ISHACK AI BOT

Amazon Linux 2023: CVE-2024-27000: Important priority package update for kernel Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/01/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uart_handle_cts_change() function in serial_core expects the caller to hold uport->lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded on an i.MX28 board. [ 85.119255] ------------[ cut here ]------------ [ 85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec [ 85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs [ 85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1 [ 85.151396] Hardware name: Freescale MXS (Device Tree) [ 85.156679] Workqueue: hci0 hci_power_on [bluetooth] (...) [ 85.191765]uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4 [ 85.198787]mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210 (...) Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-90-99-173 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-27000 CVE - 2024-27000 https://alas.aws.amazon.com/AL2023/ALAS-2024-695.html

Amazon Linux 2023: CVE-2024-26946: Important priority package update for kernel Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/01/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Read from an unsafe address with copy_from_kernel_nofault() in arch_adjust_kprobe_addr() because this function is used before checking the address is in text or not. Syzcaller bot found a bug and reported the case if user specifies inaccessible data area, arch_adjust_kprobe_addr() will cause a kernel panic. [ mingo: Clarified the comment. ] Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-84-99-169 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2024-26946 CVE - 2024-26946 https://alas.aws.amazon.com/AL2023/ALAS-2024-696.html

Amazon Linux AMI 2: CVE-2024-2756: Security patch for php (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/29/2024 Created 06/01/2024 Added 05/31/2024 Modified 06/26/2024 Description Due to an incomplete fix toCVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Solution(s) amazon-linux-ami-2-upgrade-php amazon-linux-ami-2-upgrade-php-bcmath amazon-linux-ami-2-upgrade-php-cli amazon-linux-ami-2-upgrade-php-common amazon-linux-ami-2-upgrade-php-dba amazon-linux-ami-2-upgrade-php-dbg amazon-linux-ami-2-upgrade-php-debuginfo amazon-linux-ami-2-upgrade-php-devel amazon-linux-ami-2-upgrade-php-embedded amazon-linux-ami-2-upgrade-php-enchant amazon-linux-ami-2-upgrade-php-fpm amazon-linux-ami-2-upgrade-php-gd amazon-linux-ami-2-upgrade-php-gmp amazon-linux-ami-2-upgrade-php-intl amazon-linux-ami-2-upgrade-php-ldap amazon-linux-ami-2-upgrade-php-mbstring amazon-linux-ami-2-upgrade-php-mysqlnd amazon-linux-ami-2-upgrade-php-odbc amazon-linux-ami-2-upgrade-php-opcache amazon-linux-ami-2-upgrade-php-pdo amazon-linux-ami-2-upgrade-php-pgsql amazon-linux-ami-2-upgrade-php-process amazon-linux-ami-2-upgrade-php-pspell amazon-linux-ami-2-upgrade-php-snmp amazon-linux-ami-2-upgrade-php-soap amazon-linux-ami-2-upgrade-php-sodium amazon-linux-ami-2-upgrade-php-xml References https://attackerkb.com/topics/cve-2024-2756 AL2/ALASPHP8.1-2024-005 AL2/ALASPHP8.2-2024-004 CVE - 2024-2756

Amazon Linux AMI 2: CVE-2024-3096: Security patch for php (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/29/2024 Created 06/01/2024 Added 05/31/2024 Modified 06/26/2024 Description In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. Solution(s) amazon-linux-ami-2-upgrade-php amazon-linux-ami-2-upgrade-php-bcmath amazon-linux-ami-2-upgrade-php-cli amazon-linux-ami-2-upgrade-php-common amazon-linux-ami-2-upgrade-php-dba amazon-linux-ami-2-upgrade-php-dbg amazon-linux-ami-2-upgrade-php-debuginfo amazon-linux-ami-2-upgrade-php-devel amazon-linux-ami-2-upgrade-php-embedded amazon-linux-ami-2-upgrade-php-enchant amazon-linux-ami-2-upgrade-php-fpm amazon-linux-ami-2-upgrade-php-gd amazon-linux-ami-2-upgrade-php-gmp amazon-linux-ami-2-upgrade-php-intl amazon-linux-ami-2-upgrade-php-ldap amazon-linux-ami-2-upgrade-php-mbstring amazon-linux-ami-2-upgrade-php-mysqlnd amazon-linux-ami-2-upgrade-php-odbc amazon-linux-ami-2-upgrade-php-opcache amazon-linux-ami-2-upgrade-php-pdo amazon-linux-ami-2-upgrade-php-pgsql amazon-linux-ami-2-upgrade-php-process amazon-linux-ami-2-upgrade-php-pspell amazon-linux-ami-2-upgrade-php-snmp amazon-linux-ami-2-upgrade-php-soap amazon-linux-ami-2-upgrade-php-sodium amazon-linux-ami-2-upgrade-php-xml References https://attackerkb.com/topics/cve-2024-3096 AL2/ALASPHP8.1-2024-005 AL2/ALASPHP8.2-2024-004 CVE - 2024-3096

SUSE: CVE-2024-33899: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/29/2024 Created 06/13/2024 Added 06/12/2024 Modified 06/12/2024 Description RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences. Solution(s) suse-upgrade-libunrar-devel suse-upgrade-libunrar5_6_1 suse-upgrade-unrar References https://attackerkb.com/topics/cve-2024-33899 CVE - 2024-33899

VMware Photon OS: CVE-2024-33522 Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 04/29/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-33522 CVE - 2024-33522

Alpine Linux: CVE-2024-2756: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 04/29/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Due to an incomplete fix toCVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Solution(s) alpine-linux-upgrade-php81 alpine-linux-upgrade-php82 alpine-linux-upgrade-php83 References https://attackerkb.com/topics/cve-2024-2756 CVE - 2024-2756 https://security.alpinelinux.org/vuln/CVE-2024-2756

Alpine Linux: CVE-2024-2757: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/29/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. Solution(s) alpine-linux-upgrade-php83 References https://attackerkb.com/topics/cve-2024-2757 CVE - 2024-2757 https://security.alpinelinux.org/vuln/CVE-2024-2757

Debian: CVE-2024-4060: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/29/2024 Created 04/29/2024 Added 04/29/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-4060 CVE - 2024-4060 DSA-5675-1

Debian: CVE-2023-52723: libkf5ksieve -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/29/2024 Created 05/07/2024 Added 05/07/2024 Modified 05/07/2024 Description In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value. Solution(s) debian-upgrade-libkf5ksieve References https://attackerkb.com/topics/cve-2023-52723 CVE - 2023-52723 DLA-3809-1

Ubuntu: (Multiple Advisories) (CVE-2024-2756): PHP vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/29/2024 Created 04/30/2024 Added 04/30/2024 Modified 11/15/2024 Description Due to an incomplete fix toCVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Solution(s) ubuntu-pro-upgrade-libapache2-mod-php7-0 ubuntu-pro-upgrade-libapache2-mod-php7-2 ubuntu-pro-upgrade-libapache2-mod-php7-4 ubuntu-pro-upgrade-libapache2-mod-php8-1 ubuntu-pro-upgrade-libapache2-mod-php8-2 ubuntu-pro-upgrade-php7-0 ubuntu-pro-upgrade-php7-0-cgi ubuntu-pro-upgrade-php7-0-cli ubuntu-pro-upgrade-php7-0-fpm ubuntu-pro-upgrade-php7-0-xml ubuntu-pro-upgrade-php7-2 ubuntu-pro-upgrade-php7-2-cgi ubuntu-pro-upgrade-php7-2-cli ubuntu-pro-upgrade-php7-2-fpm ubuntu-pro-upgrade-php7-2-xml ubuntu-pro-upgrade-php7-4 ubuntu-pro-upgrade-php7-4-cgi ubuntu-pro-upgrade-php7-4-cli ubuntu-pro-upgrade-php7-4-fpm ubuntu-pro-upgrade-php7-4-xml ubuntu-pro-upgrade-php8-1 ubuntu-pro-upgrade-php8-1-cgi ubuntu-pro-upgrade-php8-1-cli ubuntu-pro-upgrade-php8-1-fpm ubuntu-pro-upgrade-php8-1-xml ubuntu-pro-upgrade-php8-2 ubuntu-pro-upgrade-php8-2-cgi ubuntu-pro-upgrade-php8-2-cli ubuntu-pro-upgrade-php8-2-fpm ubuntu-pro-upgrade-php8-2-xml References https://attackerkb.com/topics/cve-2024-2756 CVE - 2024-2756 USN-6757-1 USN-6757-2

Alma Linux: CVE-2024-2756: Moderate: php:8.2 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/29/2024 Created 12/20/2024 Added 12/19/2024 Modified 12/24/2024 Description Due to an incomplete fix toCVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Solution(s) alma-upgrade-apcu-panel alma-upgrade-libzip alma-upgrade-libzip-devel alma-upgrade-libzip-tools alma-upgrade-php alma-upgrade-php-bcmath alma-upgrade-php-cli alma-upgrade-php-common alma-upgrade-php-dba alma-upgrade-php-dbg alma-upgrade-php-devel alma-upgrade-php-embedded alma-upgrade-php-enchant alma-upgrade-php-ffi alma-upgrade-php-fpm alma-upgrade-php-gd alma-upgrade-php-gmp alma-upgrade-php-intl alma-upgrade-php-json alma-upgrade-php-ldap alma-upgrade-php-mbstring alma-upgrade-php-mysqlnd alma-upgrade-php-odbc alma-upgrade-php-opcache alma-upgrade-php-pdo alma-upgrade-php-pear alma-upgrade-php-pecl-apcu alma-upgrade-php-pecl-apcu-devel alma-upgrade-php-pecl-rrd alma-upgrade-php-pecl-xdebug alma-upgrade-php-pecl-xdebug3 alma-upgrade-php-pecl-zip alma-upgrade-php-pgsql alma-upgrade-php-process alma-upgrade-php-snmp alma-upgrade-php-soap alma-upgrade-php-xml alma-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2024-2756 CVE - 2024-2756 https://errata.almalinux.org/8/ALSA-2024-10951.html https://errata.almalinux.org/8/ALSA-2024-10952.html https://errata.almalinux.org/9/ALSA-2024-10949.html https://errata.almalinux.org/9/ALSA-2024-10950.html

Alma Linux: CVE-2024-3096: Moderate: php:8.2 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/29/2024 Created 12/20/2024 Added 12/19/2024 Modified 12/24/2024 Description In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. Solution(s) alma-upgrade-apcu-panel alma-upgrade-libzip alma-upgrade-libzip-devel alma-upgrade-libzip-tools alma-upgrade-php alma-upgrade-php-bcmath alma-upgrade-php-cli alma-upgrade-php-common alma-upgrade-php-dba alma-upgrade-php-dbg alma-upgrade-php-devel alma-upgrade-php-embedded alma-upgrade-php-enchant alma-upgrade-php-ffi alma-upgrade-php-fpm alma-upgrade-php-gd alma-upgrade-php-gmp alma-upgrade-php-intl alma-upgrade-php-json alma-upgrade-php-ldap alma-upgrade-php-mbstring alma-upgrade-php-mysqlnd alma-upgrade-php-odbc alma-upgrade-php-opcache alma-upgrade-php-pdo alma-upgrade-php-pear alma-upgrade-php-pecl-apcu alma-upgrade-php-pecl-apcu-devel alma-upgrade-php-pecl-rrd alma-upgrade-php-pecl-xdebug alma-upgrade-php-pecl-xdebug3 alma-upgrade-php-pecl-zip alma-upgrade-php-pgsql alma-upgrade-php-process alma-upgrade-php-snmp alma-upgrade-php-soap alma-upgrade-php-xml alma-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2024-3096 CVE - 2024-3096 https://errata.almalinux.org/8/ALSA-2024-10951.html https://errata.almalinux.org/8/ALSA-2024-10952.html https://errata.almalinux.org/9/ALSA-2024-10949.html https://errata.almalinux.org/9/ALSA-2024-10950.html

Debian: CVE-2024-4059: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 04/29/2024 Created 04/29/2024 Added 04/29/2024 Modified 01/28/2025 Description Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-4059 CVE - 2024-4059 DSA-5675-1

Alpine Linux: CVE-2024-1874: Vulnerability in Multiple Components Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:P) Published 04/29/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. Solution(s) alpine-linux-upgrade-php81 alpine-linux-upgrade-php82 alpine-linux-upgrade-php83 References https://attackerkb.com/topics/cve-2024-1874 CVE - 2024-1874 https://security.alpinelinux.org/vuln/CVE-2024-1874

Amazon Linux AMI 2: CVE-2024-27322: Security patch for R (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/29/2024 Created 07/04/2024 Added 07/04/2024 Modified 07/15/2024 Description Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with. Solution(s) amazon-linux-ami-2-upgrade-librmath amazon-linux-ami-2-upgrade-librmath-devel amazon-linux-ami-2-upgrade-librmath-static amazon-linux-ami-2-upgrade-r amazon-linux-ami-2-upgrade-r-core amazon-linux-ami-2-upgrade-r-core-devel amazon-linux-ami-2-upgrade-r-debuginfo amazon-linux-ami-2-upgrade-r-devel amazon-linux-ami-2-upgrade-r-java amazon-linux-ami-2-upgrade-r-java-devel References https://attackerkb.com/topics/cve-2024-27322 AL2/ALASR3.4-2024-001 AL2/ALASR4-2024-002 CVE - 2024-27322

Microsoft Edge Chromium: CVE-2024-4060 Use after free in Dawn Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/29/2024 Created 04/29/2024 Added 04/29/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-4060 CVE - 2024-4060 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4060

Ubuntu: (CVE-2024-2757): php8.3 vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/29/2024 Created 11/21/2024 Added 11/19/2024 Modified 11/19/2024 Description In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. Solution(s) ubuntu-upgrade-php8-3 References https://attackerkb.com/topics/cve-2024-2757 CVE - 2024-2757 https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq https://www.cve.org/CVERecord?id=CVE-2024-2757

Ubuntu: (Multiple Advisories) (CVE-2024-3096): PHP vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/29/2024 Created 04/30/2024 Added 04/30/2024 Modified 11/15/2024 Description In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. Solution(s) ubuntu-pro-upgrade-libapache2-mod-php7-0 ubuntu-pro-upgrade-libapache2-mod-php7-2 ubuntu-pro-upgrade-libapache2-mod-php7-4 ubuntu-pro-upgrade-libapache2-mod-php8-1 ubuntu-pro-upgrade-libapache2-mod-php8-2 ubuntu-pro-upgrade-php7-0 ubuntu-pro-upgrade-php7-0-cgi ubuntu-pro-upgrade-php7-0-cli ubuntu-pro-upgrade-php7-0-fpm ubuntu-pro-upgrade-php7-0-xml ubuntu-pro-upgrade-php7-2 ubuntu-pro-upgrade-php7-2-cgi ubuntu-pro-upgrade-php7-2-cli ubuntu-pro-upgrade-php7-2-fpm ubuntu-pro-upgrade-php7-2-xml ubuntu-pro-upgrade-php7-4 ubuntu-pro-upgrade-php7-4-cgi ubuntu-pro-upgrade-php7-4-cli ubuntu-pro-upgrade-php7-4-fpm ubuntu-pro-upgrade-php7-4-xml ubuntu-pro-upgrade-php8-1 ubuntu-pro-upgrade-php8-1-cgi ubuntu-pro-upgrade-php8-1-cli ubuntu-pro-upgrade-php8-1-fpm ubuntu-pro-upgrade-php8-1-xml ubuntu-pro-upgrade-php8-2 ubuntu-pro-upgrade-php8-2-cgi ubuntu-pro-upgrade-php8-2-cli ubuntu-pro-upgrade-php8-2-fpm ubuntu-pro-upgrade-php8-2-xml References https://attackerkb.com/topics/cve-2024-3096 CVE - 2024-3096 USN-6757-1 USN-6757-2

R: CVE-2024-27322: Deserialization of Untrusted Data in R Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/29/2024 Created 05/13/2024 Added 05/10/2024 Modified 05/14/2024 Description Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with. Solution(s) r-upgrade-latest References https://attackerkb.com/topics/cve-2024-27322 CVE - 2024-27322 https://hiddenlayer.com/research/r-bitrary-code-execution/

Debian: CVE-2024-4058: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2024 Created 04/29/2024 Added 04/29/2024 Modified 01/28/2025 Description Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-4058 CVE - 2024-4058 DSA-5675-1

Microsoft Edge Chromium: CVE-2024-4058 Type Confusion in ANGLE Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/29/2024 Created 04/29/2024 Added 04/29/2024 Modified 01/28/2025 Description Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-4058 CVE - 2024-4058 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-4058

Ubuntu: (CVE-2022-48634): linux vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/28/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gma_crtc_page_flip() was holding the event_lock spinlock while calling crtc_funcs->mode_set_base() which takes ww_mutex. The only reason to hold event_lock is to clear gma_crtc->page_flip_event on mode_set_base() errors. Instead unlock it after setting gma_crtc->page_flip_event and on errors re-take the lock and clear gma_crtc->page_flip_event it it is still set. This fixes the following WARN/stacktrace: [512.122953] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:870 [512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, name: gnome-shell [512.123031] preempt_count: 1, expected: 0 [512.123048] RCU nest depth: 0, expected: 0 [512.123066] INFO: lockdep is turned off. [512.123080] irq event stamp: 0 [512.123094] hardirqs lastenabled at (0): [<0000000000000000>] 0x0 [512.123134] hardirqs last disabled at (0): [<ffffffff8d0ec28c>] copy_process+0x9fc/0x1de0 [512.123176] softirqs lastenabled at (0): [<ffffffff8d0ec28c>] copy_process+0x9fc/0x1de0 [512.123207] softirqs last disabled at (0): [<0000000000000000>] 0x0 [512.123233] Preemption disabled at: [512.123241] [<0000000000000000>] 0x0 [512.123275] CPU: 3 PID: 1253 Comm: gnome-shell Tainted: GW 5.19.0+ #1 [512.123304] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013 [512.123323] Call Trace: [512.123346]<TASK> [512.123370]dump_stack_lvl+0x5b/0x77 [512.123412]__might_resched.cold+0xff/0x13a [512.123458]ww_mutex_lock+0x1e/0xa0 [512.123495]psb_gem_pin+0x2c/0x150 [gma500_gfx] [512.123601]gma_pipe_set_base+0x76/0x240 [gma500_gfx] [512.123708]gma_crtc_page_flip+0x95/0x130 [gma500_gfx] [512.123808]drm_mode_page_flip_ioctl+0x57d/0x5d0 [512.123897]? drm_mode_cursor2_ioctl+0x10/0x10 [512.123936]drm_ioctl_kernel+0xa1/0x150 [512.123984]drm_ioctl+0x21f/0x420 [512.124025]? drm_mode_cursor2_ioctl+0x10/0x10 [512.124070]? rcu_read_lock_bh_held+0xb/0x60 [512.124104]? lock_release+0x1ef/0x2d0 [512.124161]__x64_sys_ioctl+0x8d/0xd0 [512.124203]do_syscall_64+0x58/0x80 [512.124239]? do_syscall_64+0x67/0x80 [512.124267]? trace_hardirqs_on_prepare+0x55/0xe0 [512.124300]? do_syscall_64+0x67/0x80 [512.124340]? rcu_read_lock_sched_held+0x10/0x80 [512.124377]entry_SYSCALL_64_after_hwframe+0x63/0xcd [512.124411] RIP: 0033:0x7fcc4a70740f [512.124442] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [512.124470] RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f [512.124524] RDX: 00007ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009 [512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034 [512.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0 [512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0 [512.124647]</TASK> Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-15 ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-azure-fde ubuntu-upgrade-linux-azure-fde-5-15 ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gke ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-gkeop-5-15 ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lowlatency ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-nvidia ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-15 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-realtime ubuntu-upgrade-linux-riscv-5-15 References https://attackerkb.com/topics/cve-2022-48634 CVE - 2022-48634 https://git.kernel.org/linus/63e37a79f7bd939314997e29c2f5a9f0ef184281 https://git.kernel.org/stable/c/63e37a79f7bd939314997e29c2f5a9f0ef184281 https://git.kernel.org/stable/c/a6ed7624bf4d0a32f2631e74828bca7b7bf15afd https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd https://git.kernel.org/stable/c/e5ae504c8623476e13032670f1a6d6344d53ec9b https://www.cve.org/CVERecord?id=CVE-2022-48634 View more

Alma Linux: CVE-2022-48632: Important: kernel security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/28/2024 Created 08/13/2024 Added 08/12/2024 Modified 08/12/2024 Description In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-devel alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf References https://attackerkb.com/topics/cve-2022-48632 CVE - 2022-48632 https://errata.almalinux.org/8/ALSA-2024-5101.html https://errata.almalinux.org/8/ALSA-2024-5102.html

Ubuntu: (CVE-2022-48641): linux vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/28/2024 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix memory leak when blob is malformed The bug fix was incomplete, it "replaced" crash with a memory leak. The old code had an assignment to "ret" embedded into the conditional, restore this. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-15 ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-aws-hwe ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-4-15 ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fde ubuntu-upgrade-linux-azure-fde-5-15 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-4-15 ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gke ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-gkeop-5-15 ubuntu-upgrade-linux-hwe ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-ibm-5-4 ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-iot ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lowlatency ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-15 ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 ubuntu-upgrade-linux-realtime ubuntu-upgrade-linux-riscv-5-15 References https://attackerkb.com/topics/cve-2022-48641 CVE - 2022-48641 https://git.kernel.org/linus/62ce44c4fff947eebdf10bb582267e686e6835c9 https://git.kernel.org/stable/c/11ebf32fde46572b0aaf3c2bdd97d923ef5a03ab https://git.kernel.org/stable/c/1e98318af2f163eadaff815abcef38d27ca92c1e https://git.kernel.org/stable/c/38cf372b17f0a5f35c1b716a100532d539f0eb33 https://git.kernel.org/stable/c/62ce44c4fff947eebdf10bb582267e686e6835c9 https://git.kernel.org/stable/c/754e8b74281dd54a324698803483f47cf3355ae1 https://git.kernel.org/stable/c/d5917b7af7cae0e2804f9d127a03268035098b7f https://git.kernel.org/stable/c/ebd97dbe3c55d68346b9c5fb00634a7f5b10bbee https://www.cve.org/CVERecord?id=CVE-2022-48641 View more