ISHACK AI BOT

Alpine Linux: CVE-2024-32004: Vulnerability in Multiple Components Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 06/11/2024 Added 06/06/2024 Modified 10/02/2024 Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid cloning repositories from untrusted sources. Solution(s) alpine-linux-upgrade-git References https://attackerkb.com/topics/cve-2024-32004 CVE - 2024-32004 https://security.alpinelinux.org/vuln/CVE-2024-32004

Alpine Linux: CVE-2024-32020: Vulnerability in Multiple Components Severity 2 CVSS (AV:L/AC:H/Au:S/C:N/I:P/A:P) Published 05/14/2024 Created 06/11/2024 Added 06/06/2024 Modified 10/10/2024 Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a "proper" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. Solution(s) alpine-linux-upgrade-git References https://attackerkb.com/topics/cve-2024-32020 CVE - 2024-32020 https://security.alpinelinux.org/vuln/CVE-2024-32020

Ubuntu: USN-6772-1 (CVE-2022-4967): strongSwan vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/18/2024 Added 05/17/2024 Modified 10/23/2024 Description strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136). Solution(s) ubuntu-upgrade-libstrongswan ubuntu-upgrade-strongswan References https://attackerkb.com/topics/cve-2022-4967 CVE - 2022-4967 USN-6772-1

OS X update for AppleVA (CVE-2024-27829) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5. Processing a file may lead to unexpected app termination or arbitrary code execution. Solution(s) apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-27829 CVE - 2024-27829 https://support.apple.com/en-us/120903

Ubuntu: (Multiple Advisories) (CVE-2024-27395): Linux kernel vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/14/2024 Created 07/15/2024 Added 07/15/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1035-xilinx-zynqmp ubuntu-upgrade-linux-image-5-15-0-1048-gkeop ubuntu-upgrade-linux-image-5-15-0-1058-ibm ubuntu-upgrade-linux-image-5-15-0-1058-raspi ubuntu-upgrade-linux-image-5-15-0-1060-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1060-nvidia ubuntu-upgrade-linux-image-5-15-0-1060-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1062-gke ubuntu-upgrade-linux-image-5-15-0-1062-kvm ubuntu-upgrade-linux-image-5-15-0-1063-oracle ubuntu-upgrade-linux-image-5-15-0-1064-gcp ubuntu-upgrade-linux-image-5-15-0-1065-aws ubuntu-upgrade-linux-image-5-15-0-1065-gcp ubuntu-upgrade-linux-image-5-15-0-1068-azure ubuntu-upgrade-linux-image-5-15-0-1068-azure-fde ubuntu-upgrade-linux-image-5-15-0-116-generic ubuntu-upgrade-linux-image-5-15-0-116-generic-64k ubuntu-upgrade-linux-image-5-15-0-116-generic-lpae ubuntu-upgrade-linux-image-5-15-0-116-lowlatency ubuntu-upgrade-linux-image-5-15-0-116-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1040-iot ubuntu-upgrade-linux-image-5-4-0-1047-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1075-ibm ubuntu-upgrade-linux-image-5-4-0-1088-bluefield ubuntu-upgrade-linux-image-5-4-0-1095-gkeop ubuntu-upgrade-linux-image-5-4-0-1112-raspi ubuntu-upgrade-linux-image-5-4-0-1116-kvm ubuntu-upgrade-linux-image-5-4-0-1127-oracle ubuntu-upgrade-linux-image-5-4-0-1128-aws ubuntu-upgrade-linux-image-5-4-0-1132-gcp ubuntu-upgrade-linux-image-5-4-0-1133-azure ubuntu-upgrade-linux-image-5-4-0-189-generic ubuntu-upgrade-linux-image-5-4-0-189-generic-lpae ubuntu-upgrade-linux-image-5-4-0-189-lowlatency ubuntu-upgrade-linux-image-6-8-0-1008-gke ubuntu-upgrade-linux-image-6-8-0-1009-raspi ubuntu-upgrade-linux-image-6-8-0-1010-ibm ubuntu-upgrade-linux-image-6-8-0-1010-oem ubuntu-upgrade-linux-image-6-8-0-1010-oracle ubuntu-upgrade-linux-image-6-8-0-1010-oracle-64k ubuntu-upgrade-linux-image-6-8-0-1011-nvidia ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency ubuntu-upgrade-linux-image-6-8-0-1011-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-6-8-0-1012-azure ubuntu-upgrade-linux-image-6-8-0-1012-azure-fde ubuntu-upgrade-linux-image-6-8-0-1012-gcp ubuntu-upgrade-linux-image-6-8-0-1013-aws ubuntu-upgrade-linux-image-6-8-0-40-generic ubuntu-upgrade-linux-image-6-8-0-40-generic-64k ubuntu-upgrade-linux-image-6-8-0-40-lowlatency ubuntu-upgrade-linux-image-6-8-0-40-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-24-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-24-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-classic ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-ibm-lts-24-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-8 ubuntu-upgrade-linux-image-nvidia-64k ubuntu-upgrade-linux-image-nvidia-64k-6-8 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-nvidia-lowlatency-64k ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-24-04 ubuntu-upgrade-linux-image-oem-24-04a ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-24-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-27395 CVE - 2024-27395 USN-6896-1 USN-6896-2 USN-6896-3 USN-6896-4 USN-6896-5 USN-6898-1 USN-6898-2 USN-6898-3 USN-6898-4 USN-6917-1 USN-6919-1 USN-6927-1 USN-6949-1 USN-6949-2 USN-6952-1 USN-6952-2 USN-6955-1 USN-7019-1 View more

Ubuntu: USN-6802-1 (CVE-2024-4317): PostgreSQL vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/07/2024 Added 06/06/2024 Modified 02/14/2025 Description Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected. Solution(s) ubuntu-upgrade-postgresql-14 ubuntu-upgrade-postgresql-15 ubuntu-upgrade-postgresql-16 ubuntu-upgrade-postgresql-client-14 ubuntu-upgrade-postgresql-client-15 ubuntu-upgrade-postgresql-client-16 References https://attackerkb.com/topics/cve-2024-4317 CVE - 2024-4317 USN-6802-1

Ubuntu: USN-6788-1 (CVE-2024-27834): WebKitGTK vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 05/14/2024 Created 06/07/2024 Added 06/06/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Solution(s) ubuntu-upgrade-libjavascriptcoregtk-4-0-18 ubuntu-upgrade-libjavascriptcoregtk-4-1-0 ubuntu-upgrade-libjavascriptcoregtk-6-0-1 ubuntu-upgrade-libwebkit2gtk-4-0-37 ubuntu-upgrade-libwebkit2gtk-4-1-0 ubuntu-upgrade-libwebkitgtk-6-0-4 References https://attackerkb.com/topics/cve-2024-27834 CVE - 2024-27834 USN-6788-1

Ubuntu: (Multiple Advisories) (CVE-2024-4367): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/28/2024 Added 05/28/2024 Modified 01/28/2025 Description A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-4367 CVE - 2024-4367 USN-6779-1 USN-6779-2 USN-6782-1

Ubuntu: USN-6969-1 (CVE-2024-31459): Cacti vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 05/14/2024 Created 08/22/2024 Added 08/21/2024 Modified 01/28/2025 Description Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue. Solution(s) ubuntu-pro-upgrade-cacti References https://attackerkb.com/topics/cve-2024-31459 CVE - 2024-31459 USN-6969-1

Ubuntu: USN-6969-1 (CVE-2024-31458): Cacti vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 05/14/2024 Created 08/22/2024 Added 08/21/2024 Modified 01/28/2025 Description Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue. Solution(s) ubuntu-pro-upgrade-cacti References https://attackerkb.com/topics/cve-2024-31458 CVE - 2024-31458 USN-6969-1

Ubuntu: (Multiple Advisories) (CVE-2024-32465): Git vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/07/2024 Added 06/06/2024 Modified 11/15/2024 Description Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources. Solution(s) ubuntu-pro-upgrade-git References https://attackerkb.com/topics/cve-2024-32465 CVE - 2024-32465 USN-6793-1 USN-7023-1

Ubuntu: USN-6773-1 (CVE-2024-30045): .NET vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/21/2024 Added 05/20/2024 Modified 01/28/2025 Description .NET and Visual Studio Remote Code Execution Vulnerability Solution(s) ubuntu-upgrade-aspnetcore-runtime-7-0 ubuntu-upgrade-aspnetcore-runtime-8-0 ubuntu-upgrade-dotnet-host-7-0 ubuntu-upgrade-dotnet-host-8-0 ubuntu-upgrade-dotnet-hostfxr-7-0 ubuntu-upgrade-dotnet-hostfxr-8-0 ubuntu-upgrade-dotnet-runtime-7-0 ubuntu-upgrade-dotnet-runtime-8-0 ubuntu-upgrade-dotnet-sdk-7-0 ubuntu-upgrade-dotnet-sdk-8-0 ubuntu-upgrade-dotnet7 ubuntu-upgrade-dotnet8 References https://attackerkb.com/topics/cve-2024-30045 CVE - 2024-30045 USN-6773-1

Ubuntu: USN-6789-1 (CVE-2024-3044): LibreOffice vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/07/2024 Added 06/06/2024 Modified 10/23/2024 Description Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted. Solution(s) ubuntu-upgrade-libreoffice References https://attackerkb.com/topics/cve-2024-3044 CVE - 2024-3044 USN-6789-1

Ubuntu: USN-6838-1 (CVE-2024-27282): Ruby vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/21/2024 Added 06/21/2024 Modified 10/23/2024 Description An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1. Solution(s) ubuntu-upgrade-libruby2-7 ubuntu-upgrade-libruby3-0 ubuntu-upgrade-libruby3-1 ubuntu-upgrade-libruby3-2 ubuntu-upgrade-ruby2-7 ubuntu-upgrade-ruby3-0 ubuntu-upgrade-ruby3-1 ubuntu-upgrade-ruby3-2 References https://attackerkb.com/topics/cve-2024-27282 CVE - 2024-27282 USN-6838-1

OS X update for Kernel (CVE-2024-27818) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/15/2024 Added 05/14/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution. Solution(s) apple-osx-upgrade-14_5 References https://attackerkb.com/topics/cve-2024-27818 CVE - 2024-27818 https://support.apple.com/en-us/120903

Ubuntu: (Multiple Advisories) (CVE-2024-4764): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/28/2024 Added 05/28/2024 Modified 07/03/2024 Description Multiple WebRTC threads could have claimed a newly connected audio input leading to use-after-free. This vulnerability affects Firefox < 126. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-4764 CVE - 2024-4764 USN-6779-1 USN-6779-2

Red Hat: CVE-2024-30045: dotnet: stack buffer overrun in Double Parse (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 09/03/2024 Description .NET and Visual Studio Remote Code Execution Vulnerability Solution(s) redhat-upgrade-aspnetcore-runtime-7-0 redhat-upgrade-aspnetcore-runtime-8-0 redhat-upgrade-aspnetcore-runtime-dbg-8-0 redhat-upgrade-aspnetcore-targeting-pack-7-0 redhat-upgrade-aspnetcore-targeting-pack-8-0 redhat-upgrade-dotnet redhat-upgrade-dotnet-apphost-pack-7-0 redhat-upgrade-dotnet-apphost-pack-7-0-debuginfo redhat-upgrade-dotnet-apphost-pack-8-0 redhat-upgrade-dotnet-apphost-pack-8-0-debuginfo redhat-upgrade-dotnet-host redhat-upgrade-dotnet-host-debuginfo redhat-upgrade-dotnet-hostfxr-7-0 redhat-upgrade-dotnet-hostfxr-7-0-debuginfo redhat-upgrade-dotnet-hostfxr-8-0 redhat-upgrade-dotnet-hostfxr-8-0-debuginfo redhat-upgrade-dotnet-runtime-7-0 redhat-upgrade-dotnet-runtime-7-0-debuginfo redhat-upgrade-dotnet-runtime-8-0 redhat-upgrade-dotnet-runtime-8-0-debuginfo redhat-upgrade-dotnet-runtime-dbg-8-0 redhat-upgrade-dotnet-sdk-7-0 redhat-upgrade-dotnet-sdk-7-0-debuginfo redhat-upgrade-dotnet-sdk-7-0-source-built-artifacts redhat-upgrade-dotnet-sdk-8-0 redhat-upgrade-dotnet-sdk-8-0-debuginfo redhat-upgrade-dotnet-sdk-8-0-source-built-artifacts redhat-upgrade-dotnet-sdk-dbg-8-0 redhat-upgrade-dotnet-targeting-pack-7-0 redhat-upgrade-dotnet-targeting-pack-8-0 redhat-upgrade-dotnet-templates-7-0 redhat-upgrade-dotnet-templates-8-0 redhat-upgrade-dotnet7-0-debuginfo redhat-upgrade-dotnet7-0-debugsource redhat-upgrade-dotnet8-0-debuginfo redhat-upgrade-dotnet8-0-debugsource redhat-upgrade-netstandard-targeting-pack-2-1 References CVE-2024-30045 RHSA-2024:2842 RHSA-2024:2843 RHSA-2024:3340 RHSA-2024:3345

SUSE: CVE-2024-32465: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/29/2024 Added 05/29/2024 Modified 05/29/2024 Description Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources. Solution(s) suse-upgrade-git suse-upgrade-git-arch suse-upgrade-git-core suse-upgrade-git-credential-gnome-keyring suse-upgrade-git-credential-libsecret suse-upgrade-git-cvs suse-upgrade-git-daemon suse-upgrade-git-doc suse-upgrade-git-email suse-upgrade-git-gui suse-upgrade-git-p4 suse-upgrade-git-svn suse-upgrade-git-web suse-upgrade-gitk suse-upgrade-perl-git References https://attackerkb.com/topics/cve-2024-32465 CVE - 2024-32465

SUSE: CVE-2024-32002: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/14/2024 Created 05/29/2024 Added 05/29/2024 Modified 01/28/2025 Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources. Solution(s) suse-upgrade-git suse-upgrade-git-arch suse-upgrade-git-core suse-upgrade-git-credential-gnome-keyring suse-upgrade-git-credential-libsecret suse-upgrade-git-cvs suse-upgrade-git-daemon suse-upgrade-git-doc suse-upgrade-git-email suse-upgrade-git-gui suse-upgrade-git-p4 suse-upgrade-git-svn suse-upgrade-git-web suse-upgrade-gitk suse-upgrade-perl-git References https://attackerkb.com/topics/cve-2024-32002 CVE - 2024-32002

SUSE: CVE-2024-29038: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 05/15/2024 Added 05/15/2024 Modified 07/01/2024 Description tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7. Solution(s) suse-upgrade-tpm2-0-tools References https://attackerkb.com/topics/cve-2024-29038 CVE - 2024-29038

Amazon Linux AMI 2: CVE-2023-52654: Security patch for kernel (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 08/29/2024 Added 08/28/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix would be to completely disallow sending io_uring files via sockets via SCM_RIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-205-195-804 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-145-95-156 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-52654 AL2/ALASKERNEL-5.10-2024-045 AL2/ALASKERNEL-5.15-2024-033 AL2/ALASKERNEL-5.4-2024-057 CVE - 2023-52654

Amazon Linux AMI 2: CVE-2024-32020: Security patch for git (ALAS-2024-2548) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/01/2024 Added 05/31/2024 Modified 05/31/2024 Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a "proper" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. Solution(s) amazon-linux-ami-2-upgrade-git amazon-linux-ami-2-upgrade-git-all amazon-linux-ami-2-upgrade-git-core amazon-linux-ami-2-upgrade-git-core-doc amazon-linux-ami-2-upgrade-git-credential-libsecret amazon-linux-ami-2-upgrade-git-cvs amazon-linux-ami-2-upgrade-git-daemon amazon-linux-ami-2-upgrade-git-debuginfo amazon-linux-ami-2-upgrade-git-email amazon-linux-ami-2-upgrade-git-gui amazon-linux-ami-2-upgrade-git-instaweb amazon-linux-ami-2-upgrade-git-p4 amazon-linux-ami-2-upgrade-git-subtree amazon-linux-ami-2-upgrade-git-svn amazon-linux-ami-2-upgrade-gitk amazon-linux-ami-2-upgrade-gitweb amazon-linux-ami-2-upgrade-perl-git amazon-linux-ami-2-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2024-32020 AL2/ALAS-2024-2548 CVE - 2024-32020

SUSE: CVE-2024-32610: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/21/2024 Added 06/21/2024 Modified 06/26/2024 Description HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer. Solution(s) suse-upgrade-hdf5-gnu-hpc suse-upgrade-hdf5-gnu-hpc-devel suse-upgrade-hdf5-gnu-mpich-hpc suse-upgrade-hdf5-gnu-mpich-hpc-devel suse-upgrade-hdf5-gnu-mvapich2-hpc suse-upgrade-hdf5-gnu-mvapich2-hpc-devel suse-upgrade-hdf5-gnu-openmpi1-hpc-devel suse-upgrade-hdf5-gnu-openmpi3-hpc suse-upgrade-hdf5-gnu-openmpi3-hpc-devel suse-upgrade-hdf5-gnu-openmpi4-hpc suse-upgrade-hdf5-gnu-openmpi4-hpc-devel suse-upgrade-hdf5-hpc-examples suse-upgrade-hdf5_1_10_11-gnu-hpc suse-upgrade-hdf5_1_10_11-gnu-hpc-devel suse-upgrade-hdf5_1_10_11-gnu-hpc-devel-static suse-upgrade-hdf5_1_10_11-gnu-hpc-module suse-upgrade-hdf5_1_10_11-gnu-mpich-hpc suse-upgrade-hdf5_1_10_11-gnu-mpich-hpc-devel suse-upgrade-hdf5_1_10_11-gnu-mpich-hpc-devel-static suse-upgrade-hdf5_1_10_11-gnu-mpich-hpc-module suse-upgrade-hdf5_1_10_11-gnu-mvapich2-hpc suse-upgrade-hdf5_1_10_11-gnu-mvapich2-hpc-devel suse-upgrade-hdf5_1_10_11-gnu-mvapich2-hpc-devel-static suse-upgrade-hdf5_1_10_11-gnu-mvapich2-hpc-module suse-upgrade-hdf5_1_10_11-gnu-openmpi1-hpc suse-upgrade-hdf5_1_10_11-gnu-openmpi1-hpc-devel suse-upgrade-hdf5_1_10_11-gnu-openmpi1-hpc-devel-static suse-upgrade-hdf5_1_10_11-gnu-openmpi1-hpc-module suse-upgrade-hdf5_1_10_11-gnu-openmpi3-hpc suse-upgrade-hdf5_1_10_11-gnu-openmpi3-hpc-devel suse-upgrade-hdf5_1_10_11-gnu-openmpi3-hpc-devel-static suse-upgrade-hdf5_1_10_11-gnu-openmpi3-hpc-module suse-upgrade-hdf5_1_10_11-gnu-openmpi4-hpc suse-upgrade-hdf5_1_10_11-gnu-openmpi4-hpc-devel suse-upgrade-hdf5_1_10_11-gnu-openmpi4-hpc-devel-static suse-upgrade-hdf5_1_10_11-gnu-openmpi4-hpc-module suse-upgrade-hdf5_1_10_11-hpc-examples suse-upgrade-libhdf5-gnu-hpc suse-upgrade-libhdf5-gnu-mpich-hpc suse-upgrade-libhdf5-gnu-mvapich2-hpc suse-upgrade-libhdf5-gnu-openmpi1-hpc suse-upgrade-libhdf5-gnu-openmpi3-hpc suse-upgrade-libhdf5-gnu-openmpi4-hpc suse-upgrade-libhdf5_1_10_11-gnu-hpc suse-upgrade-libhdf5_1_10_11-gnu-mpich-hpc suse-upgrade-libhdf5_1_10_11-gnu-mvapich2-hpc suse-upgrade-libhdf5_1_10_11-gnu-openmpi1-hpc suse-upgrade-libhdf5_1_10_11-gnu-openmpi3-hpc suse-upgrade-libhdf5_1_10_11-gnu-openmpi4-hpc suse-upgrade-libhdf5_cpp-gnu-hpc suse-upgrade-libhdf5_cpp-gnu-mpich-hpc suse-upgrade-libhdf5_cpp-gnu-mvapich2-hpc suse-upgrade-libhdf5_cpp-gnu-openmpi3-hpc suse-upgrade-libhdf5_cpp-gnu-openmpi4-hpc suse-upgrade-libhdf5_cpp_1_10_11-gnu-hpc suse-upgrade-libhdf5_cpp_1_10_11-gnu-mpich-hpc suse-upgrade-libhdf5_cpp_1_10_11-gnu-mvapich2-hpc suse-upgrade-libhdf5_cpp_1_10_11-gnu-openmpi1-hpc suse-upgrade-libhdf5_cpp_1_10_11-gnu-openmpi3-hpc suse-upgrade-libhdf5_cpp_1_10_11-gnu-openmpi4-hpc suse-upgrade-libhdf5_fortran-gnu-hpc suse-upgrade-libhdf5_fortran-gnu-mpich-hpc suse-upgrade-libhdf5_fortran-gnu-mvapich2-hpc suse-upgrade-libhdf5_fortran-gnu-openmpi1-hpc suse-upgrade-libhdf5_fortran-gnu-openmpi3-hpc suse-upgrade-libhdf5_fortran-gnu-openmpi4-hpc suse-upgrade-libhdf5_fortran_1_10_11-gnu-hpc suse-upgrade-libhdf5_fortran_1_10_11-gnu-mpich-hpc suse-upgrade-libhdf5_fortran_1_10_11-gnu-mvapich2-hpc suse-upgrade-libhdf5_fortran_1_10_11-gnu-openmpi1-hpc suse-upgrade-libhdf5_fortran_1_10_11-gnu-openmpi3-hpc suse-upgrade-libhdf5_fortran_1_10_11-gnu-openmpi4-hpc suse-upgrade-libhdf5_hl-gnu-hpc suse-upgrade-libhdf5_hl-gnu-mpich-hpc suse-upgrade-libhdf5_hl-gnu-mvapich2-hpc suse-upgrade-libhdf5_hl-gnu-openmpi1-hpc suse-upgrade-libhdf5_hl-gnu-openmpi3-hpc suse-upgrade-libhdf5_hl-gnu-openmpi4-hpc suse-upgrade-libhdf5_hl_1_10_11-gnu-hpc suse-upgrade-libhdf5_hl_1_10_11-gnu-mpich-hpc suse-upgrade-libhdf5_hl_1_10_11-gnu-mvapich2-hpc suse-upgrade-libhdf5_hl_1_10_11-gnu-openmpi1-hpc suse-upgrade-libhdf5_hl_1_10_11-gnu-openmpi3-hpc suse-upgrade-libhdf5_hl_1_10_11-gnu-openmpi4-hpc suse-upgrade-libhdf5_hl_cpp-gnu-hpc suse-upgrade-libhdf5_hl_cpp-gnu-mpich-hpc suse-upgrade-libhdf5_hl_cpp-gnu-mvapich2-hpc suse-upgrade-libhdf5_hl_cpp-gnu-openmpi3-hpc suse-upgrade-libhdf5_hl_cpp-gnu-openmpi4-hpc suse-upgrade-libhdf5_hl_cpp_1_10_11-gnu-hpc suse-upgrade-libhdf5_hl_cpp_1_10_11-gnu-mpich-hpc suse-upgrade-libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc suse-upgrade-libhdf5_hl_cpp_1_10_11-gnu-openmpi1-hpc suse-upgrade-libhdf5_hl_cpp_1_10_11-gnu-openmpi3-hpc suse-upgrade-libhdf5_hl_cpp_1_10_11-gnu-openmpi4-hpc suse-upgrade-libhdf5_hl_fortran-gnu-hpc suse-upgrade-libhdf5_hl_fortran-gnu-mpich-hpc suse-upgrade-libhdf5_hl_fortran-gnu-mvapich2-hpc suse-upgrade-libhdf5_hl_fortran-gnu-openmpi1-hpc suse-upgrade-libhdf5_hl_fortran-gnu-openmpi3-hpc suse-upgrade-libhdf5_hl_fortran-gnu-openmpi4-hpc suse-upgrade-libhdf5hl_fortran_1_10_11-gnu-hpc suse-upgrade-libhdf5hl_fortran_1_10_11-gnu-mpich-hpc suse-upgrade-libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc suse-upgrade-libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc suse-upgrade-libhdf5hl_fortran_1_10_11-gnu-openmpi3-hpc suse-upgrade-libhdf5hl_fortran_1_10_11-gnu-openmpi4-hpc suse-upgrade-libmca_common_dstore1 suse-upgrade-libopenmpi4-gnu-hpc suse-upgrade-libopenmpi_4_1_4-gnu-hpc suse-upgrade-libopenmpi_4_1_6-gnu-hpc suse-upgrade-libpmix2 suse-upgrade-lua51-luaposix suse-upgrade-lua51-luaterm suse-upgrade-lua53-luaposix suse-upgrade-lua53-luaterm suse-upgrade-luaposix-doc suse-upgrade-mpich suse-upgrade-mpich-devel suse-upgrade-mpich-gnu-hpc suse-upgrade-mpich-gnu-hpc-devel suse-upgrade-mpich-gnu-hpc-devel-static suse-upgrade-mpich-gnu-hpc-macros-devel suse-upgrade-mpich-ofi suse-upgrade-mpich-ofi-devel suse-upgrade-mpich-ofi-gnu-hpc suse-upgrade-mpich-ofi-gnu-hpc-devel suse-upgrade-mpich-ofi-gnu-hpc-devel-static suse-upgrade-mpich-ofi-gnu-hpc-macros-devel suse-upgrade-mpich-ofi_4_0_2-gnu-hpc suse-upgrade-mpich-ofi_4_0_2-gnu-hpc-devel suse-upgrade-mpich-ofi_4_0_2-gnu-hpc-devel-static suse-upgrade-mpich-ofi_4_0_2-gnu-hpc-macros-devel suse-upgrade-mpich-ofi_4_1_2-gnu-hpc suse-upgrade-mpich-ofi_4_1_2-gnu-hpc-devel suse-upgrade-mpich-ofi_4_1_2-gnu-hpc-devel-static suse-upgrade-mpich-ofi_4_1_2-gnu-hpc-macros-devel suse-upgrade-mpich_4_0_2-gnu-hpc suse-upgrade-mpich_4_0_2-gnu-hpc-devel suse-upgrade-mpich_4_0_2-gnu-hpc-devel-static suse-upgrade-mpich_4_0_2-gnu-hpc-macros-devel suse-upgrade-mpich_4_1_2-gnu-hpc suse-upgrade-mpich_4_1_2-gnu-hpc-devel suse-upgrade-mpich_4_1_2-gnu-hpc-devel-static suse-upgrade-mpich_4_1_2-gnu-hpc-macros-devel suse-upgrade-mvapich2 suse-upgrade-mvapich2-devel suse-upgrade-mvapich2-devel-static suse-upgrade-mvapich2-doc suse-upgrade-mvapich2-gnu-hpc suse-upgrade-mvapich2-gnu-hpc-devel suse-upgrade-mvapich2-gnu-hpc-doc suse-upgrade-mvapich2-gnu-hpc-macros-devel suse-upgrade-mvapich2-psm suse-upgrade-mvapich2-psm-devel suse-upgrade-mvapich2-psm-devel-static suse-upgrade-mvapich2-psm-doc suse-upgrade-mvapich2-psm-gnu-hpc suse-upgrade-mvapich2-psm-gnu-hpc-devel suse-upgrade-mvapich2-psm-gnu-hpc-doc suse-upgrade-mvapich2-psm-gnu-hpc-macros-devel suse-upgrade-mvapich2-psm2 suse-upgrade-mvapich2-psm2-devel suse-upgrade-mvapich2-psm2-devel-static suse-upgrade-mvapich2-psm2-doc suse-upgrade-mvapich2-psm2-gnu-hpc suse-upgrade-mvapich2-psm2-gnu-hpc-devel suse-upgrade-mvapich2-psm2-gnu-hpc-doc suse-upgrade-mvapich2-psm2-gnu-hpc-macros-devel suse-upgrade-mvapich2-psm2_2_3_7-gnu-hpc suse-upgrade-mvapich2-psm2_2_3_7-gnu-hpc-devel suse-upgrade-mvapich2-psm2_2_3_7-gnu-hpc-devel-static suse-upgrade-mvapich2-psm2_2_3_7-gnu-hpc-doc suse-upgrade-mvapich2-psm2_2_3_7-gnu-hpc-macros-devel suse-upgrade-mvapich2-psm_2_3_7-gnu-hpc suse-upgrade-mvapich2-psm_2_3_7-gnu-hpc-devel suse-upgrade-mvapich2-psm_2_3_7-gnu-hpc-devel-static suse-upgrade-mvapich2-psm_2_3_7-gnu-hpc-doc suse-upgrade-mvapich2-psm_2_3_7-gnu-hpc-macros-devel suse-upgrade-mvapich2_2_3_7-gnu-hpc suse-upgrade-mvapich2_2_3_7-gnu-hpc-devel suse-upgrade-mvapich2_2_3_7-gnu-hpc-devel-static suse-upgrade-mvapich2_2_3_7-gnu-hpc-doc suse-upgrade-mvapich2_2_3_7-gnu-hpc-macros-devel suse-upgrade-openmpi4 suse-upgrade-openmpi4-config suse-upgrade-openmpi4-devel suse-upgrade-openmpi4-docs suse-upgrade-openmpi4-gnu-hpc suse-upgrade-openmpi4-gnu-hpc-devel suse-upgrade-openmpi4-gnu-hpc-devel-static suse-upgrade-openmpi4-gnu-hpc-docs suse-upgrade-openmpi4-gnu-hpc-macros-devel suse-upgrade-openmpi4-libs suse-upgrade-openmpi4-libs-32bit suse-upgrade-openmpi4-macros-devel suse-upgrade-openmpi4-testsuite suse-upgrade-openmpi_4_1_4-gnu-hpc suse-upgrade-openmpi_4_1_4-gnu-hpc-devel suse-upgrade-openmpi_4_1_4-gnu-hpc-devel-static suse-upgrade-openmpi_4_1_4-gnu-hpc-docs suse-upgrade-openmpi_4_1_4-gnu-hpc-macros-devel suse-upgrade-openmpi_4_1_4-gnu-hpc-testsuite suse-upgrade-openmpi_4_1_6-gnu-hpc suse-upgrade-openmpi_4_1_6-gnu-hpc-devel suse-upgrade-openmpi_4_1_6-gnu-hpc-devel-static suse-upgrade-openmpi_4_1_6-gnu-hpc-docs suse-upgrade-openmpi_4_1_6-gnu-hpc-macros-devel suse-upgrade-openmpi_4_1_6-gnu-hpc-testsuite suse-upgrade-pmix suse-upgrade-pmix-devel suse-upgrade-pmix-headers suse-upgrade-pmix-mca-params suse-upgrade-pmix-plugin-munge suse-upgrade-pmix-plugins suse-upgrade-pmix-test References https://attackerkb.com/topics/cve-2024-32610 CVE - 2024-32610

SUSE: CVE-2024-32619: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/21/2024 Added 06/21/2024 Modified 06/26/2024 Description HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer. Solution(s) suse-upgrade-hdf5-gnu-hpc suse-upgrade-hdf5-gnu-hpc-devel suse-upgrade-hdf5-gnu-mpich-hpc suse-upgrade-hdf5-gnu-mpich-hpc-devel suse-upgrade-hdf5-gnu-mvapich2-hpc suse-upgrade-hdf5-gnu-mvapich2-hpc-devel suse-upgrade-hdf5-gnu-openmpi1-hpc-devel suse-upgrade-hdf5-gnu-openmpi3-hpc suse-upgrade-hdf5-gnu-openmpi3-hpc-devel suse-upgrade-hdf5-gnu-openmpi4-hpc suse-upgrade-hdf5-gnu-openmpi4-hpc-devel suse-upgrade-hdf5-hpc-examples suse-upgrade-hdf5_1_10_11-gnu-hpc suse-upgrade-hdf5_1_10_11-gnu-hpc-devel suse-upgrade-hdf5_1_10_11-gnu-hpc-devel-static suse-upgrade-hdf5_1_10_11-gnu-hpc-module suse-upgrade-hdf5_1_10_11-gnu-mpich-hpc suse-upgrade-hdf5_1_10_11-gnu-mpich-hpc-devel suse-upgrade-hdf5_1_10_11-gnu-mpich-hpc-devel-static suse-upgrade-hdf5_1_10_11-gnu-mpich-hpc-module suse-upgrade-hdf5_1_10_11-gnu-mvapich2-hpc suse-upgrade-hdf5_1_10_11-gnu-mvapich2-hpc-devel suse-upgrade-hdf5_1_10_11-gnu-mvapich2-hpc-devel-static suse-upgrade-hdf5_1_10_11-gnu-mvapich2-hpc-module suse-upgrade-hdf5_1_10_11-gnu-openmpi1-hpc suse-upgrade-hdf5_1_10_11-gnu-openmpi1-hpc-devel suse-upgrade-hdf5_1_10_11-gnu-openmpi1-hpc-devel-static suse-upgrade-hdf5_1_10_11-gnu-openmpi1-hpc-module suse-upgrade-hdf5_1_10_11-gnu-openmpi3-hpc suse-upgrade-hdf5_1_10_11-gnu-openmpi3-hpc-devel suse-upgrade-hdf5_1_10_11-gnu-openmpi3-hpc-devel-static suse-upgrade-hdf5_1_10_11-gnu-openmpi3-hpc-module suse-upgrade-hdf5_1_10_11-gnu-openmpi4-hpc suse-upgrade-hdf5_1_10_11-gnu-openmpi4-hpc-devel suse-upgrade-hdf5_1_10_11-gnu-openmpi4-hpc-devel-static suse-upgrade-hdf5_1_10_11-gnu-openmpi4-hpc-module suse-upgrade-hdf5_1_10_11-hpc-examples suse-upgrade-libhdf5-gnu-hpc suse-upgrade-libhdf5-gnu-mpich-hpc suse-upgrade-libhdf5-gnu-mvapich2-hpc suse-upgrade-libhdf5-gnu-openmpi1-hpc suse-upgrade-libhdf5-gnu-openmpi3-hpc suse-upgrade-libhdf5-gnu-openmpi4-hpc suse-upgrade-libhdf5_1_10_11-gnu-hpc suse-upgrade-libhdf5_1_10_11-gnu-mpich-hpc suse-upgrade-libhdf5_1_10_11-gnu-mvapich2-hpc suse-upgrade-libhdf5_1_10_11-gnu-openmpi1-hpc suse-upgrade-libhdf5_1_10_11-gnu-openmpi3-hpc suse-upgrade-libhdf5_1_10_11-gnu-openmpi4-hpc suse-upgrade-libhdf5_cpp-gnu-hpc suse-upgrade-libhdf5_cpp-gnu-mpich-hpc suse-upgrade-libhdf5_cpp-gnu-mvapich2-hpc suse-upgrade-libhdf5_cpp-gnu-openmpi3-hpc suse-upgrade-libhdf5_cpp-gnu-openmpi4-hpc suse-upgrade-libhdf5_cpp_1_10_11-gnu-hpc suse-upgrade-libhdf5_cpp_1_10_11-gnu-mpich-hpc suse-upgrade-libhdf5_cpp_1_10_11-gnu-mvapich2-hpc suse-upgrade-libhdf5_cpp_1_10_11-gnu-openmpi1-hpc suse-upgrade-libhdf5_cpp_1_10_11-gnu-openmpi3-hpc suse-upgrade-libhdf5_cpp_1_10_11-gnu-openmpi4-hpc suse-upgrade-libhdf5_fortran-gnu-hpc suse-upgrade-libhdf5_fortran-gnu-mpich-hpc suse-upgrade-libhdf5_fortran-gnu-mvapich2-hpc suse-upgrade-libhdf5_fortran-gnu-openmpi1-hpc suse-upgrade-libhdf5_fortran-gnu-openmpi3-hpc suse-upgrade-libhdf5_fortran-gnu-openmpi4-hpc suse-upgrade-libhdf5_fortran_1_10_11-gnu-hpc suse-upgrade-libhdf5_fortran_1_10_11-gnu-mpich-hpc suse-upgrade-libhdf5_fortran_1_10_11-gnu-mvapich2-hpc suse-upgrade-libhdf5_fortran_1_10_11-gnu-openmpi1-hpc suse-upgrade-libhdf5_fortran_1_10_11-gnu-openmpi3-hpc suse-upgrade-libhdf5_fortran_1_10_11-gnu-openmpi4-hpc suse-upgrade-libhdf5_hl-gnu-hpc suse-upgrade-libhdf5_hl-gnu-mpich-hpc suse-upgrade-libhdf5_hl-gnu-mvapich2-hpc suse-upgrade-libhdf5_hl-gnu-openmpi1-hpc suse-upgrade-libhdf5_hl-gnu-openmpi3-hpc suse-upgrade-libhdf5_hl-gnu-openmpi4-hpc suse-upgrade-libhdf5_hl_1_10_11-gnu-hpc suse-upgrade-libhdf5_hl_1_10_11-gnu-mpich-hpc suse-upgrade-libhdf5_hl_1_10_11-gnu-mvapich2-hpc suse-upgrade-libhdf5_hl_1_10_11-gnu-openmpi1-hpc suse-upgrade-libhdf5_hl_1_10_11-gnu-openmpi3-hpc suse-upgrade-libhdf5_hl_1_10_11-gnu-openmpi4-hpc suse-upgrade-libhdf5_hl_cpp-gnu-hpc suse-upgrade-libhdf5_hl_cpp-gnu-mpich-hpc suse-upgrade-libhdf5_hl_cpp-gnu-mvapich2-hpc suse-upgrade-libhdf5_hl_cpp-gnu-openmpi3-hpc suse-upgrade-libhdf5_hl_cpp-gnu-openmpi4-hpc suse-upgrade-libhdf5_hl_cpp_1_10_11-gnu-hpc suse-upgrade-libhdf5_hl_cpp_1_10_11-gnu-mpich-hpc suse-upgrade-libhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpc suse-upgrade-libhdf5_hl_cpp_1_10_11-gnu-openmpi1-hpc suse-upgrade-libhdf5_hl_cpp_1_10_11-gnu-openmpi3-hpc suse-upgrade-libhdf5_hl_cpp_1_10_11-gnu-openmpi4-hpc suse-upgrade-libhdf5_hl_fortran-gnu-hpc suse-upgrade-libhdf5_hl_fortran-gnu-mpich-hpc suse-upgrade-libhdf5_hl_fortran-gnu-mvapich2-hpc suse-upgrade-libhdf5_hl_fortran-gnu-openmpi1-hpc suse-upgrade-libhdf5_hl_fortran-gnu-openmpi3-hpc suse-upgrade-libhdf5_hl_fortran-gnu-openmpi4-hpc suse-upgrade-libhdf5hl_fortran_1_10_11-gnu-hpc suse-upgrade-libhdf5hl_fortran_1_10_11-gnu-mpich-hpc suse-upgrade-libhdf5hl_fortran_1_10_11-gnu-mvapich2-hpc suse-upgrade-libhdf5hl_fortran_1_10_11-gnu-openmpi1-hpc suse-upgrade-libhdf5hl_fortran_1_10_11-gnu-openmpi3-hpc suse-upgrade-libhdf5hl_fortran_1_10_11-gnu-openmpi4-hpc suse-upgrade-libmca_common_dstore1 suse-upgrade-libopenmpi4-gnu-hpc suse-upgrade-libopenmpi_4_1_4-gnu-hpc suse-upgrade-libopenmpi_4_1_6-gnu-hpc suse-upgrade-libpmix2 suse-upgrade-lua51-luaposix suse-upgrade-lua51-luaterm suse-upgrade-lua53-luaposix suse-upgrade-lua53-luaterm suse-upgrade-luaposix-doc suse-upgrade-mpich suse-upgrade-mpich-devel suse-upgrade-mpich-gnu-hpc suse-upgrade-mpich-gnu-hpc-devel suse-upgrade-mpich-gnu-hpc-devel-static suse-upgrade-mpich-gnu-hpc-macros-devel suse-upgrade-mpich-ofi suse-upgrade-mpich-ofi-devel suse-upgrade-mpich-ofi-gnu-hpc suse-upgrade-mpich-ofi-gnu-hpc-devel suse-upgrade-mpich-ofi-gnu-hpc-devel-static suse-upgrade-mpich-ofi-gnu-hpc-macros-devel suse-upgrade-mpich-ofi_4_0_2-gnu-hpc suse-upgrade-mpich-ofi_4_0_2-gnu-hpc-devel suse-upgrade-mpich-ofi_4_0_2-gnu-hpc-devel-static suse-upgrade-mpich-ofi_4_0_2-gnu-hpc-macros-devel suse-upgrade-mpich-ofi_4_1_2-gnu-hpc suse-upgrade-mpich-ofi_4_1_2-gnu-hpc-devel suse-upgrade-mpich-ofi_4_1_2-gnu-hpc-devel-static suse-upgrade-mpich-ofi_4_1_2-gnu-hpc-macros-devel suse-upgrade-mpich_4_0_2-gnu-hpc suse-upgrade-mpich_4_0_2-gnu-hpc-devel suse-upgrade-mpich_4_0_2-gnu-hpc-devel-static suse-upgrade-mpich_4_0_2-gnu-hpc-macros-devel suse-upgrade-mpich_4_1_2-gnu-hpc suse-upgrade-mpich_4_1_2-gnu-hpc-devel suse-upgrade-mpich_4_1_2-gnu-hpc-devel-static suse-upgrade-mpich_4_1_2-gnu-hpc-macros-devel suse-upgrade-mvapich2 suse-upgrade-mvapich2-devel suse-upgrade-mvapich2-devel-static suse-upgrade-mvapich2-doc suse-upgrade-mvapich2-gnu-hpc suse-upgrade-mvapich2-gnu-hpc-devel suse-upgrade-mvapich2-gnu-hpc-doc suse-upgrade-mvapich2-gnu-hpc-macros-devel suse-upgrade-mvapich2-psm suse-upgrade-mvapich2-psm-devel suse-upgrade-mvapich2-psm-devel-static suse-upgrade-mvapich2-psm-doc suse-upgrade-mvapich2-psm-gnu-hpc suse-upgrade-mvapich2-psm-gnu-hpc-devel suse-upgrade-mvapich2-psm-gnu-hpc-doc suse-upgrade-mvapich2-psm-gnu-hpc-macros-devel suse-upgrade-mvapich2-psm2 suse-upgrade-mvapich2-psm2-devel suse-upgrade-mvapich2-psm2-devel-static suse-upgrade-mvapich2-psm2-doc suse-upgrade-mvapich2-psm2-gnu-hpc suse-upgrade-mvapich2-psm2-gnu-hpc-devel suse-upgrade-mvapich2-psm2-gnu-hpc-doc suse-upgrade-mvapich2-psm2-gnu-hpc-macros-devel suse-upgrade-mvapich2-psm2_2_3_7-gnu-hpc suse-upgrade-mvapich2-psm2_2_3_7-gnu-hpc-devel suse-upgrade-mvapich2-psm2_2_3_7-gnu-hpc-devel-static suse-upgrade-mvapich2-psm2_2_3_7-gnu-hpc-doc suse-upgrade-mvapich2-psm2_2_3_7-gnu-hpc-macros-devel suse-upgrade-mvapich2-psm_2_3_7-gnu-hpc suse-upgrade-mvapich2-psm_2_3_7-gnu-hpc-devel suse-upgrade-mvapich2-psm_2_3_7-gnu-hpc-devel-static suse-upgrade-mvapich2-psm_2_3_7-gnu-hpc-doc suse-upgrade-mvapich2-psm_2_3_7-gnu-hpc-macros-devel suse-upgrade-mvapich2_2_3_7-gnu-hpc suse-upgrade-mvapich2_2_3_7-gnu-hpc-devel suse-upgrade-mvapich2_2_3_7-gnu-hpc-devel-static suse-upgrade-mvapich2_2_3_7-gnu-hpc-doc suse-upgrade-mvapich2_2_3_7-gnu-hpc-macros-devel suse-upgrade-openmpi4 suse-upgrade-openmpi4-config suse-upgrade-openmpi4-devel suse-upgrade-openmpi4-docs suse-upgrade-openmpi4-gnu-hpc suse-upgrade-openmpi4-gnu-hpc-devel suse-upgrade-openmpi4-gnu-hpc-devel-static suse-upgrade-openmpi4-gnu-hpc-docs suse-upgrade-openmpi4-gnu-hpc-macros-devel suse-upgrade-openmpi4-libs suse-upgrade-openmpi4-libs-32bit suse-upgrade-openmpi4-macros-devel suse-upgrade-openmpi4-testsuite suse-upgrade-openmpi_4_1_4-gnu-hpc suse-upgrade-openmpi_4_1_4-gnu-hpc-devel suse-upgrade-openmpi_4_1_4-gnu-hpc-devel-static suse-upgrade-openmpi_4_1_4-gnu-hpc-docs suse-upgrade-openmpi_4_1_4-gnu-hpc-macros-devel suse-upgrade-openmpi_4_1_4-gnu-hpc-testsuite suse-upgrade-openmpi_4_1_6-gnu-hpc suse-upgrade-openmpi_4_1_6-gnu-hpc-devel suse-upgrade-openmpi_4_1_6-gnu-hpc-devel-static suse-upgrade-openmpi_4_1_6-gnu-hpc-docs suse-upgrade-openmpi_4_1_6-gnu-hpc-macros-devel suse-upgrade-openmpi_4_1_6-gnu-hpc-testsuite suse-upgrade-pmix suse-upgrade-pmix-devel suse-upgrade-pmix-headers suse-upgrade-pmix-mca-params suse-upgrade-pmix-plugin-munge suse-upgrade-pmix-plugins suse-upgrade-pmix-test References https://attackerkb.com/topics/cve-2024-32619 CVE - 2024-32619

SUSE: CVE-2024-26306: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/14/2024 Created 06/13/2024 Added 06/12/2024 Modified 06/12/2024 Description iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario. Solution(s) suse-upgrade-iperf suse-upgrade-iperf-devel suse-upgrade-libiperf0 References https://attackerkb.com/topics/cve-2024-26306 CVE - 2024-26306