ISHACK AI BOT

Alma Linux: CVE-2024-24790: Moderate: go-toolset security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/05/2024 Created 07/03/2024 Added 07/03/2024 Modified 01/28/2025 Description The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Solution(s) alma-upgrade-delve alma-upgrade-go-toolset alma-upgrade-golang alma-upgrade-golang-bin alma-upgrade-golang-docs alma-upgrade-golang-misc alma-upgrade-golang-src alma-upgrade-golang-tests alma-upgrade-grafana alma-upgrade-grafana-selinux References https://attackerkb.com/topics/cve-2024-24790 CVE - 2024-24790 https://errata.almalinux.org/8/ALSA-2024-4237.html https://errata.almalinux.org/8/ALSA-2024-5291.html https://errata.almalinux.org/9/ALSA-2024-4212.html https://errata.almalinux.org/9/ALSA-2024-9115.html

Alma Linux: CVE-2024-34055: Moderate: cyrus-imapd security update (ALSA-2024-9195) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 06/05/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. Solution(s) alma-upgrade-cyrus-imapd alma-upgrade-cyrus-imapd-libs alma-upgrade-cyrus-imapd-utils alma-upgrade-perl-cyrus References https://attackerkb.com/topics/cve-2024-34055 CVE - 2024-34055 https://errata.almalinux.org/9/ALSA-2024-9195.html

Ubuntu: (Multiple Advisories) (CVE-2024-24790): Go vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/05/2024 Created 07/10/2024 Added 07/10/2024 Modified 01/28/2025 Description The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Solution(s) ubuntu-pro-upgrade-golang-1-18 ubuntu-pro-upgrade-golang-1-18-go ubuntu-pro-upgrade-golang-1-18-src ubuntu-pro-upgrade-golang-1-21 ubuntu-pro-upgrade-golang-1-21-go ubuntu-pro-upgrade-golang-1-21-src ubuntu-pro-upgrade-golang-1-22 ubuntu-pro-upgrade-golang-1-22-go ubuntu-pro-upgrade-golang-1-22-src References https://attackerkb.com/topics/cve-2024-24790 CVE - 2024-24790 USN-6886-1 USN-7109-1

Ubuntu: USN-7224-1 (CVE-2024-34055): Cyrus IMAP Server vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 06/05/2024 Created 01/25/2025 Added 01/24/2025 Modified 01/28/2025 Description Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. Solution(s) ubuntu-pro-upgrade-cyrus-admin ubuntu-pro-upgrade-cyrus-caldav ubuntu-pro-upgrade-cyrus-clients ubuntu-pro-upgrade-cyrus-common ubuntu-pro-upgrade-cyrus-dev ubuntu-pro-upgrade-cyrus-imapd ubuntu-pro-upgrade-cyrus-murder ubuntu-pro-upgrade-cyrus-nntpd ubuntu-pro-upgrade-cyrus-pop3d ubuntu-pro-upgrade-cyrus-replication ubuntu-pro-upgrade-libcyrus-imap-perl References https://attackerkb.com/topics/cve-2024-34055 CVE - 2024-34055 USN-7224-1

VMware Photon OS: CVE-2024-24790 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/05/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-24790 CVE - 2024-24790

Oracle Linux: CVE-2024-24790: ELSA-2024-5291:grafana security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:N) Published 06/04/2024 Created 07/04/2024 Added 07/03/2024 Modified 02/13/2025 Description The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data. Solution(s) oracle-linux-upgrade-delve oracle-linux-upgrade-golang oracle-linux-upgrade-golang-bin oracle-linux-upgrade-golang-docs oracle-linux-upgrade-golang-misc oracle-linux-upgrade-golang-src oracle-linux-upgrade-golang-tests oracle-linux-upgrade-go-toolset oracle-linux-upgrade-grafana oracle-linux-upgrade-grafana-selinux oracle-linux-upgrade-terraform-provider-oci-fips References https://attackerkb.com/topics/cve-2024-24790 CVE - 2024-24790 ELSA-2024-5291 ELSA-2024-4237 ELSA-2024-4212 ELSA-2024-8876 ELSA-2024-9115 ELSA-2025-31356 View more

Oracle Linux: CVE-2024-24789: ELSA-2024-5258:container-tools:ol8 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 06/04/2024 Created 07/04/2024 Added 07/03/2024 Modified 01/08/2025 Description The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-delve oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-golang oracle-linux-upgrade-golang-bin oracle-linux-upgrade-golang-docs oracle-linux-upgrade-golang-misc oracle-linux-upgrade-golang-src oracle-linux-upgrade-golang-tests oracle-linux-upgrade-go-toolset oracle-linux-upgrade-grafana oracle-linux-upgrade-grafana-selinux oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-catatonit oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-gvproxy oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-runc oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns oracle-linux-upgrade-udica References https://attackerkb.com/topics/cve-2024-24789 CVE - 2024-24789 ELSA-2024-5258 ELSA-2024-5291 ELSA-2024-4237 ELSA-2024-4212 ELSA-2024-9115 ELSA-2024-9102 View more

Amazon Linux AMI 2: CVE-2024-34363: Security patch for ecs-service-connect-agent (ALASECS-2024-037) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/04/2024 Created 06/26/2024 Added 06/26/2024 Modified 01/28/2025 Description Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash. Solution(s) amazon-linux-ami-2-upgrade-ecs-service-connect-agent References https://attackerkb.com/topics/cve-2024-34363 AL2/ALASECS-2024-037 CVE - 2024-34363

Amazon Linux AMI 2: CVE-2024-32976: Security patch for ecs-service-connect-agent (ALASECS-2024-037) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/04/2024 Created 06/26/2024 Added 06/26/2024 Modified 01/28/2025 Description Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input. Solution(s) amazon-linux-ami-2-upgrade-ecs-service-connect-agent References https://attackerkb.com/topics/cve-2024-32976 AL2/ALASECS-2024-037 CVE - 2024-32976

Amazon Linux 2023: CVE-2024-32976: Important priority package update for ecs-service-connect-agent Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/04/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input. Solution(s) amazon-linux-2023-upgrade-ecs-service-connect-agent References https://attackerkb.com/topics/cve-2024-32976 CVE - 2024-32976 https://alas.aws.amazon.com/AL2023/ALAS-2024-647.html

Amazon Linux AMI 2: CVE-2024-34362: Security patch for ecs-service-connect-agent (ALASECS-2024-037) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 06/04/2024 Created 06/26/2024 Added 06/26/2024 Modified 01/28/2025 Description Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection. Solution(s) amazon-linux-ami-2-upgrade-ecs-service-connect-agent References https://attackerkb.com/topics/cve-2024-34362 AL2/ALASECS-2024-037 CVE - 2024-34362

Amazon Linux 2023: CVE-2024-34362: Important priority package update for ecs-service-connect-agent Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 06/04/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection. Solution(s) amazon-linux-2023-upgrade-ecs-service-connect-agent References https://attackerkb.com/topics/cve-2024-34362 CVE - 2024-34362 https://alas.aws.amazon.com/AL2023/ALAS-2024-647.html

Amazon Linux AMI 2: CVE-2024-32974: Security patch for ecs-service-connect-agent (ALASECS-2024-037) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/04/2024 Created 06/26/2024 Added 06/26/2024 Modified 01/30/2025 Description Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free. Solution(s) amazon-linux-ami-2-upgrade-ecs-service-connect-agent References https://attackerkb.com/topics/cve-2024-32974 AL2/ALASECS-2024-037 CVE - 2024-32974

Amazon Linux 2023: CVE-2024-24790: Medium priority package update for golang (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:N) Published 06/04/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data. Solution(s) amazon-linux-2023-upgrade-amazon-ecr-credential-helper amazon-linux-2023-upgrade-amazon-ssm-agent amazon-linux-2023-upgrade-containerd amazon-linux-2023-upgrade-containerd-debuginfo amazon-linux-2023-upgrade-containerd-debugsource amazon-linux-2023-upgrade-containerd-stress amazon-linux-2023-upgrade-containerd-stress-debuginfo amazon-linux-2023-upgrade-docker amazon-linux-2023-upgrade-docker-debuginfo amazon-linux-2023-upgrade-docker-debugsource amazon-linux-2023-upgrade-golang amazon-linux-2023-upgrade-golang-bin amazon-linux-2023-upgrade-golang-docs amazon-linux-2023-upgrade-golang-misc amazon-linux-2023-upgrade-golang-shared amazon-linux-2023-upgrade-golang-src amazon-linux-2023-upgrade-golang-tests amazon-linux-2023-upgrade-runc amazon-linux-2023-upgrade-runc-debuginfo amazon-linux-2023-upgrade-runc-debugsource References https://attackerkb.com/topics/cve-2024-24790 CVE - 2024-24790 https://alas.aws.amazon.com/AL2023/ALAS-2024-646.html https://alas.aws.amazon.com/AL2023/ALAS-2024-697.html https://alas.aws.amazon.com/AL2023/ALAS-2024-710.html https://alas.aws.amazon.com/AL2023/ALAS-2024-711.html https://alas.aws.amazon.com/AL2023/ALAS-2024-734.html https://alas.aws.amazon.com/AL2023/ALAS-2024-735.html View more

FreeBSD: (Multiple Advisories) (CVE-2024-24789): go -- multiple vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 06/04/2024 Created 06/17/2024 Added 06/16/2024 Modified 01/28/2025 Description The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. Solution(s) freebsd-upgrade-package-forgejo freebsd-upgrade-package-go121 freebsd-upgrade-package-go122 References CVE-2024-24789

Amazon Linux 2023: CVE-2024-24789: Medium priority package update for golang Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 06/04/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files. Solution(s) amazon-linux-2023-upgrade-golang amazon-linux-2023-upgrade-golang-bin amazon-linux-2023-upgrade-golang-docs amazon-linux-2023-upgrade-golang-misc amazon-linux-2023-upgrade-golang-shared amazon-linux-2023-upgrade-golang-src amazon-linux-2023-upgrade-golang-tests References https://attackerkb.com/topics/cve-2024-24789 CVE - 2024-24789 https://alas.aws.amazon.com/AL2023/ALAS-2024-646.html

SUSE: CVE-2024-28103: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/04/2024 Created 06/13/2024 Added 06/12/2024 Modified 01/28/2025 Description Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in6.1.7.8, 7.0.8.2, and 7.1.3.3. Solution(s) suse-upgrade-rmt-server suse-upgrade-rmt-server-config suse-upgrade-rmt-server-pubcloud References https://attackerkb.com/topics/cve-2024-28103 CVE - 2024-28103

Amazon Linux 2023: CVE-2024-32975: Important priority package update for ecs-service-connect-agent Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 06/04/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation. Solution(s) amazon-linux-2023-upgrade-ecs-service-connect-agent References https://attackerkb.com/topics/cve-2024-32975 CVE - 2024-32975 https://alas.aws.amazon.com/AL2023/ALAS-2024-647.html

Amazon Linux AMI 2: CVE-2024-32975: Security patch for ecs-service-connect-agent (ALASECS-2024-037) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 06/04/2024 Created 06/26/2024 Added 06/26/2024 Modified 01/28/2025 Description Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation. Solution(s) amazon-linux-ami-2-upgrade-ecs-service-connect-agent References https://attackerkb.com/topics/cve-2024-32975 AL2/ALASECS-2024-037 CVE - 2024-32975

Apache OFBiz: CVE-2024-36104: Path Traversal vulnerability. Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 06/04/2024 Created 09/06/2024 Added 12/23/2024 Modified 12/23/2024 Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.14. Users are recommended to upgrade to version 18.12.14, which fixes the issue. Solution(s) apache-ofbiz-upgrade-latest References https://attackerkb.com/topics/cve-2024-36104 CVE - 2024-36104

Amazon Linux AMI 2: CVE-2024-23326: Security patch for ecs-service-connect-agent (ALASECS-2024-037) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 06/04/2024 Created 06/26/2024 Added 06/26/2024 Modified 01/28/2025 Description Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response. Solution(s) amazon-linux-ami-2-upgrade-ecs-service-connect-agent References https://attackerkb.com/topics/cve-2024-23326 AL2/ALASECS-2024-037 CVE - 2024-23326

Amazon Linux 2023: CVE-2024-23326: Important priority package update for ecs-service-connect-agent Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 06/04/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response. Solution(s) amazon-linux-2023-upgrade-ecs-service-connect-agent References https://attackerkb.com/topics/cve-2024-23326 CVE - 2024-23326 https://alas.aws.amazon.com/AL2023/ALAS-2024-647.html

Ubuntu: (Multiple Advisories) (CVE-2024-24789): Go vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 06/05/2024 Created 07/10/2024 Added 07/10/2024 Modified 01/30/2025 Description The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. Solution(s) ubuntu-pro-upgrade-golang-1-17 ubuntu-pro-upgrade-golang-1-17-go ubuntu-pro-upgrade-golang-1-17-src ubuntu-pro-upgrade-golang-1-18 ubuntu-pro-upgrade-golang-1-18-go ubuntu-pro-upgrade-golang-1-18-src ubuntu-pro-upgrade-golang-1-21 ubuntu-pro-upgrade-golang-1-21-go ubuntu-pro-upgrade-golang-1-21-src ubuntu-pro-upgrade-golang-1-22 ubuntu-pro-upgrade-golang-1-22-go ubuntu-pro-upgrade-golang-1-22-src References https://attackerkb.com/topics/cve-2024-24789 CVE - 2024-24789 USN-6886-1 USN-7109-1 USN-7111-1

Oracle Linux: CVE-2024-34055: ELSA-2024-9195:cyrus-imapd security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 06/05/2024 Created 11/23/2024 Added 11/21/2024 Modified 01/07/2025 Description Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. A flaw was found in Cyrus IMAP before versions 3.8.3 and 3.10.x , and before 3.10.0-rc1. This flaw allows authenticated attackers to cause unbounded memory allocation by sending multiple LITERALs in a single command. Solution(s) oracle-linux-upgrade-cyrus-imapd oracle-linux-upgrade-cyrus-imapd-libs oracle-linux-upgrade-cyrus-imapd-utils oracle-linux-upgrade-perl-cyrus References https://attackerkb.com/topics/cve-2024-34055 CVE - 2024-34055 ELSA-2024-9195

Amazon Linux AMI: CVE-2024-24790: Security patch for amazon-ssm-agent (ALAS-2024-1948) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/05/2024 Created 10/05/2024 Added 10/04/2024 Modified 01/28/2025 Description The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Solution(s) amazon-linux-upgrade-amazon-ssm-agent References ALAS-2024-1948 CVE-2024-24790