ISHACK AI BOT

Red Hat: CVE-2024-27851: webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/10/2024 Created 10/18/2024 Added 10/18/2024 Modified 11/27/2024 Description The issue was addressed with improved bounds checks. This issue is fixed in tvOS 17.5, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing maliciously crafted web content may lead to arbitrary code execution. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2024-27851 RHSA-2024:8180 RHSA-2024:8492 RHSA-2024:9636 RHSA-2024:9646

OS X update for ncurses (CVE-2023-40389) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Rocky Linux: CVE-2024-27820: webkit2gtk3 (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/10/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Processing web content may lead to arbitrary code execution. Solution(s) rocky-upgrade-webkit2gtk3 rocky-upgrade-webkit2gtk3-debuginfo rocky-upgrade-webkit2gtk3-debugsource rocky-upgrade-webkit2gtk3-devel rocky-upgrade-webkit2gtk3-devel-debuginfo rocky-upgrade-webkit2gtk3-jsc rocky-upgrade-webkit2gtk3-jsc-debuginfo rocky-upgrade-webkit2gtk3-jsc-devel rocky-upgrade-webkit2gtk3-jsc-devel-debuginfo References https://attackerkb.com/topics/cve-2024-27820 CVE - 2024-27820 https://errata.rockylinux.org/RLSA-2024:8180 https://errata.rockylinux.org/RLSA-2024:9636

OS X update for File System Events (CVE-2022-32897) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for DiskArbitration (CVE-2023-40389) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Rocky Linux: CVE-2024-27838: webkit2gtk3 (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/10/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user. Solution(s) rocky-upgrade-webkit2gtk3 rocky-upgrade-webkit2gtk3-debuginfo rocky-upgrade-webkit2gtk3-debugsource rocky-upgrade-webkit2gtk3-devel rocky-upgrade-webkit2gtk3-devel-debuginfo rocky-upgrade-webkit2gtk3-jsc rocky-upgrade-webkit2gtk3-jsc-debuginfo rocky-upgrade-webkit2gtk3-jsc-devel rocky-upgrade-webkit2gtk3-jsc-devel-debuginfo References https://attackerkb.com/topics/cve-2024-27838 CVE - 2024-27838 https://errata.rockylinux.org/RLSA-2024:8180 https://errata.rockylinux.org/RLSA-2024:9636

OS X update for IOUSBDeviceFamily (CVE-2023-40389) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Safari (CVE-2022-32933) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2024-27850: webkit2gtk, wpewebkit -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 06/10/2024 Created 09/28/2024 Added 09/27/2024 Modified 01/28/2025 Description This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in visionOS 1.2, macOS Sonoma 14.5, Safari 17.5, iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to fingerprint the user. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2024-27850 CVE - 2024-27850 DSA-5695-1

OS X update for PS Normalizer (CVE-2022-32933) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for PackageKit (CVE-2022-32933) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Spotlight (CVE-2022-32933) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2024-36971: Security patch for kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/10/2024 Created 07/12/2024 Added 07/11/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-350-266-564 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-219-208-866 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-161-106-159 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2024-36971 AL2/ALAS-2024-2622 AL2/ALASKERNEL-5.10-2024-063 AL2/ALASKERNEL-5.15-2024-045 AL2/ALASKERNEL-5.4-2024-075 CVE - 2024-36971

Oracle Linux: CVE-2024-2698: ELSA-2024-3755:idm:DL1 security update (IMPORTANT) (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 06/10/2024 Created 07/26/2024 Added 07/22/2024 Modified 01/07/2025 Description A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule. Solution(s) oracle-linux-upgrade-bind-dyndb-ldap oracle-linux-upgrade-custodia oracle-linux-upgrade-ipa-client oracle-linux-upgrade-ipa-client-common oracle-linux-upgrade-ipa-client-epn oracle-linux-upgrade-ipa-client-samba oracle-linux-upgrade-ipa-common oracle-linux-upgrade-ipa-healthcheck oracle-linux-upgrade-ipa-healthcheck-core oracle-linux-upgrade-ipa-python-compat oracle-linux-upgrade-ipa-selinux oracle-linux-upgrade-ipa-server oracle-linux-upgrade-ipa-server-common oracle-linux-upgrade-ipa-server-dns oracle-linux-upgrade-ipa-server-trust-ad oracle-linux-upgrade-opendnssec oracle-linux-upgrade-python3-custodia oracle-linux-upgrade-python3-ipaclient oracle-linux-upgrade-python3-ipalib oracle-linux-upgrade-python3-ipaserver oracle-linux-upgrade-python3-ipatests oracle-linux-upgrade-python3-jwcrypto oracle-linux-upgrade-python3-kdcproxy oracle-linux-upgrade-python3-pyusb oracle-linux-upgrade-python3-qrcode oracle-linux-upgrade-python3-qrcode-core oracle-linux-upgrade-python3-yubico oracle-linux-upgrade-slapi-nis oracle-linux-upgrade-softhsm oracle-linux-upgrade-softhsm-devel References https://attackerkb.com/topics/cve-2024-2698 CVE - 2024-2698 ELSA-2024-3755 ELSA-2024-3754

OS X update for ICU (CVE-2022-32933) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for GPU Drivers (CVE-2022-32933) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

FreeBSD: VID-5F608C68-276C-11EF-8CAA-0897988A1C07 (CVE-2024-35241): Composer -- Multiple command injections via malicious git/hg branch names Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/10/2024 Created 06/13/2024 Added 06/11/2024 Modified 06/11/2024 Description Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting. Solution(s) freebsd-upgrade-package-php81-composer freebsd-upgrade-package-php82-composer freebsd-upgrade-package-php83-composer References CVE-2024-35241

OS X update for GPU Drivers (CVE-2022-32897) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2024-36971: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/10/2024 Created 01/23/2025 Added 01/21/2025 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets. Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-36971 CVE - 2024-36971 EulerOS-SA-2025-1123

OS X update for Libsystem (CVE-2023-40389) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Software Update (CVE-2022-32933) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alpine Linux: CVE-2024-35242: Vulnerability in Multiple Components Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/10/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories. Solution(s) alpine-linux-upgrade-composer References https://attackerkb.com/topics/cve-2024-35242 CVE - 2024-35242 https://security.alpinelinux.org/vuln/CVE-2024-35242

Amazon Linux 2023: CVE-2024-36971: Medium priority package update for kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/10/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets. A use-after-free flaw was found in the Linux kernel's network route management. This flaw allows an attacker to alter the behavior of certain network connections. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-94-99-176 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-36971 CVE - 2024-36971 https://alas.aws.amazon.com/AL2023/ALAS-2024-658.html https://alas.aws.amazon.com/AL2023/ALAS-2024-683.html

OS X update for SharedFileList (CVE-2023-40389) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 06/10/2024 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2024-37535: Security patch for vte291 (ALAS-2024-2610) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 06/09/2024 Created 08/14/2024 Added 08/14/2024 Modified 08/14/2024 Description GNOME VTE before 0.76.3 allows an attacker to cause a denial of service (memory consumption) via a window resize escape sequence, a related issue to CVE-2000-0476. Solution(s) amazon-linux-ami-2-upgrade-vte-profile amazon-linux-ami-2-upgrade-vte291 amazon-linux-ami-2-upgrade-vte291-debuginfo amazon-linux-ami-2-upgrade-vte291-devel References https://attackerkb.com/topics/cve-2024-37535 AL2/ALAS-2024-2610 CVE - 2024-37535