ISHACK AI BOT

Rocky Linux: CVE-2024-27982: nodejs (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/07/2024 Created 05/10/2024 Added 05/13/2024 Modified 11/18/2024 Description The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first. Solution(s) rocky-upgrade-nodejs rocky-upgrade-nodejs-debuginfo rocky-upgrade-nodejs-debugsource rocky-upgrade-nodejs-devel rocky-upgrade-nodejs-full-i18n rocky-upgrade-nodejs-libs rocky-upgrade-nodejs-libs-debuginfo rocky-upgrade-npm References https://attackerkb.com/topics/cve-2024-27982 CVE - 2024-27982 https://errata.rockylinux.org/RLSA-2024:2778 https://errata.rockylinux.org/RLSA-2024:2779 https://errata.rockylinux.org/RLSA-2024:2780 https://errata.rockylinux.org/RLSA-2024:2853 https://errata.rockylinux.org/RLSA-2024:2910

Oracle Linux: CVE-2024-34397: ELSA-2024-6464:glib2 security update (MODERATE) (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:N) Published 05/07/2024 Created 10/18/2024 Added 10/16/2024 Modified 12/06/2024 Description An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact. Solution(s) oracle-linux-upgrade-mingw32-glib2 oracle-linux-upgrade-mingw32-glib2-static oracle-linux-upgrade-mingw64-glib2 oracle-linux-upgrade-mingw64-glib2-static References https://attackerkb.com/topics/cve-2024-34397 CVE - 2024-34397 ELSA-2024-6464 ELSA-2024-9442

Alma Linux: CVE-2024-34397: Moderate: glib2 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/07/2024 Created 09/13/2024 Added 09/12/2024 Modified 11/19/2024 Description An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact. Solution(s) alma-upgrade-glib2 alma-upgrade-glib2-devel alma-upgrade-glib2-doc alma-upgrade-glib2-static alma-upgrade-glib2-tests alma-upgrade-mingw32-glib2 alma-upgrade-mingw32-glib2-static alma-upgrade-mingw64-glib2 alma-upgrade-mingw64-glib2-static References https://attackerkb.com/topics/cve-2024-34397 CVE - 2024-34397 https://errata.almalinux.org/9/ALSA-2024-6464.html https://errata.almalinux.org/9/ALSA-2024-9442.html

Huawei EulerOS: CVE-2024-33601: glibc security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 07/17/2024 Added 07/17/2024 Modified 07/17/2024 Description nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients.The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) huawei-euleros-2_0_sp9-upgrade-glibc huawei-euleros-2_0_sp9-upgrade-glibc-all-langpacks huawei-euleros-2_0_sp9-upgrade-glibc-common huawei-euleros-2_0_sp9-upgrade-glibc-debugutils huawei-euleros-2_0_sp9-upgrade-glibc-locale-source huawei-euleros-2_0_sp9-upgrade-libnsl huawei-euleros-2_0_sp9-upgrade-nscd References https://attackerkb.com/topics/cve-2024-33601 CVE - 2024-33601 EulerOS-SA-2024-1959

Red Hat: CVE-2024-33601: glibc: netgroup cache may terminate daemon on memory allocation failure (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:P) Published 05/06/2024 Created 05/10/2024 Added 05/13/2024 Modified 09/03/2024 Description nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients.The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) redhat-upgrade-compat-libpthread-nonshared redhat-upgrade-glibc redhat-upgrade-glibc-all-langpacks redhat-upgrade-glibc-all-langpacks-debuginfo redhat-upgrade-glibc-benchtests redhat-upgrade-glibc-benchtests-debuginfo redhat-upgrade-glibc-common redhat-upgrade-glibc-common-debuginfo redhat-upgrade-glibc-debuginfo redhat-upgrade-glibc-debuginfo-common redhat-upgrade-glibc-debugsource redhat-upgrade-glibc-devel redhat-upgrade-glibc-doc redhat-upgrade-glibc-gconv-extra redhat-upgrade-glibc-gconv-extra-debuginfo redhat-upgrade-glibc-headers redhat-upgrade-glibc-langpack-aa redhat-upgrade-glibc-langpack-af redhat-upgrade-glibc-langpack-agr redhat-upgrade-glibc-langpack-ak redhat-upgrade-glibc-langpack-am redhat-upgrade-glibc-langpack-an redhat-upgrade-glibc-langpack-anp redhat-upgrade-glibc-langpack-ar redhat-upgrade-glibc-langpack-as redhat-upgrade-glibc-langpack-ast redhat-upgrade-glibc-langpack-ayc redhat-upgrade-glibc-langpack-az redhat-upgrade-glibc-langpack-be redhat-upgrade-glibc-langpack-bem redhat-upgrade-glibc-langpack-ber redhat-upgrade-glibc-langpack-bg redhat-upgrade-glibc-langpack-bhb redhat-upgrade-glibc-langpack-bho redhat-upgrade-glibc-langpack-bi redhat-upgrade-glibc-langpack-bn redhat-upgrade-glibc-langpack-bo redhat-upgrade-glibc-langpack-br redhat-upgrade-glibc-langpack-brx redhat-upgrade-glibc-langpack-bs redhat-upgrade-glibc-langpack-byn redhat-upgrade-glibc-langpack-ca redhat-upgrade-glibc-langpack-ce redhat-upgrade-glibc-langpack-chr redhat-upgrade-glibc-langpack-ckb redhat-upgrade-glibc-langpack-cmn redhat-upgrade-glibc-langpack-crh redhat-upgrade-glibc-langpack-cs redhat-upgrade-glibc-langpack-csb redhat-upgrade-glibc-langpack-cv redhat-upgrade-glibc-langpack-cy redhat-upgrade-glibc-langpack-da redhat-upgrade-glibc-langpack-de redhat-upgrade-glibc-langpack-doi redhat-upgrade-glibc-langpack-dsb redhat-upgrade-glibc-langpack-dv redhat-upgrade-glibc-langpack-dz redhat-upgrade-glibc-langpack-el redhat-upgrade-glibc-langpack-en redhat-upgrade-glibc-langpack-eo redhat-upgrade-glibc-langpack-es redhat-upgrade-glibc-langpack-et redhat-upgrade-glibc-langpack-eu redhat-upgrade-glibc-langpack-fa redhat-upgrade-glibc-langpack-ff redhat-upgrade-glibc-langpack-fi redhat-upgrade-glibc-langpack-fil redhat-upgrade-glibc-langpack-fo redhat-upgrade-glibc-langpack-fr redhat-upgrade-glibc-langpack-fur redhat-upgrade-glibc-langpack-fy redhat-upgrade-glibc-langpack-ga redhat-upgrade-glibc-langpack-gd redhat-upgrade-glibc-langpack-gez redhat-upgrade-glibc-langpack-gl redhat-upgrade-glibc-langpack-gu redhat-upgrade-glibc-langpack-gv redhat-upgrade-glibc-langpack-ha redhat-upgrade-glibc-langpack-hak redhat-upgrade-glibc-langpack-he redhat-upgrade-glibc-langpack-hi redhat-upgrade-glibc-langpack-hif redhat-upgrade-glibc-langpack-hne redhat-upgrade-glibc-langpack-hr redhat-upgrade-glibc-langpack-hsb redhat-upgrade-glibc-langpack-ht redhat-upgrade-glibc-langpack-hu redhat-upgrade-glibc-langpack-hy redhat-upgrade-glibc-langpack-ia redhat-upgrade-glibc-langpack-id redhat-upgrade-glibc-langpack-ig redhat-upgrade-glibc-langpack-ik redhat-upgrade-glibc-langpack-is redhat-upgrade-glibc-langpack-it redhat-upgrade-glibc-langpack-iu redhat-upgrade-glibc-langpack-ja redhat-upgrade-glibc-langpack-ka redhat-upgrade-glibc-langpack-kab redhat-upgrade-glibc-langpack-kk redhat-upgrade-glibc-langpack-kl redhat-upgrade-glibc-langpack-km redhat-upgrade-glibc-langpack-kn redhat-upgrade-glibc-langpack-ko redhat-upgrade-glibc-langpack-kok redhat-upgrade-glibc-langpack-ks redhat-upgrade-glibc-langpack-ku redhat-upgrade-glibc-langpack-kw redhat-upgrade-glibc-langpack-ky redhat-upgrade-glibc-langpack-lb redhat-upgrade-glibc-langpack-lg redhat-upgrade-glibc-langpack-li redhat-upgrade-glibc-langpack-lij redhat-upgrade-glibc-langpack-ln redhat-upgrade-glibc-langpack-lo redhat-upgrade-glibc-langpack-lt redhat-upgrade-glibc-langpack-lv redhat-upgrade-glibc-langpack-lzh redhat-upgrade-glibc-langpack-mag redhat-upgrade-glibc-langpack-mai redhat-upgrade-glibc-langpack-mfe redhat-upgrade-glibc-langpack-mg redhat-upgrade-glibc-langpack-mhr redhat-upgrade-glibc-langpack-mi redhat-upgrade-glibc-langpack-miq redhat-upgrade-glibc-langpack-mjw redhat-upgrade-glibc-langpack-mk redhat-upgrade-glibc-langpack-ml redhat-upgrade-glibc-langpack-mn redhat-upgrade-glibc-langpack-mni redhat-upgrade-glibc-langpack-mnw redhat-upgrade-glibc-langpack-mr redhat-upgrade-glibc-langpack-ms redhat-upgrade-glibc-langpack-mt redhat-upgrade-glibc-langpack-my redhat-upgrade-glibc-langpack-nan redhat-upgrade-glibc-langpack-nb redhat-upgrade-glibc-langpack-nds redhat-upgrade-glibc-langpack-ne redhat-upgrade-glibc-langpack-nhn redhat-upgrade-glibc-langpack-niu redhat-upgrade-glibc-langpack-nl redhat-upgrade-glibc-langpack-nn redhat-upgrade-glibc-langpack-nr redhat-upgrade-glibc-langpack-nso redhat-upgrade-glibc-langpack-oc redhat-upgrade-glibc-langpack-om redhat-upgrade-glibc-langpack-or redhat-upgrade-glibc-langpack-os redhat-upgrade-glibc-langpack-pa redhat-upgrade-glibc-langpack-pap redhat-upgrade-glibc-langpack-pl redhat-upgrade-glibc-langpack-ps redhat-upgrade-glibc-langpack-pt redhat-upgrade-glibc-langpack-quz redhat-upgrade-glibc-langpack-raj redhat-upgrade-glibc-langpack-ro redhat-upgrade-glibc-langpack-ru redhat-upgrade-glibc-langpack-rw redhat-upgrade-glibc-langpack-sa redhat-upgrade-glibc-langpack-sah redhat-upgrade-glibc-langpack-sat redhat-upgrade-glibc-langpack-sc redhat-upgrade-glibc-langpack-sd redhat-upgrade-glibc-langpack-se redhat-upgrade-glibc-langpack-sgs redhat-upgrade-glibc-langpack-shn redhat-upgrade-glibc-langpack-shs redhat-upgrade-glibc-langpack-si redhat-upgrade-glibc-langpack-sid redhat-upgrade-glibc-langpack-sk redhat-upgrade-glibc-langpack-sl redhat-upgrade-glibc-langpack-sm redhat-upgrade-glibc-langpack-so redhat-upgrade-glibc-langpack-sq redhat-upgrade-glibc-langpack-sr redhat-upgrade-glibc-langpack-ss redhat-upgrade-glibc-langpack-st redhat-upgrade-glibc-langpack-sv redhat-upgrade-glibc-langpack-sw redhat-upgrade-glibc-langpack-szl redhat-upgrade-glibc-langpack-ta redhat-upgrade-glibc-langpack-tcy redhat-upgrade-glibc-langpack-te redhat-upgrade-glibc-langpack-tg redhat-upgrade-glibc-langpack-th redhat-upgrade-glibc-langpack-the redhat-upgrade-glibc-langpack-ti redhat-upgrade-glibc-langpack-tig redhat-upgrade-glibc-langpack-tk redhat-upgrade-glibc-langpack-tl redhat-upgrade-glibc-langpack-tn redhat-upgrade-glibc-langpack-to redhat-upgrade-glibc-langpack-tpi redhat-upgrade-glibc-langpack-tr redhat-upgrade-glibc-langpack-ts redhat-upgrade-glibc-langpack-tt redhat-upgrade-glibc-langpack-ug redhat-upgrade-glibc-langpack-uk redhat-upgrade-glibc-langpack-unm redhat-upgrade-glibc-langpack-ur redhat-upgrade-glibc-langpack-uz redhat-upgrade-glibc-langpack-ve redhat-upgrade-glibc-langpack-vi redhat-upgrade-glibc-langpack-wa redhat-upgrade-glibc-langpack-wae redhat-upgrade-glibc-langpack-wal redhat-upgrade-glibc-langpack-wo redhat-upgrade-glibc-langpack-xh redhat-upgrade-glibc-langpack-yi redhat-upgrade-glibc-langpack-yo redhat-upgrade-glibc-langpack-yue redhat-upgrade-glibc-langpack-yuw redhat-upgrade-glibc-langpack-zh redhat-upgrade-glibc-langpack-zu redhat-upgrade-glibc-locale-source redhat-upgrade-glibc-minimal-langpack redhat-upgrade-glibc-nss-devel redhat-upgrade-glibc-static redhat-upgrade-glibc-utils redhat-upgrade-glibc-utils-debuginfo redhat-upgrade-libnsl redhat-upgrade-libnsl-debuginfo redhat-upgrade-nscd redhat-upgrade-nscd-debuginfo redhat-upgrade-nss_db redhat-upgrade-nss_db-debuginfo redhat-upgrade-nss_hesiod redhat-upgrade-nss_hesiod-debuginfo References CVE-2024-33601 RHSA-2024:2799 RHSA-2024:3312 RHSA-2024:3339 RHSA-2024:3344 RHSA-2024:3411 RHSA-2024:3423 RHSA-2024:3588 View more

Red Hat: CVE-2024-34064: jinja2: accepts keys containing non-attribute characters (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/06/2024 Created 06/14/2024 Added 06/13/2024 Modified 11/13/2024 Description Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4. Solution(s) redhat-upgrade-fence-agents-aliyun redhat-upgrade-fence-agents-aliyun-debuginfo redhat-upgrade-fence-agents-all redhat-upgrade-fence-agents-amt-ws redhat-upgrade-fence-agents-apc redhat-upgrade-fence-agents-apc-snmp redhat-upgrade-fence-agents-aws redhat-upgrade-fence-agents-azure-arm redhat-upgrade-fence-agents-bladecenter redhat-upgrade-fence-agents-brocade redhat-upgrade-fence-agents-cisco-mds redhat-upgrade-fence-agents-cisco-ucs redhat-upgrade-fence-agents-common redhat-upgrade-fence-agents-compute redhat-upgrade-fence-agents-debuginfo redhat-upgrade-fence-agents-debugsource redhat-upgrade-fence-agents-drac5 redhat-upgrade-fence-agents-eaton-snmp redhat-upgrade-fence-agents-emerson redhat-upgrade-fence-agents-eps redhat-upgrade-fence-agents-gce redhat-upgrade-fence-agents-heuristics-ping redhat-upgrade-fence-agents-hpblade redhat-upgrade-fence-agents-ibm-powervs redhat-upgrade-fence-agents-ibm-vpc redhat-upgrade-fence-agents-ibmblade redhat-upgrade-fence-agents-ifmib redhat-upgrade-fence-agents-ilo-moonshot redhat-upgrade-fence-agents-ilo-mp redhat-upgrade-fence-agents-ilo-ssh redhat-upgrade-fence-agents-ilo2 redhat-upgrade-fence-agents-intelmodular redhat-upgrade-fence-agents-ipdu redhat-upgrade-fence-agents-ipmilan redhat-upgrade-fence-agents-kdump redhat-upgrade-fence-agents-kdump-debuginfo redhat-upgrade-fence-agents-kubevirt redhat-upgrade-fence-agents-kubevirt-debuginfo redhat-upgrade-fence-agents-lpar redhat-upgrade-fence-agents-mpath redhat-upgrade-fence-agents-openstack redhat-upgrade-fence-agents-redfish redhat-upgrade-fence-agents-rhevm redhat-upgrade-fence-agents-rsa redhat-upgrade-fence-agents-rsb redhat-upgrade-fence-agents-sbd redhat-upgrade-fence-agents-scsi redhat-upgrade-fence-agents-virsh redhat-upgrade-fence-agents-vmware-rest redhat-upgrade-fence-agents-vmware-soap redhat-upgrade-fence-agents-wti redhat-upgrade-fence-agents-zvm redhat-upgrade-fence-virt redhat-upgrade-fence-virt-debuginfo redhat-upgrade-fence-virtd redhat-upgrade-fence-virtd-cpg redhat-upgrade-fence-virtd-cpg-debuginfo redhat-upgrade-fence-virtd-debuginfo redhat-upgrade-fence-virtd-libvirt redhat-upgrade-fence-virtd-libvirt-debuginfo redhat-upgrade-fence-virtd-multicast redhat-upgrade-fence-virtd-multicast-debuginfo redhat-upgrade-fence-virtd-serial redhat-upgrade-fence-virtd-serial-debuginfo redhat-upgrade-fence-virtd-tcp redhat-upgrade-fence-virtd-tcp-debuginfo redhat-upgrade-ha-cloud-support redhat-upgrade-ha-cloud-support-debuginfo redhat-upgrade-python3-jinja2 References CVE-2024-34064 RHSA-2024:3811 RHSA-2024:3820 RHSA-2024:4231 RHSA-2024:4427 RHSA-2024:9150

Gentoo Linux: CVE-2024-33600: glibc: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 05/07/2024 Added 05/07/2024 Modified 05/08/2024 Description nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference.This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) gentoo-linux-upgrade-sys-libs-glibc References https://attackerkb.com/topics/cve-2024-33600 CVE - 2024-33600 202405-17

Gentoo Linux: CVE-2024-33601: glibc: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 05/07/2024 Added 05/07/2024 Modified 05/08/2024 Description nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients.The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) gentoo-linux-upgrade-sys-libs-glibc References https://attackerkb.com/topics/cve-2024-33601 CVE - 2024-33601 202405-17

VMware Photon OS: CVE-2024-33601 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/06/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients.The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-33601 CVE - 2024-33601

Oracle Linux: CVE-2024-34064: ELSA-2024-4231:python-jinja2 security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/06/2024 Created 06/14/2024 Added 06/12/2024 Modified 01/07/2025 Description Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4. Solution(s) oracle-linux-upgrade-fence-agents-all oracle-linux-upgrade-fence-agents-amt-ws oracle-linux-upgrade-fence-agents-apc oracle-linux-upgrade-fence-agents-apc-snmp oracle-linux-upgrade-fence-agents-bladecenter oracle-linux-upgrade-fence-agents-brocade oracle-linux-upgrade-fence-agents-cisco-mds oracle-linux-upgrade-fence-agents-cisco-ucs oracle-linux-upgrade-fence-agents-common oracle-linux-upgrade-fence-agents-compute oracle-linux-upgrade-fence-agents-drac5 oracle-linux-upgrade-fence-agents-eaton-snmp oracle-linux-upgrade-fence-agents-emerson oracle-linux-upgrade-fence-agents-eps oracle-linux-upgrade-fence-agents-heuristics-ping oracle-linux-upgrade-fence-agents-hpblade oracle-linux-upgrade-fence-agents-ibmblade oracle-linux-upgrade-fence-agents-ibm-powervs oracle-linux-upgrade-fence-agents-ibm-vpc oracle-linux-upgrade-fence-agents-ifmib oracle-linux-upgrade-fence-agents-ilo2 oracle-linux-upgrade-fence-agents-ilo-moonshot oracle-linux-upgrade-fence-agents-ilo-mp oracle-linux-upgrade-fence-agents-ilo-ssh oracle-linux-upgrade-fence-agents-intelmodular oracle-linux-upgrade-fence-agents-ipdu oracle-linux-upgrade-fence-agents-ipmilan oracle-linux-upgrade-fence-agents-kdump oracle-linux-upgrade-fence-agents-kubevirt oracle-linux-upgrade-fence-agents-lpar oracle-linux-upgrade-fence-agents-mpath oracle-linux-upgrade-fence-agents-redfish oracle-linux-upgrade-fence-agents-rhevm oracle-linux-upgrade-fence-agents-rsa oracle-linux-upgrade-fence-agents-rsb oracle-linux-upgrade-fence-agents-sbd oracle-linux-upgrade-fence-agents-scsi oracle-linux-upgrade-fence-agents-virsh oracle-linux-upgrade-fence-agents-vmware-rest oracle-linux-upgrade-fence-agents-vmware-soap oracle-linux-upgrade-fence-agents-wti oracle-linux-upgrade-fence-virt oracle-linux-upgrade-fence-virtd oracle-linux-upgrade-fence-virtd-cpg oracle-linux-upgrade-fence-virtd-libvirt oracle-linux-upgrade-fence-virtd-multicast oracle-linux-upgrade-fence-virtd-serial oracle-linux-upgrade-fence-virtd-tcp oracle-linux-upgrade-python3-jinja2 References https://attackerkb.com/topics/cve-2024-34064 CVE - 2024-34064 ELSA-2024-4231 ELSA-2024-3820 ELSA-2024-9150

Oracle Linux: CVE-2024-3661: ELSA-2025-0288:Bug fix of NetworkManager (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:A/AC:L/Au:N/C:C/I:P/A:P) Published 05/06/2024 Created 01/16/2025 Added 01/14/2025 Modified 01/24/2025 Description DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. A flaw was found in DHCP. DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic expected to be protected by the VPN. Solution(s) oracle-linux-upgrade-networkmanager oracle-linux-upgrade-networkmanager-adsl oracle-linux-upgrade-networkmanager-bluetooth oracle-linux-upgrade-networkmanager-cloud-setup oracle-linux-upgrade-networkmanager-config-connectivity-oracle oracle-linux-upgrade-networkmanager-config-server oracle-linux-upgrade-networkmanager-dispatcher-routing-rules oracle-linux-upgrade-networkmanager-initscripts-updown oracle-linux-upgrade-networkmanager-libnm oracle-linux-upgrade-networkmanager-libnm-devel oracle-linux-upgrade-networkmanager-ovs oracle-linux-upgrade-networkmanager-ppp oracle-linux-upgrade-networkmanager-team oracle-linux-upgrade-networkmanager-tui oracle-linux-upgrade-networkmanager-wifi oracle-linux-upgrade-networkmanager-wwan References https://attackerkb.com/topics/cve-2024-3661 CVE - 2024-3661 ELSA-2025-0288 ELSA-2025-0377

FreeBSD: VID-04C9C3F8-5ED3-11EF-8262-B0416F0C4C67 (CVE-2024-34064): Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 08/22/2024 Added 08/20/2024 Modified 08/20/2024 Description Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4. Solution(s) freebsd-upgrade-package-py310-jinja2 freebsd-upgrade-package-py311-jinja2 freebsd-upgrade-package-py38-jinja2 freebsd-upgrade-package-py39-jinja2 References CVE-2024-34064

IBM AIX: kernel_advisory7 (CVE-2024-27273): Vulnerability in kernel affects AIX Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 05/07/2024 Added 05/07/2024 Modified 05/10/2024 Description IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation.IBM X-Force ID:284903. Solution(s) ibm-aix-kernel_advisory7 References https://attackerkb.com/topics/cve-2024-27273 CVE - 2024-27273 https://aix.software.ibm.com/aix/efixes/security/kernel_advisory7.asc

Huawei EulerOS: CVE-2024-33600: glibc security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference.This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) huawei-euleros-2_0_sp12-upgrade-glibc huawei-euleros-2_0_sp12-upgrade-glibc-all-langpacks huawei-euleros-2_0_sp12-upgrade-glibc-common huawei-euleros-2_0_sp12-upgrade-glibc-locale-archive huawei-euleros-2_0_sp12-upgrade-glibc-locale-source huawei-euleros-2_0_sp12-upgrade-libnsl huawei-euleros-2_0_sp12-upgrade-nscd References https://attackerkb.com/topics/cve-2024-33600 CVE - 2024-33600 EulerOS-SA-2024-2351

CentOS Linux: CVE-2024-33602: Important: glibc security update (CESA-2024:3588) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 06/06/2024 Added 06/05/2024 Modified 06/05/2024 Description nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) centos-upgrade-glibc centos-upgrade-glibc-common centos-upgrade-glibc-debuginfo centos-upgrade-glibc-debuginfo-common centos-upgrade-glibc-devel centos-upgrade-glibc-headers centos-upgrade-glibc-static centos-upgrade-glibc-utils centos-upgrade-nscd References CVE-2024-33602

Huawei EulerOS: CVE-2024-33602: glibc security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) huawei-euleros-2_0_sp12-upgrade-glibc huawei-euleros-2_0_sp12-upgrade-glibc-all-langpacks huawei-euleros-2_0_sp12-upgrade-glibc-common huawei-euleros-2_0_sp12-upgrade-glibc-locale-archive huawei-euleros-2_0_sp12-upgrade-glibc-locale-source huawei-euleros-2_0_sp12-upgrade-libnsl huawei-euleros-2_0_sp12-upgrade-nscd References https://attackerkb.com/topics/cve-2024-33602 CVE - 2024-33602 EulerOS-SA-2024-2351

CentOS Linux: CVE-2024-33599: Important: glibc security update (CESA-2024:3588) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 06/06/2024 Added 06/05/2024 Modified 06/05/2024 Description nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow.This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) centos-upgrade-glibc centos-upgrade-glibc-common centos-upgrade-glibc-debuginfo centos-upgrade-glibc-debuginfo-common centos-upgrade-glibc-devel centos-upgrade-glibc-headers centos-upgrade-glibc-static centos-upgrade-glibc-utils centos-upgrade-nscd References CVE-2024-33599

Huawei EulerOS: CVE-2024-34064: python-jinja2 security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4. Solution(s) huawei-euleros-2_0_sp12-upgrade-python3-jinja2 References https://attackerkb.com/topics/cve-2024-34064 CVE - 2024-34064 EulerOS-SA-2024-2356

Huawei EulerOS: CVE-2024-33599: glibc security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/08/2024 Description nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow.This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) huawei-euleros-2_0_sp12-upgrade-glibc huawei-euleros-2_0_sp12-upgrade-glibc-all-langpacks huawei-euleros-2_0_sp12-upgrade-glibc-common huawei-euleros-2_0_sp12-upgrade-glibc-locale-archive huawei-euleros-2_0_sp12-upgrade-glibc-locale-source huawei-euleros-2_0_sp12-upgrade-libnsl huawei-euleros-2_0_sp12-upgrade-nscd References https://attackerkb.com/topics/cve-2024-33599 CVE - 2024-33599 EulerOS-SA-2024-2351

Huawei EulerOS: CVE-2024-33602: glibc security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 07/17/2024 Added 07/17/2024 Modified 07/17/2024 Description nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) huawei-euleros-2_0_sp9-upgrade-glibc huawei-euleros-2_0_sp9-upgrade-glibc-all-langpacks huawei-euleros-2_0_sp9-upgrade-glibc-common huawei-euleros-2_0_sp9-upgrade-glibc-debugutils huawei-euleros-2_0_sp9-upgrade-glibc-locale-source huawei-euleros-2_0_sp9-upgrade-libnsl huawei-euleros-2_0_sp9-upgrade-nscd References https://attackerkb.com/topics/cve-2024-33602 CVE - 2024-33602 EulerOS-SA-2024-1959

Huawei EulerOS: CVE-2024-33600: glibc security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 10/09/2024 Added 10/08/2024 Modified 02/05/2025 Description nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference.This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) huawei-euleros-2_0_sp11-upgrade-glibc huawei-euleros-2_0_sp11-upgrade-glibc-all-langpacks huawei-euleros-2_0_sp11-upgrade-glibc-common huawei-euleros-2_0_sp11-upgrade-glibc-locale-archive huawei-euleros-2_0_sp11-upgrade-glibc-locale-source huawei-euleros-2_0_sp11-upgrade-libnsl huawei-euleros-2_0_sp11-upgrade-nscd References https://attackerkb.com/topics/cve-2024-33600 CVE - 2024-33600 EulerOS-SA-2024-2099

CentOS Linux: CVE-2024-33600: Important: glibc security update (CESA-2024:3588) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 06/06/2024 Added 06/05/2024 Modified 06/05/2024 Description nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference.This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) centos-upgrade-glibc centos-upgrade-glibc-common centos-upgrade-glibc-debuginfo centos-upgrade-glibc-debuginfo-common centos-upgrade-glibc-devel centos-upgrade-glibc-headers centos-upgrade-glibc-static centos-upgrade-glibc-utils centos-upgrade-nscd References CVE-2024-33600

SUSE: CVE-2024-33601: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 05/21/2024 Added 05/20/2024 Modified 06/04/2024 Description nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients.The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) suse-upgrade-glibc suse-upgrade-glibc-32bit suse-upgrade-glibc-devel suse-upgrade-glibc-devel-32bit suse-upgrade-glibc-devel-static suse-upgrade-glibc-devel-static-32bit suse-upgrade-glibc-extra suse-upgrade-glibc-html suse-upgrade-glibc-i18ndata suse-upgrade-glibc-info suse-upgrade-glibc-lang suse-upgrade-glibc-locale suse-upgrade-glibc-locale-32bit suse-upgrade-glibc-locale-base suse-upgrade-glibc-locale-base-32bit suse-upgrade-glibc-profile suse-upgrade-glibc-profile-32bit suse-upgrade-glibc-utils suse-upgrade-glibc-utils-32bit suse-upgrade-nscd References https://attackerkb.com/topics/cve-2024-33601 CVE - 2024-33601

Rocky Linux: CVE-2024-33601: glibc (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/06/2024 Created 06/17/2024 Added 06/17/2024 Modified 11/18/2024 Description nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients.The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. Solution(s) rocky-upgrade-compat-libpthread-nonshared rocky-upgrade-glibc rocky-upgrade-glibc-all-langpacks rocky-upgrade-glibc-all-langpacks-debuginfo rocky-upgrade-glibc-benchtests rocky-upgrade-glibc-benchtests-debuginfo rocky-upgrade-glibc-common rocky-upgrade-glibc-common-debuginfo rocky-upgrade-glibc-debuginfo rocky-upgrade-glibc-debugsource rocky-upgrade-glibc-devel rocky-upgrade-glibc-gconv-extra rocky-upgrade-glibc-gconv-extra-debuginfo rocky-upgrade-glibc-headers rocky-upgrade-glibc-langpack-aa rocky-upgrade-glibc-langpack-af rocky-upgrade-glibc-langpack-agr rocky-upgrade-glibc-langpack-ak rocky-upgrade-glibc-langpack-am rocky-upgrade-glibc-langpack-an rocky-upgrade-glibc-langpack-anp rocky-upgrade-glibc-langpack-ar rocky-upgrade-glibc-langpack-as rocky-upgrade-glibc-langpack-ast rocky-upgrade-glibc-langpack-ayc rocky-upgrade-glibc-langpack-az rocky-upgrade-glibc-langpack-be rocky-upgrade-glibc-langpack-bem rocky-upgrade-glibc-langpack-ber rocky-upgrade-glibc-langpack-bg rocky-upgrade-glibc-langpack-bhb rocky-upgrade-glibc-langpack-bho rocky-upgrade-glibc-langpack-bi rocky-upgrade-glibc-langpack-bn rocky-upgrade-glibc-langpack-bo rocky-upgrade-glibc-langpack-br rocky-upgrade-glibc-langpack-brx rocky-upgrade-glibc-langpack-bs rocky-upgrade-glibc-langpack-byn rocky-upgrade-glibc-langpack-ca rocky-upgrade-glibc-langpack-ce rocky-upgrade-glibc-langpack-chr rocky-upgrade-glibc-langpack-ckb rocky-upgrade-glibc-langpack-cmn rocky-upgrade-glibc-langpack-crh rocky-upgrade-glibc-langpack-cs rocky-upgrade-glibc-langpack-csb rocky-upgrade-glibc-langpack-cv rocky-upgrade-glibc-langpack-cy rocky-upgrade-glibc-langpack-da rocky-upgrade-glibc-langpack-de rocky-upgrade-glibc-langpack-doi rocky-upgrade-glibc-langpack-dsb rocky-upgrade-glibc-langpack-dv rocky-upgrade-glibc-langpack-dz rocky-upgrade-glibc-langpack-el rocky-upgrade-glibc-langpack-en rocky-upgrade-glibc-langpack-eo rocky-upgrade-glibc-langpack-es rocky-upgrade-glibc-langpack-et rocky-upgrade-glibc-langpack-eu rocky-upgrade-glibc-langpack-fa rocky-upgrade-glibc-langpack-ff rocky-upgrade-glibc-langpack-fi rocky-upgrade-glibc-langpack-fil rocky-upgrade-glibc-langpack-fo rocky-upgrade-glibc-langpack-fr rocky-upgrade-glibc-langpack-fur rocky-upgrade-glibc-langpack-fy rocky-upgrade-glibc-langpack-ga rocky-upgrade-glibc-langpack-gd rocky-upgrade-glibc-langpack-gez rocky-upgrade-glibc-langpack-gl rocky-upgrade-glibc-langpack-gu rocky-upgrade-glibc-langpack-gv rocky-upgrade-glibc-langpack-ha rocky-upgrade-glibc-langpack-hak rocky-upgrade-glibc-langpack-he rocky-upgrade-glibc-langpack-hi rocky-upgrade-glibc-langpack-hif rocky-upgrade-glibc-langpack-hne rocky-upgrade-glibc-langpack-hr rocky-upgrade-glibc-langpack-hsb rocky-upgrade-glibc-langpack-ht rocky-upgrade-glibc-langpack-hu rocky-upgrade-glibc-langpack-hy rocky-upgrade-glibc-langpack-ia rocky-upgrade-glibc-langpack-id rocky-upgrade-glibc-langpack-ig rocky-upgrade-glibc-langpack-ik rocky-upgrade-glibc-langpack-is rocky-upgrade-glibc-langpack-it rocky-upgrade-glibc-langpack-iu rocky-upgrade-glibc-langpack-ja rocky-upgrade-glibc-langpack-ka rocky-upgrade-glibc-langpack-kab rocky-upgrade-glibc-langpack-kk rocky-upgrade-glibc-langpack-kl rocky-upgrade-glibc-langpack-km rocky-upgrade-glibc-langpack-kn rocky-upgrade-glibc-langpack-ko rocky-upgrade-glibc-langpack-kok rocky-upgrade-glibc-langpack-ks rocky-upgrade-glibc-langpack-ku rocky-upgrade-glibc-langpack-kw rocky-upgrade-glibc-langpack-ky rocky-upgrade-glibc-langpack-lb rocky-upgrade-glibc-langpack-lg rocky-upgrade-glibc-langpack-li rocky-upgrade-glibc-langpack-lij rocky-upgrade-glibc-langpack-ln rocky-upgrade-glibc-langpack-lo rocky-upgrade-glibc-langpack-lt rocky-upgrade-glibc-langpack-lv rocky-upgrade-glibc-langpack-lzh rocky-upgrade-glibc-langpack-mag rocky-upgrade-glibc-langpack-mai rocky-upgrade-glibc-langpack-mfe rocky-upgrade-glibc-langpack-mg rocky-upgrade-glibc-langpack-mhr rocky-upgrade-glibc-langpack-mi rocky-upgrade-glibc-langpack-miq rocky-upgrade-glibc-langpack-mjw rocky-upgrade-glibc-langpack-mk rocky-upgrade-glibc-langpack-ml rocky-upgrade-glibc-langpack-mn rocky-upgrade-glibc-langpack-mni rocky-upgrade-glibc-langpack-mnw rocky-upgrade-glibc-langpack-mr rocky-upgrade-glibc-langpack-ms rocky-upgrade-glibc-langpack-mt rocky-upgrade-glibc-langpack-my rocky-upgrade-glibc-langpack-nan rocky-upgrade-glibc-langpack-nb rocky-upgrade-glibc-langpack-nds rocky-upgrade-glibc-langpack-ne rocky-upgrade-glibc-langpack-nhn rocky-upgrade-glibc-langpack-niu rocky-upgrade-glibc-langpack-nl rocky-upgrade-glibc-langpack-nn rocky-upgrade-glibc-langpack-nr rocky-upgrade-glibc-langpack-nso rocky-upgrade-glibc-langpack-oc rocky-upgrade-glibc-langpack-om rocky-upgrade-glibc-langpack-or rocky-upgrade-glibc-langpack-os rocky-upgrade-glibc-langpack-pa rocky-upgrade-glibc-langpack-pap rocky-upgrade-glibc-langpack-pl rocky-upgrade-glibc-langpack-ps rocky-upgrade-glibc-langpack-pt rocky-upgrade-glibc-langpack-quz rocky-upgrade-glibc-langpack-raj rocky-upgrade-glibc-langpack-ro rocky-upgrade-glibc-langpack-ru rocky-upgrade-glibc-langpack-rw rocky-upgrade-glibc-langpack-sa rocky-upgrade-glibc-langpack-sah rocky-upgrade-glibc-langpack-sat rocky-upgrade-glibc-langpack-sc rocky-upgrade-glibc-langpack-sd rocky-upgrade-glibc-langpack-se rocky-upgrade-glibc-langpack-sgs rocky-upgrade-glibc-langpack-shn rocky-upgrade-glibc-langpack-shs rocky-upgrade-glibc-langpack-si rocky-upgrade-glibc-langpack-sid rocky-upgrade-glibc-langpack-sk rocky-upgrade-glibc-langpack-sl rocky-upgrade-glibc-langpack-sm rocky-upgrade-glibc-langpack-so rocky-upgrade-glibc-langpack-sq rocky-upgrade-glibc-langpack-sr rocky-upgrade-glibc-langpack-ss rocky-upgrade-glibc-langpack-st rocky-upgrade-glibc-langpack-sv rocky-upgrade-glibc-langpack-sw rocky-upgrade-glibc-langpack-szl rocky-upgrade-glibc-langpack-ta rocky-upgrade-glibc-langpack-tcy rocky-upgrade-glibc-langpack-te rocky-upgrade-glibc-langpack-tg rocky-upgrade-glibc-langpack-th rocky-upgrade-glibc-langpack-the rocky-upgrade-glibc-langpack-ti rocky-upgrade-glibc-langpack-tig rocky-upgrade-glibc-langpack-tk rocky-upgrade-glibc-langpack-tl rocky-upgrade-glibc-langpack-tn rocky-upgrade-glibc-langpack-to rocky-upgrade-glibc-langpack-tpi rocky-upgrade-glibc-langpack-tr rocky-upgrade-glibc-langpack-ts rocky-upgrade-glibc-langpack-tt rocky-upgrade-glibc-langpack-ug rocky-upgrade-glibc-langpack-uk rocky-upgrade-glibc-langpack-unm rocky-upgrade-glibc-langpack-ur rocky-upgrade-glibc-langpack-uz rocky-upgrade-glibc-langpack-ve rocky-upgrade-glibc-langpack-vi rocky-upgrade-glibc-langpack-wa rocky-upgrade-glibc-langpack-wae rocky-upgrade-glibc-langpack-wal rocky-upgrade-glibc-langpack-wo rocky-upgrade-glibc-langpack-xh rocky-upgrade-glibc-langpack-yi rocky-upgrade-glibc-langpack-yo rocky-upgrade-glibc-langpack-yue rocky-upgrade-glibc-langpack-yuw rocky-upgrade-glibc-langpack-zh rocky-upgrade-glibc-langpack-zu rocky-upgrade-glibc-locale-source rocky-upgrade-glibc-minimal-langpack rocky-upgrade-glibc-nss-devel rocky-upgrade-glibc-static rocky-upgrade-glibc-utils rocky-upgrade-glibc-utils-debuginfo rocky-upgrade-libnsl rocky-upgrade-libnsl-debuginfo rocky-upgrade-nscd rocky-upgrade-nscd-debuginfo rocky-upgrade-nss_db rocky-upgrade-nss_db-debuginfo rocky-upgrade-nss_hesiod rocky-upgrade-nss_hesiod-debuginfo References https://attackerkb.com/topics/cve-2024-33601 CVE - 2024-33601 https://errata.rockylinux.org/RLSA-2024:3339 https://errata.rockylinux.org/RLSA-2024:3344

Amazon Linux 2023: CVE-2024-34064: Medium priority package update for ansible-core (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/06/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4. Solution(s) amazon-linux-2023-upgrade-ansible-core amazon-linux-2023-upgrade-ansible-test amazon-linux-2023-upgrade-python3-jinja2 References https://attackerkb.com/topics/cve-2024-34064 CVE - 2024-34064 https://alas.aws.amazon.com/AL2023/ALAS-2024-644.html https://alas.aws.amazon.com/AL2023/ALAS-2024-645.html