ISHACK AI BOT

Oracle Linux: CVE-2024-26921: ELSA-2024-5101:kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/18/2024 Created 08/20/2024 Added 08/16/2024 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be released. This affects skb fragments reassembled via netfilter or similar modules, e.g. openvswitch or ct_act.c, when run as part of tx pipeline. Eric Dumazet made an initial analysis of this bug.Quoting Eric: Calling ip_defrag() in output path is also implying skb_orphan(), which is buggy because output path relies on sk not disappearing. A relevant old patch about the issue was : 8282f27449bf ("inet: frag: Always orphan skbs inside ip_defrag()") [..] net/ipv4/ip_output.c depends on skb->sk being set, and probably to an inet socket, not an arbitrary one. If we orphan the packet in ipvlan, then downstream things like FQ packet scheduler will not work properly. We need to change ip_defrag() to only use skb_orphan() when really needed, ie whenever frag_list is going to be used. Eric suggested to stash sk in fragment queue and made an initial patch. However there is a problem with this: If skb is refragmented again right after, ip_do_fragment() will copy head->sk to the new fragments, and sets up destructor to sock_wfree. IOW, we have no choice but to fix up sk_wmem accouting to reflect the fully reassembled skb, else wmem will underflow. This change moves the orphan down into the core, to last possible moment. As ip_defrag_offset is aliased with sk_buff->sk member, we must move the offset into the FRAG_CB, else skb->sk gets clobbered. This allows to delay the orphaning long enough to learn if the skb has to be queued or if the skb is completing the reasm queue. In the former case, things work as before, skb is orphaned.This is safe because skb gets queued/stolen and won't continue past reasm engine. In the latter case, we will steal the skb->sk reference, reattach it to the head skb, and fix up wmem accouting when inet_frag inflates truesize. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2024-26921 CVE - 2024-26921 ELSA-2024-5101 ELSA-2024-12884

SUSE: CVE-2024-26921: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/18/2024 Created 06/13/2024 Added 06/12/2024 Modified 08/28/2024 Description In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be released. This affects skb fragments reassembled via netfilter or similar modules, e.g. openvswitch or ct_act.c, when run as part of tx pipeline. Eric Dumazet made an initial analysis of this bug.Quoting Eric: Calling ip_defrag() in output path is also implying skb_orphan(), which is buggy because output path relies on sk not disappearing. A relevant old patch about the issue was : 8282f27449bf ("inet: frag: Always orphan skbs inside ip_defrag()") [..] net/ipv4/ip_output.c depends on skb->sk being set, and probably to an inet socket, not an arbitrary one. If we orphan the packet in ipvlan, then downstream things like FQ packet scheduler will not work properly. We need to change ip_defrag() to only use skb_orphan() when really needed, ie whenever frag_list is going to be used. Eric suggested to stash sk in fragment queue and made an initial patch. However there is a problem with this: If skb is refragmented again right after, ip_do_fragment() will copy head->sk to the new fragments, and sets up destructor to sock_wfree. IOW, we have no choice but to fix up sk_wmem accouting to reflect the fully reassembled skb, else wmem will underflow. This change moves the orphan down into the core, to last possible moment. As ip_defrag_offset is aliased with sk_buff->sk member, we must move the offset into the FRAG_CB, else skb->sk gets clobbered. This allows to delay the orphaning long enough to learn if the skb has to be queued or if the skb is completing the reasm queue. In the former case, things work as before, skb is orphaned.This is safe because skb gets queued/stolen and won't continue past reasm engine. In the latter case, we will steal the skb->sk reference, reattach it to the head skb, and fix up wmem accouting when inet_frag inflates truesize. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2024-26921 CVE - 2024-26921

Huawei EulerOS: CVE-2024-26921: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/18/2024 Created 07/17/2024 Added 07/17/2024 Modified 01/13/2025 Description In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be released. This affects skb fragments reassembled via netfilter or similar modules, e.g. openvswitch or ct_act.c, when run as part of tx pipeline. Eric Dumazet made an initial analysis of this bug.Quoting Eric: Calling ip_defrag() in output path is also implying skb_orphan(), which is buggy because output path relies on sk not disappearing. A relevant old patch about the issue was : 8282f27449bf ("inet: frag: Always orphan skbs inside ip_defrag()") [..] net/ipv4/ip_output.c depends on skb->sk being set, and probably to an inet socket, not an arbitrary one. If we orphan the packet in ipvlan, then downstream things like FQ packet scheduler will not work properly. We need to change ip_defrag() to only use skb_orphan() when really needed, ie whenever frag_list is going to be used. Eric suggested to stash sk in fragment queue and made an initial patch. However there is a problem with this: If skb is refragmented again right after, ip_do_fragment() will copy head->sk to the new fragments, and sets up destructor to sock_wfree. IOW, we have no choice but to fix up sk_wmem accouting to reflect the fully reassembled skb, else wmem will underflow. This change moves the orphan down into the core, to last possible moment. As ip_defrag_offset is aliased with sk_buff->sk member, we must move the offset into the FRAG_CB, else skb->sk gets clobbered. This allows to delay the orphaning long enough to learn if the skb has to be queued or if the skb is completing the reasm queue. In the former case, things work as before, skb is orphaned.This is safe because skb gets queued/stolen and won't continue past reasm engine. In the latter case, we will steal the skb->sk reference, reattach it to the head skb, and fix up wmem accouting when inet_frag inflates truesize. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-26921 CVE - 2024-26921 EulerOS-SA-2024-1964

SUSE: CVE-2023-3758: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/18/2024 Created 05/08/2024 Added 05/08/2024 Modified 06/11/2024 Description A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. Solution(s) suse-upgrade-libipa_hbac-devel suse-upgrade-libipa_hbac0 suse-upgrade-libnfsidmap-sss suse-upgrade-libsss_certmap-devel suse-upgrade-libsss_certmap0 suse-upgrade-libsss_idmap-devel suse-upgrade-libsss_idmap0 suse-upgrade-libsss_nss_idmap-devel suse-upgrade-libsss_nss_idmap0 suse-upgrade-libsss_simpleifp-devel suse-upgrade-libsss_simpleifp0 suse-upgrade-python-sssd-config suse-upgrade-python3-ipa_hbac suse-upgrade-python3-sss-murmur suse-upgrade-python3-sss_nss_idmap suse-upgrade-python3-sssd-config suse-upgrade-sssd suse-upgrade-sssd-32bit suse-upgrade-sssd-ad suse-upgrade-sssd-common suse-upgrade-sssd-common-32bit suse-upgrade-sssd-dbus suse-upgrade-sssd-ipa suse-upgrade-sssd-kcm suse-upgrade-sssd-krb5 suse-upgrade-sssd-krb5-common suse-upgrade-sssd-ldap suse-upgrade-sssd-proxy suse-upgrade-sssd-tools suse-upgrade-sssd-winbind-idmap References https://attackerkb.com/topics/cve-2023-3758 CVE - 2023-3758

Oracle Linux: CVE-2024-32462: ELSA-2024-3961:flatpak security update (IMPORTANT) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:N) Published 04/18/2024 Created 06/20/2024 Added 06/18/2024 Modified 12/24/2024 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6. A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Normally, the "--command" argument of "flatpak run" expects being given a command to run in the specified Flatpak app, along with optional arguments. However, it is possible to pass bwrap arguments to "--command=" instead, such as "--bind". It is possible to pass an arbitrary "commandline" to the portal interface "org.freedesktop.portal.Background.RequestBackground" within the Flatpak app. This is normally safe because it can only specify a command that exists inside the sandbox. When a crafted "commandline" is converted into a "--command" and arguments, the app could achieve the same effect of passing arguments directly to bwrap to achieve sandbox escape. Solution(s) oracle-linux-upgrade-flatpak oracle-linux-upgrade-flatpak-builder oracle-linux-upgrade-flatpak-devel oracle-linux-upgrade-flatpak-libs oracle-linux-upgrade-flatpak-selinux oracle-linux-upgrade-flatpak-session-helper References https://attackerkb.com/topics/cve-2024-32462 CVE - 2024-32462 ELSA-2024-3961 ELSA-2024-3980 ELSA-2024-3959

SUSE: CVE-2024-27306: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/18/2024 Created 06/01/2024 Added 05/31/2024 Modified 05/31/2024 Description aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade. Solution(s) suse-upgrade-python311-aiohttp References https://attackerkb.com/topics/cve-2024-27306 CVE - 2024-27306

Red Hat: CVE-2024-32462: flatpak: sandbox escape via RequestBackground portal (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/18/2024 Created 06/20/2024 Added 06/19/2024 Modified 09/03/2024 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6. Solution(s) redhat-upgrade-flatpak redhat-upgrade-flatpak-builder redhat-upgrade-flatpak-debuginfo redhat-upgrade-flatpak-debugsource redhat-upgrade-flatpak-devel redhat-upgrade-flatpak-libs redhat-upgrade-flatpak-libs-debuginfo redhat-upgrade-flatpak-selinux redhat-upgrade-flatpak-session-helper redhat-upgrade-flatpak-session-helper-debuginfo redhat-upgrade-flatpak-tests-debuginfo References CVE-2024-32462 RHSA-2024:3959 RHSA-2024:3960 RHSA-2024:3961 RHSA-2024:3962 RHSA-2024:3980

Amazon Linux 2023: CVE-2024-32475: Important priority package update for ecs-service-connect-agent Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/18/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5. Solution(s) amazon-linux-2023-upgrade-ecs-service-connect-agent References https://attackerkb.com/topics/cve-2024-32475 CVE - 2024-32475 https://alas.aws.amazon.com/AL2023/ALAS-2024-647.html

Ubuntu: USN-6836-1 (CVE-2023-3758): SSSD vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/18/2024 Created 06/24/2024 Added 06/24/2024 Modified 10/23/2024 Description A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. Solution(s) ubuntu-upgrade-sssd References https://attackerkb.com/topics/cve-2023-3758 CVE - 2023-3758 USN-6836-1

Rocky Linux: CVE-2024-32462: flatpak (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/18/2024 Created 07/03/2024 Added 07/03/2024 Modified 11/18/2024 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6. Solution(s) rocky-upgrade-flatpak rocky-upgrade-flatpak-debuginfo rocky-upgrade-flatpak-debugsource rocky-upgrade-flatpak-devel rocky-upgrade-flatpak-libs rocky-upgrade-flatpak-libs-debuginfo rocky-upgrade-flatpak-session-helper rocky-upgrade-flatpak-session-helper-debuginfo References https://attackerkb.com/topics/cve-2024-32462 CVE - 2024-32462 https://errata.rockylinux.org/RLSA-2024:3959 https://errata.rockylinux.org/RLSA-2024:3961

Rocky Linux: CVE-2023-3758: sssd (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/18/2024 Created 05/13/2024 Added 05/13/2024 Modified 11/18/2024 Description A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. Solution(s) rocky-upgrade-libipa_hbac rocky-upgrade-libipa_hbac-debuginfo rocky-upgrade-libsss_autofs rocky-upgrade-libsss_autofs-debuginfo rocky-upgrade-libsss_certmap rocky-upgrade-libsss_certmap-debuginfo rocky-upgrade-libsss_idmap rocky-upgrade-libsss_idmap-debuginfo rocky-upgrade-libsss_nss_idmap rocky-upgrade-libsss_nss_idmap-debuginfo rocky-upgrade-libsss_nss_idmap-devel rocky-upgrade-libsss_simpleifp rocky-upgrade-libsss_simpleifp-debuginfo rocky-upgrade-libsss_sudo rocky-upgrade-libsss_sudo-debuginfo rocky-upgrade-python3-libipa_hbac rocky-upgrade-python3-libipa_hbac-debuginfo rocky-upgrade-python3-libsss_nss_idmap rocky-upgrade-python3-libsss_nss_idmap-debuginfo rocky-upgrade-python3-sss rocky-upgrade-python3-sss-debuginfo rocky-upgrade-python3-sss-murmur rocky-upgrade-python3-sss-murmur-debuginfo rocky-upgrade-sssd rocky-upgrade-sssd-ad rocky-upgrade-sssd-ad-debuginfo rocky-upgrade-sssd-client rocky-upgrade-sssd-client-debuginfo rocky-upgrade-sssd-common rocky-upgrade-sssd-common-debuginfo rocky-upgrade-sssd-common-pac rocky-upgrade-sssd-common-pac-debuginfo rocky-upgrade-sssd-dbus rocky-upgrade-sssd-dbus-debuginfo rocky-upgrade-sssd-debuginfo rocky-upgrade-sssd-debugsource rocky-upgrade-sssd-idp rocky-upgrade-sssd-idp-debuginfo rocky-upgrade-sssd-ipa rocky-upgrade-sssd-ipa-debuginfo rocky-upgrade-sssd-kcm rocky-upgrade-sssd-kcm-debuginfo rocky-upgrade-sssd-krb5 rocky-upgrade-sssd-krb5-common rocky-upgrade-sssd-krb5-common-debuginfo rocky-upgrade-sssd-krb5-debuginfo rocky-upgrade-sssd-ldap rocky-upgrade-sssd-ldap-debuginfo rocky-upgrade-sssd-nfs-idmap rocky-upgrade-sssd-nfs-idmap-debuginfo rocky-upgrade-sssd-passkey rocky-upgrade-sssd-passkey-debuginfo rocky-upgrade-sssd-polkit-rules rocky-upgrade-sssd-proxy rocky-upgrade-sssd-proxy-debuginfo rocky-upgrade-sssd-tools rocky-upgrade-sssd-tools-debuginfo rocky-upgrade-sssd-winbind-idmap rocky-upgrade-sssd-winbind-idmap-debuginfo References https://attackerkb.com/topics/cve-2023-3758 CVE - 2023-3758 https://errata.rockylinux.org/RLSA-2024:2571 https://errata.rockylinux.org/RLSA-2024:3270

FortiNet FortiClient Endpoint Management Server FCTID SQLi to RCE Disclosed 04/21/2024 Created 04/19/2024 Description An SQLi injection vulnerability exists in FortiNet FortiClient EMS (Endpoint Management Server). FortiClient EMS serves as an endpoint management solution tailored for enterprises, offering a centralized platform for overseeing enrolled endpoints. The SQLi is vulnerability is due to user controller strings which can be sent directly into database queries. FcmDaemon.exe is the main service responsible for communicating with enrolled clients. By default it listens on port 8013 and communicates with FCTDas.exe which is responsible for translating requests and sending them to the database. In the message header of a specific request sent between the two services, the FCTUID parameter is vulnerable SQLi. The SQLi can used to enable the xp_cmdshell which can then be used to obtain unauthenticated remote code execution in the context of NT AUTHORITY\SYSTEM Affected versions of FortiClient EMS include: 7.2.0 through 7.2.2 7.0.1 through 7.0.10 Upgrading to either 7.2.3, 7.0.11 or above is recommended by FortiNet. It should be noted that in order to be vulnerable, at least one endpoint needs to be enrolled / managed by FortiClient EMS for the necessary vulnerable services to be available. Author(s) Zach Hanley James Horseman jheysel-r7 Spencer McIntyre Platform Windows Architectures cmd Development Source Code History

FreeBSD: VID-3E44C35F-6CF4-11EF-B813-4CCC6ADDA413 (CVE-2024-39695): exiv2 -- Out-of-bounds read in AsfVideo::streamProperties Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:P) Published 04/21/2024 Created 09/10/2024 Added 09/08/2024 Modified 01/28/2025 Description Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.2. The vulnerability is in the parser for the ASF video format, which was a new feature in v0.28.0. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. The bug is fixed in version v0.28.3. Solution(s) freebsd-upgrade-package-exiv2 References CVE-2024-39695

Debian: CVE-2023-50010: ffmpeg -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/19/2024 Created 06/17/2024 Added 06/17/2024 Modified 06/17/2024 Description Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component. Solution(s) debian-upgrade-ffmpeg References https://attackerkb.com/topics/cve-2023-50010 CVE - 2023-50010 DSA-5712-1

Ubuntu: USN-6803-1 (CVE-2023-50009): FFmpeg vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/19/2024 Created 06/07/2024 Added 06/06/2024 Modified 10/23/2024 Description Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component. Solution(s) ubuntu-upgrade-ffmpeg ubuntu-upgrade-libavcodec-extra60 ubuntu-upgrade-libavcodec60 ubuntu-upgrade-libavdevice60 ubuntu-upgrade-libavfilter-extra9 ubuntu-upgrade-libavfilter9 ubuntu-upgrade-libavformat-extra60 ubuntu-upgrade-libavformat60 ubuntu-upgrade-libavutil58 ubuntu-upgrade-libpostproc57 ubuntu-upgrade-libswresample4 ubuntu-upgrade-libswscale7 References https://attackerkb.com/topics/cve-2023-50009 CVE - 2023-50009 USN-6803-1

Ubuntu: USN-6803-1 (CVE-2023-50010): FFmpeg vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/19/2024 Created 06/07/2024 Added 06/06/2024 Modified 01/23/2025 Description Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component. Solution(s) ubuntu-pro-upgrade-ffmpeg ubuntu-pro-upgrade-libavcodec-extra57 ubuntu-pro-upgrade-libavcodec-extra58 ubuntu-pro-upgrade-libavcodec-extra60 ubuntu-pro-upgrade-libavcodec-ffmpeg-extra56 ubuntu-pro-upgrade-libavcodec-ffmpeg56 ubuntu-pro-upgrade-libavcodec57 ubuntu-pro-upgrade-libavcodec58 ubuntu-pro-upgrade-libavcodec60 ubuntu-pro-upgrade-libavdevice-ffmpeg56 ubuntu-pro-upgrade-libavdevice57 ubuntu-pro-upgrade-libavdevice58 ubuntu-pro-upgrade-libavdevice60 ubuntu-pro-upgrade-libavfilter-extra6 ubuntu-pro-upgrade-libavfilter-extra7 ubuntu-pro-upgrade-libavfilter-extra9 ubuntu-pro-upgrade-libavfilter-ffmpeg5 ubuntu-pro-upgrade-libavfilter6 ubuntu-pro-upgrade-libavfilter7 ubuntu-pro-upgrade-libavfilter9 ubuntu-pro-upgrade-libavformat-extra ubuntu-pro-upgrade-libavformat-extra58 ubuntu-pro-upgrade-libavformat-extra60 ubuntu-pro-upgrade-libavformat-ffmpeg56 ubuntu-pro-upgrade-libavformat57 ubuntu-pro-upgrade-libavformat58 ubuntu-pro-upgrade-libavformat60 ubuntu-pro-upgrade-libavresample-ffmpeg2 ubuntu-pro-upgrade-libavresample3 ubuntu-pro-upgrade-libavresample4 ubuntu-pro-upgrade-libavutil-ffmpeg54 ubuntu-pro-upgrade-libavutil55 ubuntu-pro-upgrade-libavutil56 ubuntu-pro-upgrade-libavutil58 ubuntu-pro-upgrade-libpostproc-ffmpeg53 ubuntu-pro-upgrade-libpostproc54 ubuntu-pro-upgrade-libpostproc55 ubuntu-pro-upgrade-libpostproc57 ubuntu-pro-upgrade-libswresample-ffmpeg1 ubuntu-pro-upgrade-libswresample2 ubuntu-pro-upgrade-libswresample3 ubuntu-pro-upgrade-libswresample4 ubuntu-pro-upgrade-libswscale-ffmpeg3 ubuntu-pro-upgrade-libswscale4 ubuntu-pro-upgrade-libswscale5 ubuntu-pro-upgrade-libswscale7 References https://attackerkb.com/topics/cve-2023-50010 CVE - 2023-50010 USN-6803-1

Ubuntu: USN-6803-1 (CVE-2023-49502): FFmpeg vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/19/2024 Created 06/07/2024 Added 06/06/2024 Modified 01/23/2025 Description Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. Solution(s) ubuntu-pro-upgrade-ffmpeg ubuntu-pro-upgrade-libavcodec-extra57 ubuntu-pro-upgrade-libavcodec-extra58 ubuntu-pro-upgrade-libavcodec-extra60 ubuntu-pro-upgrade-libavcodec-ffmpeg-extra56 ubuntu-pro-upgrade-libavcodec-ffmpeg56 ubuntu-pro-upgrade-libavcodec57 ubuntu-pro-upgrade-libavcodec58 ubuntu-pro-upgrade-libavcodec60 ubuntu-pro-upgrade-libavdevice-ffmpeg56 ubuntu-pro-upgrade-libavdevice57 ubuntu-pro-upgrade-libavdevice58 ubuntu-pro-upgrade-libavdevice60 ubuntu-pro-upgrade-libavfilter-extra6 ubuntu-pro-upgrade-libavfilter-extra7 ubuntu-pro-upgrade-libavfilter-extra9 ubuntu-pro-upgrade-libavfilter-ffmpeg5 ubuntu-pro-upgrade-libavfilter6 ubuntu-pro-upgrade-libavfilter7 ubuntu-pro-upgrade-libavfilter9 ubuntu-pro-upgrade-libavformat-extra ubuntu-pro-upgrade-libavformat-extra58 ubuntu-pro-upgrade-libavformat-extra60 ubuntu-pro-upgrade-libavformat-ffmpeg56 ubuntu-pro-upgrade-libavformat57 ubuntu-pro-upgrade-libavformat58 ubuntu-pro-upgrade-libavformat60 ubuntu-pro-upgrade-libavresample-ffmpeg2 ubuntu-pro-upgrade-libavresample3 ubuntu-pro-upgrade-libavresample4 ubuntu-pro-upgrade-libavutil-ffmpeg54 ubuntu-pro-upgrade-libavutil55 ubuntu-pro-upgrade-libavutil56 ubuntu-pro-upgrade-libavutil58 ubuntu-pro-upgrade-libpostproc-ffmpeg53 ubuntu-pro-upgrade-libpostproc54 ubuntu-pro-upgrade-libpostproc55 ubuntu-pro-upgrade-libpostproc57 ubuntu-pro-upgrade-libswresample-ffmpeg1 ubuntu-pro-upgrade-libswresample2 ubuntu-pro-upgrade-libswresample3 ubuntu-pro-upgrade-libswresample4 ubuntu-pro-upgrade-libswscale-ffmpeg3 ubuntu-pro-upgrade-libswscale4 ubuntu-pro-upgrade-libswscale5 ubuntu-pro-upgrade-libswscale7 References https://attackerkb.com/topics/cve-2023-49502 CVE - 2023-49502 USN-6803-1

Ubuntu: USN-6803-1 (CVE-2023-49501): FFmpeg vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/19/2024 Created 06/07/2024 Added 06/06/2024 Modified 11/15/2024 Description Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component. Solution(s) ubuntu-pro-upgrade-ffmpeg ubuntu-pro-upgrade-libavcodec-extra60 ubuntu-pro-upgrade-libavcodec60 ubuntu-pro-upgrade-libavdevice60 ubuntu-pro-upgrade-libavfilter-extra9 ubuntu-pro-upgrade-libavfilter9 ubuntu-pro-upgrade-libavformat-extra60 ubuntu-pro-upgrade-libavformat60 ubuntu-pro-upgrade-libavutil58 ubuntu-pro-upgrade-libpostproc57 ubuntu-pro-upgrade-libswresample4 ubuntu-pro-upgrade-libswscale7 References https://attackerkb.com/topics/cve-2023-49501 CVE - 2023-49501 USN-6803-1

Ubuntu: USN-6803-1 (CVE-2023-51793): FFmpeg vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/19/2024 Created 06/07/2024 Added 06/06/2024 Modified 11/15/2024 Description Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane. Solution(s) ubuntu-pro-upgrade-ffmpeg ubuntu-pro-upgrade-libavcodec-extra58 ubuntu-pro-upgrade-libavcodec-extra60 ubuntu-pro-upgrade-libavcodec58 ubuntu-pro-upgrade-libavcodec60 ubuntu-pro-upgrade-libavdevice58 ubuntu-pro-upgrade-libavdevice60 ubuntu-pro-upgrade-libavfilter-extra7 ubuntu-pro-upgrade-libavfilter-extra9 ubuntu-pro-upgrade-libavfilter7 ubuntu-pro-upgrade-libavfilter9 ubuntu-pro-upgrade-libavformat-extra ubuntu-pro-upgrade-libavformat-extra58 ubuntu-pro-upgrade-libavformat-extra60 ubuntu-pro-upgrade-libavformat58 ubuntu-pro-upgrade-libavformat60 ubuntu-pro-upgrade-libavutil56 ubuntu-pro-upgrade-libavutil58 ubuntu-pro-upgrade-libpostproc55 ubuntu-pro-upgrade-libpostproc57 ubuntu-pro-upgrade-libswresample3 ubuntu-pro-upgrade-libswresample4 ubuntu-pro-upgrade-libswscale5 ubuntu-pro-upgrade-libswscale7 References https://attackerkb.com/topics/cve-2023-51793 CVE - 2023-51793 USN-6803-1

Ubuntu: USN-6764-1 (CVE-2023-51792): libde265 vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/19/2024 Created 05/18/2024 Added 05/17/2024 Modified 11/15/2024 Description Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000. Solution(s) ubuntu-pro-upgrade-libde265-0 References https://attackerkb.com/topics/cve-2023-51792 CVE - 2023-51792 USN-6764-1

Ubuntu: USN-6803-1 (CVE-2023-51798): FFmpeg vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/19/2024 Created 06/07/2024 Added 06/06/2024 Modified 01/23/2025 Description Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate. Solution(s) ubuntu-pro-upgrade-ffmpeg ubuntu-pro-upgrade-libavcodec-extra57 ubuntu-pro-upgrade-libavcodec-extra58 ubuntu-pro-upgrade-libavcodec-extra60 ubuntu-pro-upgrade-libavcodec-ffmpeg-extra56 ubuntu-pro-upgrade-libavcodec-ffmpeg56 ubuntu-pro-upgrade-libavcodec57 ubuntu-pro-upgrade-libavcodec58 ubuntu-pro-upgrade-libavcodec60 ubuntu-pro-upgrade-libavdevice-ffmpeg56 ubuntu-pro-upgrade-libavdevice57 ubuntu-pro-upgrade-libavdevice58 ubuntu-pro-upgrade-libavdevice60 ubuntu-pro-upgrade-libavfilter-extra6 ubuntu-pro-upgrade-libavfilter-extra7 ubuntu-pro-upgrade-libavfilter-extra9 ubuntu-pro-upgrade-libavfilter-ffmpeg5 ubuntu-pro-upgrade-libavfilter6 ubuntu-pro-upgrade-libavfilter7 ubuntu-pro-upgrade-libavfilter9 ubuntu-pro-upgrade-libavformat-extra ubuntu-pro-upgrade-libavformat-extra58 ubuntu-pro-upgrade-libavformat-extra60 ubuntu-pro-upgrade-libavformat-ffmpeg56 ubuntu-pro-upgrade-libavformat57 ubuntu-pro-upgrade-libavformat58 ubuntu-pro-upgrade-libavformat60 ubuntu-pro-upgrade-libavresample-ffmpeg2 ubuntu-pro-upgrade-libavresample3 ubuntu-pro-upgrade-libavresample4 ubuntu-pro-upgrade-libavutil-ffmpeg54 ubuntu-pro-upgrade-libavutil55 ubuntu-pro-upgrade-libavutil56 ubuntu-pro-upgrade-libavutil58 ubuntu-pro-upgrade-libpostproc-ffmpeg53 ubuntu-pro-upgrade-libpostproc54 ubuntu-pro-upgrade-libpostproc55 ubuntu-pro-upgrade-libpostproc57 ubuntu-pro-upgrade-libswresample-ffmpeg1 ubuntu-pro-upgrade-libswresample2 ubuntu-pro-upgrade-libswresample3 ubuntu-pro-upgrade-libswresample4 ubuntu-pro-upgrade-libswscale-ffmpeg3 ubuntu-pro-upgrade-libswscale4 ubuntu-pro-upgrade-libswscale5 ubuntu-pro-upgrade-libswscale7 References https://attackerkb.com/topics/cve-2023-51798 CVE - 2023-51798 USN-6803-1

Amazon Linux 2023: CVE-2024-31745: Medium priority package update for libdwarf Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/19/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-2002. Reason: This candidate is a duplicate of CVE-2024-2002. Notes: All CVE users should reference CVE-2024-2002 instead of this candidate. A flaw was found in libdwarf. An attacker may use a specially-crafted file to trigger a use-after-free condition, which can potentially lead to an application crash or other unexpected behavior. Solution(s) amazon-linux-2023-upgrade-libdwarf amazon-linux-2023-upgrade-libdwarf-debuginfo amazon-linux-2023-upgrade-libdwarf-debugsource amazon-linux-2023-upgrade-libdwarf-devel amazon-linux-2023-upgrade-libdwarf-static amazon-linux-2023-upgrade-libdwarf-tools amazon-linux-2023-upgrade-libdwarf-tools-debuginfo References https://attackerkb.com/topics/cve-2024-31745 CVE - 2024-31745 https://alas.aws.amazon.com/AL2023/ALAS-2024-579.html

Microsoft Edge Chromium: CVE-2024-29987 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/19/2024 Created 04/19/2024 Added 04/19/2024 Modified 04/22/2024 Description Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-29987 CVE - 2024-29987 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29987

SUSE: CVE-2024-32650: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/19/2024 Created 05/21/2024 Added 05/20/2024 Modified 05/20/2024 Description Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11. Solution(s) suse-upgrade-git-cliff suse-upgrade-git-cliff-bash-completion suse-upgrade-git-cliff-fish-completion suse-upgrade-git-cliff-zsh-completion References https://attackerkb.com/topics/cve-2024-32650 CVE - 2024-32650

Azul Zulu: CVE-2024-21094: Vulnerability in the Hotspot component Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/19/2024 Created 04/24/2024 Added 04/19/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.Successful attacks of this vulnerability can result inunauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). Solution(s) azul-zulu-upgrade-latest References https://attackerkb.com/topics/cve-2024-21094 CVE - 2024-21094 https://www.azul.com/downloads/