional information becomes available. Solution(s) cisco-xe-update-latest References https://attackerkb.com/topics/cve-2024-6387 CVE - 2024-6387 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024 cisco-sa-openssh-rce-2024

FreeBSD: VID-69E19C0B-DEBC-11EF-87BA-002590C1F29C (CVE-2024-39894): FreeBSD -- OpenSSH Keystroke Obfuscation Bypass Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 02/04/2025 Added 01/31/2025 Modified 01/31/2025 Description OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. Solution(s) freebsd-upgrade-base-14_1-release-p7 References CVE-2024-39894

SUSE: CVE-2024-33870: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 07/03/2024 Added 07/03/2024 Modified 07/09/2024 Description An issue was discovered in Artifex Ghostscript before 10.03.1. There is path traversal (via a crafted PostScript document) to arbitrary files if the current directory is in the permitted paths. For example, there can be a transformation of ../../foo to ./../../foo and this will grant access if ./ is permitted. Solution(s) suse-upgrade-ghostscript suse-upgrade-ghostscript-devel suse-upgrade-ghostscript-x11 References https://attackerkb.com/topics/cve-2024-33870 CVE - 2024-33870

Amazon Linux AMI 2: CVE-2024-4467: Security patch for qemu (ALAS-2024-2624) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 08/22/2024 Added 08/21/2024 Modified 08/21/2024 Description A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. Solution(s) amazon-linux-ami-2-upgrade-ivshmem-tools amazon-linux-ami-2-upgrade-qemu amazon-linux-ami-2-upgrade-qemu-audio-alsa amazon-linux-ami-2-upgrade-qemu-audio-oss amazon-linux-ami-2-upgrade-qemu-audio-pa amazon-linux-ami-2-upgrade-qemu-audio-sdl amazon-linux-ami-2-upgrade-qemu-block-curl amazon-linux-ami-2-upgrade-qemu-block-dmg amazon-linux-ami-2-upgrade-qemu-block-iscsi amazon-linux-ami-2-upgrade-qemu-block-nfs amazon-linux-ami-2-upgrade-qemu-block-rbd amazon-linux-ami-2-upgrade-qemu-block-ssh amazon-linux-ami-2-upgrade-qemu-common amazon-linux-ami-2-upgrade-qemu-debuginfo amazon-linux-ami-2-upgrade-qemu-guest-agent amazon-linux-ami-2-upgrade-qemu-img amazon-linux-ami-2-upgrade-qemu-kvm amazon-linux-ami-2-upgrade-qemu-kvm-core amazon-linux-ami-2-upgrade-qemu-system-aarch64 amazon-linux-ami-2-upgrade-qemu-system-aarch64-core amazon-linux-ami-2-upgrade-qemu-system-x86 amazon-linux-ami-2-upgrade-qemu-system-x86-core amazon-linux-ami-2-upgrade-qemu-ui-curses amazon-linux-ami-2-upgrade-qemu-ui-gtk amazon-linux-ami-2-upgrade-qemu-ui-sdl amazon-linux-ami-2-upgrade-qemu-user amazon-linux-ami-2-upgrade-qemu-user-binfmt amazon-linux-ami-2-upgrade-qemu-user-static References https://attackerkb.com/topics/cve-2024-4467 AL2/ALAS-2024-2624 CVE - 2024-4467

Oracle Linux: CVE-2024-24791: ELSA-2024-6969:container-tools:ol8 security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 07/02/2024 Created 11/13/2024 Added 10/16/2024 Modified 01/07/2025 Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-delve oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-golang oracle-linux-upgrade-golang-bin oracle-linux-upgrade-golang-docs oracle-linux-upgrade-golang-misc oracle-linux-upgrade-golang-src oracle-linux-upgrade-golang-tests oracle-linux-upgrade-go-toolset oracle-linux-upgrade-grafana oracle-linux-upgrade-grafana-selinux oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-catatonit oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-gvproxy oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-runc oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns oracle-linux-upgrade-udica References https://attackerkb.com/topics/cve-2024-24791 CVE - 2024-24791 ELSA-2024-6969 ELSA-2024-7349 ELSA-2024-6913 ELSA-2024-6908 ELSA-2024-9115 ELSA-2024-9098 ELSA-2024-9097 ELSA-2024-9089 ELSA-2024-9102 View more

Cisco NX-OS: CVE-2024-6387: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/02/2024 Created 07/23/2024 Added 07/23/2024 Modified 07/23/2024 Description On July 1, 2024, the Qualys Threat Research Unit (TRU) disclosed an unauthenticated, remote code execution vulnerability that affects the OpenSSH server (sshd) in glibc-based Linux systems. CVE-2024-6387: A signal handler race condition was found in sshd, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then the sshd SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). For a description of this vulnerability, see the Qualys Security Advisory ["https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"]. This advisory will be updated as additional information becomes available. Solution(s) cisco-nx-update-latest References https://attackerkb.com/topics/cve-2024-6387 CVE - 2024-6387 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssh-rce-2024 cisco-sa-openssh-rce-2024

Ubuntu: (CVE-2024-4467): qemu vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/23/2025 Description A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. Solution(s) ubuntu-upgrade-qemu References https://attackerkb.com/topics/cve-2024-4467 CVE - 2024-4467 https://access.redhat.com/security/cve/CVE-2024-4467 https://www.cve.org/CVERecord?id=CVE-2024-4467

Red Hat: CVE-2024-24791: net/http: Denial of service due to improper 100-continue handling in net/http (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 07/02/2024 Created 09/25/2024 Added 09/24/2024 Modified 11/13/2024 Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-delve redhat-upgrade-delve-debuginfo redhat-upgrade-delve-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-go-toolset redhat-upgrade-golang redhat-upgrade-golang-bin redhat-upgrade-golang-docs redhat-upgrade-golang-misc redhat-upgrade-golang-race redhat-upgrade-golang-src redhat-upgrade-golang-tests redhat-upgrade-grafana redhat-upgrade-grafana-debuginfo redhat-upgrade-grafana-debugsource redhat-upgrade-grafana-selinux redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-debuginfo redhat-upgrade-skopeo-debugsource redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2024-24791 RHSA-2024:6908 RHSA-2024:6912 RHSA-2024:6913 RHSA-2024:6914 RHSA-2024:6969 RHSA-2024:7349 RHSA-2024:9089 RHSA-2024:9097 RHSA-2024:9098 RHSA-2024:9102 RHSA-2024:9115 RHSA-2024:9135 View more

Huawei EulerOS: CVE-2024-4467: qemu security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. Solution(s) huawei-euleros-2_0_sp9-upgrade-qemu-img References https://attackerkb.com/topics/cve-2024-4467 CVE - 2024-4467 EulerOS-SA-2024-2405

Alpine Linux: CVE-2023-39324: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/01/2024 Description Rejected reason: reserved but not needed Solution(s) alpine-linux-upgrade-go References https://attackerkb.com/topics/cve-2023-39324 CVE - 2023-39324 https://security.alpinelinux.org/vuln/CVE-2023-39324

Ubuntu: USN-6860-1 (CVE-2024-28882): OpenVPN vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 07/03/2024 Added 07/03/2024 Modified 10/23/2024 Description OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session Solution(s) ubuntu-upgrade-openvpn References https://attackerkb.com/topics/cve-2024-28882 CVE - 2024-28882 USN-6860-1

FreeBSD: VID-767DFB2D-3C9E-11EF-A829-5404A68AD561 (CVE-2024-39321): traefik -- Bypassing IP allow-lists via HTTP/3 early data requests Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 07/10/2024 Added 07/08/2024 Modified 07/08/2024 Description Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available. Solution(s) freebsd-upgrade-package-traefik References CVE-2024-39321

OS X update for OpenSSH (CVE-2024-39894) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 11/01/2024 Added 10/31/2024 Modified 10/31/2024 Description OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-39894 CVE - 2024-39894 https://support.apple.com/en-us/121238

SUSE: CVE-2024-4467: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 07/02/2024 Created 08/22/2024 Added 08/21/2024 Modified 08/28/2024 Description A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time, leading to denial of service or read/write to an existing external file. Solution(s) suse-upgrade-qemu suse-upgrade-qemu-accel-qtest suse-upgrade-qemu-accel-tcg-x86 suse-upgrade-qemu-arm suse-upgrade-qemu-audio-alsa suse-upgrade-qemu-audio-dbus suse-upgrade-qemu-audio-jack suse-upgrade-qemu-audio-pa suse-upgrade-qemu-audio-pipewire suse-upgrade-qemu-audio-spice suse-upgrade-qemu-block-curl suse-upgrade-qemu-block-dmg suse-upgrade-qemu-block-gluster suse-upgrade-qemu-block-iscsi suse-upgrade-qemu-block-nfs suse-upgrade-qemu-block-rbd suse-upgrade-qemu-block-ssh suse-upgrade-qemu-chardev-baum suse-upgrade-qemu-chardev-spice suse-upgrade-qemu-doc suse-upgrade-qemu-extra suse-upgrade-qemu-guest-agent suse-upgrade-qemu-headless suse-upgrade-qemu-hw-display-qxl suse-upgrade-qemu-hw-display-virtio-gpu suse-upgrade-qemu-hw-display-virtio-gpu-pci suse-upgrade-qemu-hw-display-virtio-vga suse-upgrade-qemu-hw-s390x-virtio-gpu-ccw suse-upgrade-qemu-hw-usb-host suse-upgrade-qemu-hw-usb-redirect suse-upgrade-qemu-hw-usb-smartcard suse-upgrade-qemu-img suse-upgrade-qemu-ipxe suse-upgrade-qemu-ivshmem-tools suse-upgrade-qemu-ksm suse-upgrade-qemu-kvm suse-upgrade-qemu-lang suse-upgrade-qemu-linux-user suse-upgrade-qemu-microvm suse-upgrade-qemu-ppc suse-upgrade-qemu-pr-helper suse-upgrade-qemu-s390x suse-upgrade-qemu-seabios suse-upgrade-qemu-sgabios suse-upgrade-qemu-skiboot suse-upgrade-qemu-slof suse-upgrade-qemu-spice suse-upgrade-qemu-tools suse-upgrade-qemu-ui-curses suse-upgrade-qemu-ui-dbus suse-upgrade-qemu-ui-gtk suse-upgrade-qemu-ui-opengl suse-upgrade-qemu-ui-spice-app suse-upgrade-qemu-ui-spice-core suse-upgrade-qemu-vgabios suse-upgrade-qemu-vhost-user-gpu suse-upgrade-qemu-x86 References https://attackerkb.com/topics/cve-2024-4467 CVE - 2024-4467

Rocky Linux: CVE-2024-6387: openssh: Possible remote code execution due to a race condition in signal handling Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 07/23/2024 Added 07/22/2024 Modified 12/11/2024 Description A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Solution(s) rocky-upgrade-openssh rocky-upgrade-openssh-askpass rocky-upgrade-openssh-askpass-debuginfo rocky-upgrade-openssh-clients rocky-upgrade-openssh-clients-debuginfo rocky-upgrade-openssh-debuginfo rocky-upgrade-openssh-debugsource rocky-upgrade-openssh-keycat rocky-upgrade-openssh-keycat-debuginfo rocky-upgrade-openssh-server rocky-upgrade-openssh-server-debuginfo rocky-upgrade-openssh-sk-dummy-debuginfo rocky-upgrade-pam_ssh_agent_auth rocky-upgrade-pam_ssh_agent_auth-debuginfo References https://attackerkb.com/topics/cve-2024-6387 CVE - 2024-6387 https://access.redhat.com/errata/RHSA-2024:4312

Ubuntu: USN-6983-1 (CVE-2024-32230): FFmpeg vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/01/2024 Created 09/04/2024 Added 09/03/2024 Modified 01/28/2025 Description FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 Solution(s) ubuntu-pro-upgrade-ffmpeg ubuntu-pro-upgrade-libav-tools ubuntu-pro-upgrade-libavcodec-dev ubuntu-pro-upgrade-libavcodec-extra57 ubuntu-pro-upgrade-libavcodec-extra58 ubuntu-pro-upgrade-libavcodec-extra60 ubuntu-pro-upgrade-libavcodec-ffmpeg-extra56 ubuntu-pro-upgrade-libavcodec-ffmpeg56 ubuntu-pro-upgrade-libavcodec57 ubuntu-pro-upgrade-libavcodec58 ubuntu-pro-upgrade-libavcodec60 ubuntu-pro-upgrade-libavdevice-ffmpeg56 ubuntu-pro-upgrade-libavdevice57 ubuntu-pro-upgrade-libavdevice58 ubuntu-pro-upgrade-libavdevice60 ubuntu-pro-upgrade-libavfilter-extra6 ubuntu-pro-upgrade-libavfilter-extra7 ubuntu-pro-upgrade-libavfilter-extra9 ubuntu-pro-upgrade-libavfilter-ffmpeg5 ubuntu-pro-upgrade-libavfilter6 ubuntu-pro-upgrade-libavfilter7 ubuntu-pro-upgrade-libavfilter9 ubuntu-pro-upgrade-libavformat-extra58 ubuntu-pro-upgrade-libavformat-extra60 ubuntu-pro-upgrade-libavformat-ffmpeg56 ubuntu-pro-upgrade-libavformat57 ubuntu-pro-upgrade-libavformat58 ubuntu-pro-upgrade-libavformat60 ubuntu-pro-upgrade-libavresample-ffmpeg2 ubuntu-pro-upgrade-libavresample3 ubuntu-pro-upgrade-libavresample4 ubuntu-pro-upgrade-libavutil-ffmpeg54 ubuntu-pro-upgrade-libavutil55 ubuntu-pro-upgrade-libavutil56 ubuntu-pro-upgrade-libavutil58 ubuntu-pro-upgrade-libpostproc-ffmpeg53 ubuntu-pro-upgrade-libpostproc54 ubuntu-pro-upgrade-libpostproc55 ubuntu-pro-upgrade-libpostproc57 ubuntu-pro-upgrade-libswresample-ffmpeg1 ubuntu-pro-upgrade-libswresample2 ubuntu-pro-upgrade-libswresample3 ubuntu-pro-upgrade-libswresample4 ubuntu-pro-upgrade-libswscale-ffmpeg3 ubuntu-pro-upgrade-libswscale4 ubuntu-pro-upgrade-libswscale5 ubuntu-pro-upgrade-libswscale7 References https://attackerkb.com/topics/cve-2024-32230 CVE - 2024-32230 USN-6983-1

Oracle Linux: CVE-2024-38476: ELSA-2024-5138:httpd security update (IMPORTANT) (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 07/01/2024 Created 08/20/2024 Added 08/16/2024 Modified 01/08/2025 Description Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue. A flaw was found in httpd. Backend applications whose response headers are malicious or exploitable may allow information disclosure, server-side request forgery (SSRF) or local script execution. Solution(s) oracle-linux-upgrade-httpd oracle-linux-upgrade-httpd-core oracle-linux-upgrade-httpd-devel oracle-linux-upgrade-httpd-filesystem oracle-linux-upgrade-httpd-manual oracle-linux-upgrade-httpd-tools oracle-linux-upgrade-mod-http2 oracle-linux-upgrade-mod-ldap oracle-linux-upgrade-mod-lua oracle-linux-upgrade-mod-md oracle-linux-upgrade-mod-proxy-html oracle-linux-upgrade-mod-session oracle-linux-upgrade-mod-ssl References https://attackerkb.com/topics/cve-2024-38476 CVE - 2024-38476 ELSA-2024-5138 ELSA-2024-5193 ELSA-2024-7101