ISHACK AI BOT

Debian: CVE-2024-0092: Multiple Affected Packages Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 06/13/2024 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service. Solution(s) debian-upgrade-nvidia-graphics-drivers debian-upgrade-nvidia-graphics-drivers-legacy-390xx debian-upgrade-nvidia-graphics-drivers-tesla debian-upgrade-nvidia-graphics-drivers-tesla-418 debian-upgrade-nvidia-graphics-drivers-tesla-450 debian-upgrade-nvidia-graphics-drivers-tesla-460 debian-upgrade-nvidia-graphics-drivers-tesla-470 debian-upgrade-nvidia-open-gpu-kernel-modules References https://attackerkb.com/topics/cve-2024-0092 CVE - 2024-0092

Oracle Linux: CVE-2024-5953: ELSA-2024-5192:389-ds-base security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:A/AC:L/Au:S/C:N/I:N/A:C) Published 06/13/2024 Created 08/20/2024 Added 08/16/2024 Modified 12/01/2024 Description A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password. Solution(s) oracle-linux-upgrade-389-ds-base oracle-linux-upgrade-389-ds-base-devel oracle-linux-upgrade-389-ds-base-legacy-tools oracle-linux-upgrade-389-ds-base-libs oracle-linux-upgrade-389-ds-base-snmp oracle-linux-upgrade-python3-lib389 References https://attackerkb.com/topics/cve-2024-5953 CVE - 2024-5953 ELSA-2024-5192 ELSA-2024-6153 ELSA-2024-6569

SUSE: CVE-2024-4741: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/13/2024 Created 06/14/2024 Added 06/14/2024 Modified 11/15/2024 Description Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Solution(s) suse-upgrade-libopenssl-1_1-devel suse-upgrade-libopenssl-1_1-devel-32bit suse-upgrade-libopenssl-3-devel suse-upgrade-libopenssl-3-devel-32bit suse-upgrade-libopenssl-3-fips-provider suse-upgrade-libopenssl-3-fips-provider-32bit suse-upgrade-libopenssl1_1 suse-upgrade-libopenssl1_1-32bit suse-upgrade-libopenssl1_1-hmac suse-upgrade-libopenssl1_1-hmac-32bit suse-upgrade-libopenssl3 suse-upgrade-libopenssl3-32bit suse-upgrade-openssl-1_1 suse-upgrade-openssl-1_1-doc suse-upgrade-openssl-3 suse-upgrade-openssl-3-doc References https://attackerkb.com/topics/cve-2024-4741 CVE - 2024-4741

VMware Photon OS: CVE-2024-38428 Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 06/16/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-38428 CVE - 2024-38428

Huawei EulerOS: CVE-2024-38428: wget security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 06/16/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. Solution(s) huawei-euleros-2_0_sp9-upgrade-wget References https://attackerkb.com/topics/cve-2024-38428 CVE - 2024-38428 EulerOS-SA-2024-2407

FreeBSD: VID-C742DBE8-3704-11EF-9E6E-B42E991FC52E (CVE-2024-38440): netatalk3 -- Multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/16/2024 Created 07/02/2024 Added 07/01/2024 Modified 07/01/2024 Description Netatalk before 3.2.1 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=<optimized out>, ibuf=0x62d000010424 "", ibuflen=0xffffffffffff0015, rbuf=<optimized out>, rbuflen=<optimized out>) ... afp_over_dsi(obj=0x5555556154c0 <obj>).' 2.4.1 and 3.1.19 are also fixed versions. Solution(s) freebsd-upgrade-package-netatalk3 References CVE-2024-38440

Huawei EulerOS: CVE-2024-38428: wget security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 06/16/2024 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. Solution(s) huawei-euleros-2_0_sp10-upgrade-wget References https://attackerkb.com/topics/cve-2024-38428 CVE - 2024-38428 EulerOS-SA-2024-2453

Red Hat: CVE-2024-38428: wget: Misinterpretation of input may lead to improper behavior (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 06/16/2024 Created 09/07/2024 Added 09/06/2024 Modified 09/13/2024 Description url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. Solution(s) redhat-upgrade-wget redhat-upgrade-wget-debuginfo redhat-upgrade-wget-debugsource References CVE-2024-38428 RHSA-2024:5299 RHSA-2024:6192 RHSA-2024:6208 RHSA-2024:6438

SUSE: CVE-2024-38428: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 06/16/2024 Created 06/24/2024 Added 06/24/2024 Modified 01/28/2025 Description url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent. Solution(s) suse-upgrade-wget suse-upgrade-wget-lang References https://attackerkb.com/topics/cve-2024-38428 CVE - 2024-38428

FreeBSD: VID-C742DBE8-3704-11EF-9E6E-B42E991FC52E (CVE-2024-38441): netatalk3 -- Multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/16/2024 Created 07/02/2024 Added 07/01/2024 Modified 07/01/2024 Description Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions. Solution(s) freebsd-upgrade-package-netatalk3 References CVE-2024-38441

SUSE: CVE-2024-38441: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/16/2024 Created 07/09/2024 Added 07/09/2024 Modified 07/09/2024 Description Netatalk before 3.2.1 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c. 2.4.1 and 3.1.19 are also fixed versions. Solution(s) suse-upgrade-libatalk0 suse-upgrade-netatalk suse-upgrade-netatalk-devel References https://attackerkb.com/topics/cve-2024-38441 CVE - 2024-38441

SUSE: CVE-2023-52890: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/13/2024 Created 06/20/2024 Added 06/19/2024 Modified 06/26/2024 Description NTFS-3G before 75dcdc2 has a use-after-free in ntfs_uppercase_mbs in libntfs-3g/unistr.c. NOTE: discussion suggests that exploitation would be challenging. Solution(s) suse-upgrade-libntfs-3g-devel suse-upgrade-libntfs-3g84 suse-upgrade-libntfs-3g87 suse-upgrade-ntfs-3g suse-upgrade-ntfsprogs suse-upgrade-ntfsprogs-extra References https://attackerkb.com/topics/cve-2023-52890 CVE - 2023-52890

Rocky Linux: CVE-2024-2698: idm-DL1 (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 06/12/2024 Created 06/17/2024 Added 06/17/2024 Modified 01/30/2025 Description A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule. Solution(s) rocky-upgrade-bind-dyndb-ldap rocky-upgrade-bind-dyndb-ldap-debuginfo rocky-upgrade-bind-dyndb-ldap-debugsource rocky-upgrade-ipa-client rocky-upgrade-ipa-client-debuginfo rocky-upgrade-ipa-client-epn rocky-upgrade-ipa-client-samba rocky-upgrade-ipa-debuginfo rocky-upgrade-ipa-debugsource rocky-upgrade-ipa-server rocky-upgrade-ipa-server-debuginfo rocky-upgrade-ipa-server-trust-ad rocky-upgrade-ipa-server-trust-ad-debuginfo rocky-upgrade-opendnssec rocky-upgrade-opendnssec-debuginfo rocky-upgrade-opendnssec-debugsource rocky-upgrade-slapi-nis rocky-upgrade-slapi-nis-debuginfo rocky-upgrade-slapi-nis-debugsource rocky-upgrade-softhsm rocky-upgrade-softhsm-debuginfo rocky-upgrade-softhsm-debugsource rocky-upgrade-softhsm-devel References https://attackerkb.com/topics/cve-2024-2698 CVE - 2024-2698 https://errata.rockylinux.org/RLSA-2024:3754 https://errata.rockylinux.org/RLSA-2024:3755

Ubuntu: (CVE-2024-0091): nvidia-graphics-drivers-470 vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/13/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering. Solution(s) ubuntu-upgrade-nvidia-graphics-drivers-470 ubuntu-upgrade-nvidia-graphics-drivers-470-server ubuntu-upgrade-nvidia-graphics-drivers-535 ubuntu-upgrade-nvidia-graphics-drivers-535-server References https://attackerkb.com/topics/cve-2024-0091 CVE - 2024-0091 https://nvidia.custhelp.com/app/answers/detail/a_id/5551 https://www.cve.org/CVERecord?id=CVE-2024-0091

Amazon Linux AMI 2: CVE-2024-5742: Security patch for nano (ALAS-2024-2590) Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 06/12/2024 Created 07/23/2024 Added 07/23/2024 Modified 01/28/2025 Description A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. Solution(s) amazon-linux-ami-2-upgrade-nano amazon-linux-ami-2-upgrade-nano-debuginfo References https://attackerkb.com/topics/cve-2024-5742 AL2/ALAS-2024-2590 CVE - 2024-5742

FreeBSD: VID-92CD1C03-2940-11EF-BC02-001B217B3468 (CVE-2024-4201): Gitlab -- Vulnerabilities Severity 4 CVSS (AV:N/AC:H/Au:S/C:P/I:P/A:N) Published 06/12/2024 Created 06/14/2024 Added 06/13/2024 Modified 01/28/2025 Description A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 16.10.7, all versions starting from 16.11 before 16.111.4, all versions starting from 17.0 before 17.0.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. Solution(s) freebsd-upgrade-package-gitlab-ce freebsd-upgrade-package-gitlab-ee References CVE-2024-4201

SUSE: CVE-2024-269355: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/12/2024 Created 06/14/2024 Added 06/13/2024 Modified 06/13/2024 Description SUSE: CVE-2024-269355: SUSE Linux Security Advisory Solution(s) suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-rt suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-devel-rt suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source-rt suse-upgrade-kernel-syms-rt suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-269355 CVE - 2024-269355 SUSE-SU-2024:2008-1

Google Chrome Vulnerability: CVE-2024-5843 Inappropriate implementation in Downloads Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/12/2024 Created 06/13/2024 Added 06/12/2024 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-5843 CVE - 2024-5843

Google Chrome Vulnerability: CVE-2024-5835 Heap buffer overflow in Tab Groups Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/12/2024 Created 06/13/2024 Added 06/12/2024 Modified 01/28/2025 Description Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-5835 CVE - 2024-5835

Google Chrome Vulnerability: CVE-2024-5845 Use after free in Audio Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/12/2024 Created 06/13/2024 Added 06/12/2024 Modified 01/28/2025 Description Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-5845 CVE - 2024-5845

Alma Linux: CVE-2024-3183: Important: idm:DL1 security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:N) Published 06/12/2024 Created 06/24/2024 Added 06/24/2024 Modified 01/30/2025 Description A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password). Solution(s) alma-upgrade-bind-dyndb-ldap alma-upgrade-custodia alma-upgrade-ipa-client alma-upgrade-ipa-client-common alma-upgrade-ipa-client-epn alma-upgrade-ipa-client-samba alma-upgrade-ipa-common alma-upgrade-ipa-healthcheck alma-upgrade-ipa-healthcheck-core alma-upgrade-ipa-python-compat alma-upgrade-ipa-selinux alma-upgrade-ipa-server alma-upgrade-ipa-server-common alma-upgrade-ipa-server-dns alma-upgrade-ipa-server-trust-ad alma-upgrade-opendnssec alma-upgrade-python3-custodia alma-upgrade-python3-ipaclient alma-upgrade-python3-ipalib alma-upgrade-python3-ipaserver alma-upgrade-python3-ipatests alma-upgrade-python3-jwcrypto alma-upgrade-python3-kdcproxy alma-upgrade-python3-pyusb alma-upgrade-python3-qrcode alma-upgrade-python3-qrcode-core alma-upgrade-python3-yubico alma-upgrade-slapi-nis alma-upgrade-softhsm alma-upgrade-softhsm-devel References https://attackerkb.com/topics/cve-2024-3183 CVE - 2024-3183 https://errata.almalinux.org/8/ALSA-2024-3755.html https://errata.almalinux.org/9/ALSA-2024-3754.html

Alma Linux: CVE-2024-2698: Important: idm:DL1 security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 06/12/2024 Created 06/24/2024 Added 06/24/2024 Modified 01/30/2025 Description A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule. Solution(s) alma-upgrade-bind-dyndb-ldap alma-upgrade-custodia alma-upgrade-ipa-client alma-upgrade-ipa-client-common alma-upgrade-ipa-client-epn alma-upgrade-ipa-client-samba alma-upgrade-ipa-common alma-upgrade-ipa-healthcheck alma-upgrade-ipa-healthcheck-core alma-upgrade-ipa-python-compat alma-upgrade-ipa-selinux alma-upgrade-ipa-server alma-upgrade-ipa-server-common alma-upgrade-ipa-server-dns alma-upgrade-ipa-server-trust-ad alma-upgrade-opendnssec alma-upgrade-python3-custodia alma-upgrade-python3-ipaclient alma-upgrade-python3-ipalib alma-upgrade-python3-ipaserver alma-upgrade-python3-ipatests alma-upgrade-python3-jwcrypto alma-upgrade-python3-kdcproxy alma-upgrade-python3-pyusb alma-upgrade-python3-qrcode alma-upgrade-python3-qrcode-core alma-upgrade-python3-yubico alma-upgrade-slapi-nis alma-upgrade-softhsm alma-upgrade-softhsm-devel References https://attackerkb.com/topics/cve-2024-2698 CVE - 2024-2698 https://errata.almalinux.org/8/ALSA-2024-3755.html https://errata.almalinux.org/9/ALSA-2024-3754.html

Google Chrome Vulnerability: CVE-2024-5832 Use after free in Dawn Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/12/2024 Created 06/13/2024 Added 06/12/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-5832 CVE - 2024-5832

Amazon Linux AMI 2: CVE-2024-3183: Security patch for ipa (ALAS-2024-2585) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:N) Published 06/12/2024 Created 07/12/2024 Added 07/12/2024 Modified 01/30/2025 Description A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password). Solution(s) amazon-linux-ami-2-upgrade-ipa-client amazon-linux-ami-2-upgrade-ipa-client-common amazon-linux-ami-2-upgrade-ipa-common amazon-linux-ami-2-upgrade-ipa-debuginfo amazon-linux-ami-2-upgrade-ipa-python-compat amazon-linux-ami-2-upgrade-ipa-server amazon-linux-ami-2-upgrade-ipa-server-common amazon-linux-ami-2-upgrade-ipa-server-dns amazon-linux-ami-2-upgrade-ipa-server-trust-ad amazon-linux-ami-2-upgrade-python2-ipaclient amazon-linux-ami-2-upgrade-python2-ipalib amazon-linux-ami-2-upgrade-python2-ipaserver References https://attackerkb.com/topics/cve-2024-3183 AL2/ALAS-2024-2585 CVE - 2024-3183

Google Chrome Vulnerability: CVE-2024-5844 Heap buffer overflow in Tab Strip Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/12/2024 Created 06/13/2024 Added 06/12/2024 Modified 01/28/2025 Description Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-5844 CVE - 2024-5844