ISHACK AI BOT

Oracle Linux: CVE-2024-3651: ELSA-2024-3466:python39:3.9 and python39-devel:3.9 security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 04/12/2024 Created 07/26/2024 Added 07/22/2024 Modified 01/07/2025 Description A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service. Solution(s) oracle-linux-upgrade-ansible-collection-ansible-posix oracle-linux-upgrade-ansible-collection-community-crypto oracle-linux-upgrade-ansible-collection-community-postgresql oracle-linux-upgrade-ansible-collection-mdellweg-filters oracle-linux-upgrade-ansible-collection-pulp-pulp-installer oracle-linux-upgrade-ansible-role-postgresql oracle-linux-upgrade-dumb-init oracle-linux-upgrade-ol-automation-manager oracle-linux-upgrade-ol-automation-manager-cli oracle-linux-upgrade-ol-private-automation-hub-installer oracle-linux-upgrade-pulpcore-selinux oracle-linux-upgrade-python3-11-aiodns oracle-linux-upgrade-python3-11-aiofiles oracle-linux-upgrade-python3-11-aiohttp oracle-linux-upgrade-python3-11-aiosignal oracle-linux-upgrade-python3-11-ansible-builder oracle-linux-upgrade-python3-11-ansible-compat oracle-linux-upgrade-python3-11-ansible-core oracle-linux-upgrade-python3-11-ansible-lint oracle-linux-upgrade-python3-11-asgiref oracle-linux-upgrade-python3-11-asyncio-throttle oracle-linux-upgrade-python3-11-async-lru oracle-linux-upgrade-python3-11-async-timeout oracle-linux-upgrade-python3-11-attrs oracle-linux-upgrade-python3-11-awscrt oracle-linux-upgrade-python3-11-backoff oracle-linux-upgrade-python3-11-bindep oracle-linux-upgrade-python3-11-black oracle-linux-upgrade-python3-11-bleach oracle-linux-upgrade-python3-11-bleach-allowlist oracle-linux-upgrade-python3-11-boto3 oracle-linux-upgrade-python3-11-botocore oracle-linux-upgrade-python3-11-bracex oracle-linux-upgrade-python3-11-brotli oracle-linux-upgrade-python3-11-build oracle-linux-upgrade-python3-11-certifi oracle-linux-upgrade-python3-11-cffi oracle-linux-upgrade-python3-11-charset-normalizer oracle-linux-upgrade-python3-11-click oracle-linux-upgrade-python3-11-colorama oracle-linux-upgrade-python3-11-cryptography oracle-linux-upgrade-python3-11-dateutil oracle-linux-upgrade-python3-11-defusedxml oracle-linux-upgrade-python3-11-deprecated oracle-linux-upgrade-python3-11-diff-match-patch oracle-linux-upgrade-python3-11-distro oracle-linux-upgrade-python3-11-django oracle-linux-upgrade-python3-11-django-auth-ldap oracle-linux-upgrade-python3-11-django-filter oracle-linux-upgrade-python3-11-django-guid oracle-linux-upgrade-python3-11-django-import-export oracle-linux-upgrade-python3-11-django-ipware oracle-linux-upgrade-python3-11-django-lifecycle oracle-linux-upgrade-python3-11-django-picklefield oracle-linux-upgrade-python3-11-django-prometheus oracle-linux-upgrade-python3-11-djangorestframework oracle-linux-upgrade-python3-11-djangorestframework-queryfields oracle-linux-upgrade-python3-11-drf-access-policy oracle-linux-upgrade-python3-11-drf-nested-routers oracle-linux-upgrade-python3-11-drf-spectacular oracle-linux-upgrade-python3-11-dynaconf oracle-linux-upgrade-python3-11-et-xmlfile oracle-linux-upgrade-python3-11-filelock oracle-linux-upgrade-python3-11-flake8 oracle-linux-upgrade-python3-11-frozenlist oracle-linux-upgrade-python3-11-future oracle-linux-upgrade-python3-11-galaxy-importer oracle-linux-upgrade-python3-11-galaxy-ng oracle-linux-upgrade-python3-11-gitdb oracle-linux-upgrade-python3-11-gitpython oracle-linux-upgrade-python3-11-gnupg oracle-linux-upgrade-python3-11-googleapis-common-protos oracle-linux-upgrade-python3-11-grpcio oracle-linux-upgrade-python3-11-gunicorn oracle-linux-upgrade-python3-11-idna oracle-linux-upgrade-python3-11-importlib-metadata oracle-linux-upgrade-python3-11-inflection oracle-linux-upgrade-python3-11-insights-analytics-collector oracle-linux-upgrade-python3-11-jinja2 oracle-linux-upgrade-python3-11-jmespath oracle-linux-upgrade-python3-11-jsonschema oracle-linux-upgrade-python3-11-ldap oracle-linux-upgrade-python3-11-markdown oracle-linux-upgrade-python3-11-markdown-it-py oracle-linux-upgrade-python3-11-markuppy oracle-linux-upgrade-python3-11-markupsafe oracle-linux-upgrade-python3-11-marshmallow oracle-linux-upgrade-python3-11-mccabe oracle-linux-upgrade-python3-11-mdurl oracle-linux-upgrade-python3-11-multidict oracle-linux-upgrade-python3-11-mypy-extensions oracle-linux-upgrade-python3-11-naya oracle-linux-upgrade-python3-11-oauthlib oracle-linux-upgrade-python3-11-odfpy oracle-linux-upgrade-python311-olamkit oracle-linux-upgrade-python3-11-openpyxl oracle-linux-upgrade-python3-11-opentelemetry-api oracle-linux-upgrade-python3-11-opentelemetry-distro oracle-linux-upgrade-python3-11-opentelemetry-exporter-otlp oracle-linux-upgrade-python3-11-opentelemetry-exporter-otlp-proto-common oracle-linux-upgrade-python3-11-opentelemetry-exporter-otlp-proto-grpc oracle-linux-upgrade-python3-11-opentelemetry-exporter-otlp-proto-http oracle-linux-upgrade-python3-11-opentelemetry-instrumentation oracle-linux-upgrade-python3-11-opentelemetry-instrumentation-django oracle-linux-upgrade-python3-11-opentelemetry-instrumentation-wsgi oracle-linux-upgrade-python3-11-opentelemetry-proto oracle-linux-upgrade-python3-11-opentelemetry-sdk oracle-linux-upgrade-python3-11-opentelemetry-semantic-conventions oracle-linux-upgrade-python3-11-opentelemetry-util-http oracle-linux-upgrade-python3-11-packaging oracle-linux-upgrade-python3-11-parsley oracle-linux-upgrade-python3-11-pathspec oracle-linux-upgrade-python3-11-pbr oracle-linux-upgrade-python3-11-pillow oracle-linux-upgrade-python3-11-pipdeptree oracle-linux-upgrade-python3-11-pip-tools oracle-linux-upgrade-python3-11-platformdirs oracle-linux-upgrade-python3-11-prometheus-client oracle-linux-upgrade-python3-11-protobuf oracle-linux-upgrade-python3-11-psycopg oracle-linux-upgrade-python3-11-psycopg-c oracle-linux-upgrade-python3-11-psycopg-pool oracle-linux-upgrade-python3-11-pulp-ansible oracle-linux-upgrade-python3-11-pulp-container oracle-linux-upgrade-python3-11-pulpcore oracle-linux-upgrade-python3-11-pulp-glue oracle-linux-upgrade-python3-11-pyasn1 oracle-linux-upgrade-python3-11-pyasn1-modules oracle-linux-upgrade-python3-11-pycares oracle-linux-upgrade-python3-11-pycodestyle oracle-linux-upgrade-python3-11-pycparser oracle-linux-upgrade-python3-11-pycryptodomex oracle-linux-upgrade-python3-11-pyflakes oracle-linux-upgrade-python3-11-pygments oracle-linux-upgrade-python3-11-pygtrie oracle-linux-upgrade-python3-11-pyjwkest oracle-linux-upgrade-python3-11-pyjwt oracle-linux-upgrade-python3-11-pyparsing oracle-linux-upgrade-python3-11-pyproject-hooks oracle-linux-upgrade-python3-11-pyrsistent oracle-linux-upgrade-python3-11-python3-openid oracle-linux-upgrade-python3-11-pytz oracle-linux-upgrade-python3-11-pyyaml oracle-linux-upgrade-python3-11-redis oracle-linux-upgrade-python3-11-requests oracle-linux-upgrade-python3-11-requests-oauthlib oracle-linux-upgrade-python3-11-requirements-parser oracle-linux-upgrade-python3-11-resolvelib oracle-linux-upgrade-python3-11-rich oracle-linux-upgrade-python3-11-ruamel-yaml oracle-linux-upgrade-python3-11-ruamel-yaml-clib oracle-linux-upgrade-python3-11-s3transfer oracle-linux-upgrade-python3-11-semantic-version oracle-linux-upgrade-python3-11-setproctitle oracle-linux-upgrade-python3-11-setuptools-scm oracle-linux-upgrade-python3-11-six oracle-linux-upgrade-python3-11-smmap oracle-linux-upgrade-python3-11-social-auth-app-django oracle-linux-upgrade-python3-11-social-auth-core oracle-linux-upgrade-python3-11-sqlparse oracle-linux-upgrade-python3-11-subprocess-tee oracle-linux-upgrade-python3-11-tablib oracle-linux-upgrade-python3-11-tomli oracle-linux-upgrade-python3-11-types-cryptography oracle-linux-upgrade-python3-11-types-setuptools oracle-linux-upgrade-python3-11-typing-extensions oracle-linux-upgrade-python3-11-uritemplate oracle-linux-upgrade-python3-11-urllib3 oracle-linux-upgrade-python3-11-url-normalize oracle-linux-upgrade-python3-11-uuid6 oracle-linux-upgrade-python3-11-wcmatch oracle-linux-upgrade-python3-11-webencodings oracle-linux-upgrade-python3-11-websockets oracle-linux-upgrade-python3-11-whitenoise oracle-linux-upgrade-python3-11-wrapt oracle-linux-upgrade-python3-11-xlrd oracle-linux-upgrade-python3-11-xlwt oracle-linux-upgrade-python3-11-yamllint oracle-linux-upgrade-python3-11-yarl oracle-linux-upgrade-python3-11-zipp oracle-linux-upgrade-python39 oracle-linux-upgrade-python39-cffi oracle-linux-upgrade-python39-chardet oracle-linux-upgrade-python39-cryptography oracle-linux-upgrade-python39-debug oracle-linux-upgrade-python39-devel oracle-linux-upgrade-python39-idle oracle-linux-upgrade-python39-idna oracle-linux-upgrade-python39-libs oracle-linux-upgrade-python39-lxml oracle-linux-upgrade-python39-mod-wsgi oracle-linux-upgrade-python39-numpy oracle-linux-upgrade-python39-numpy-doc oracle-linux-upgrade-python39-numpy-f2py oracle-linux-upgrade-python39-pip oracle-linux-upgrade-python39-pip-wheel oracle-linux-upgrade-python39-ply oracle-linux-upgrade-python39-psutil oracle-linux-upgrade-python39-psycopg2 oracle-linux-upgrade-python39-psycopg2-doc oracle-linux-upgrade-python39-psycopg2-tests oracle-linux-upgrade-python39-pycparser oracle-linux-upgrade-python39-pymysql oracle-linux-upgrade-python39-pysocks oracle-linux-upgrade-python39-pyyaml oracle-linux-upgrade-python39-requests oracle-linux-upgrade-python39-rpm-macros oracle-linux-upgrade-python39-scipy oracle-linux-upgrade-python39-setuptools oracle-linux-upgrade-python39-setuptools-wheel oracle-linux-upgrade-python39-six oracle-linux-upgrade-python39-test oracle-linux-upgrade-python39-tkinter oracle-linux-upgrade-python39-toml oracle-linux-upgrade-python39-urllib3 oracle-linux-upgrade-python39-wheel oracle-linux-upgrade-python39-wheel-wheel oracle-linux-upgrade-python3-idna oracle-linux-upgrade-python-dateutil-doc oracle-linux-upgrade-python-idna oracle-linux-upgrade-python-pip-tools-doc oracle-linux-upgrade-receptor oracle-linux-upgrade-supervisor References https://attackerkb.com/topics/cve-2024-3651 CVE - 2024-3651 ELSA-2024-3466 ELSA-2024-3846 ELSA-2024-4260 ELSA-2024-8365 ELSA-2024-12803

Alpine Linux: CVE-2024-32019: Untrusted Search Path Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/12/2024 Created 08/23/2024 Added 08/22/2024 Modified 08/23/2024 Description Netdata is an open source observability tool. In affected versions the `ndsudo` tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The `ndsudo` tool is packaged as a `root`-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the `PATH` environment variable. This allows an attacker to control where `ndsudo` looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) alpine-linux-upgrade-netdata References https://attackerkb.com/topics/cve-2024-32019 CVE - 2024-32019 https://security.alpinelinux.org/vuln/CVE-2024-32019

Amazon Linux 2023: CVE-2024-2756: Important priority package update for php8.1 (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 04/12/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Due to an incomplete fix toCVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser. Solution(s) amazon-linux-2023-upgrade-php8-1 amazon-linux-2023-upgrade-php8-1-bcmath amazon-linux-2023-upgrade-php8-1-bcmath-debuginfo amazon-linux-2023-upgrade-php8-1-cli amazon-linux-2023-upgrade-php8-1-cli-debuginfo amazon-linux-2023-upgrade-php8-1-common amazon-linux-2023-upgrade-php8-1-common-debuginfo amazon-linux-2023-upgrade-php8-1-dba amazon-linux-2023-upgrade-php8-1-dba-debuginfo amazon-linux-2023-upgrade-php8-1-dbg amazon-linux-2023-upgrade-php8-1-dbg-debuginfo amazon-linux-2023-upgrade-php8-1-debuginfo amazon-linux-2023-upgrade-php8-1-debugsource amazon-linux-2023-upgrade-php8-1-devel amazon-linux-2023-upgrade-php8-1-embedded amazon-linux-2023-upgrade-php8-1-embedded-debuginfo amazon-linux-2023-upgrade-php8-1-enchant amazon-linux-2023-upgrade-php8-1-enchant-debuginfo amazon-linux-2023-upgrade-php8-1-ffi amazon-linux-2023-upgrade-php8-1-ffi-debuginfo amazon-linux-2023-upgrade-php8-1-fpm amazon-linux-2023-upgrade-php8-1-fpm-debuginfo amazon-linux-2023-upgrade-php8-1-gd amazon-linux-2023-upgrade-php8-1-gd-debuginfo amazon-linux-2023-upgrade-php8-1-gmp amazon-linux-2023-upgrade-php8-1-gmp-debuginfo amazon-linux-2023-upgrade-php8-1-intl amazon-linux-2023-upgrade-php8-1-intl-debuginfo amazon-linux-2023-upgrade-php8-1-ldap amazon-linux-2023-upgrade-php8-1-ldap-debuginfo amazon-linux-2023-upgrade-php8-1-mbstring amazon-linux-2023-upgrade-php8-1-mbstring-debuginfo amazon-linux-2023-upgrade-php8-1-mysqlnd amazon-linux-2023-upgrade-php8-1-mysqlnd-debuginfo amazon-linux-2023-upgrade-php8-1-odbc amazon-linux-2023-upgrade-php8-1-odbc-debuginfo amazon-linux-2023-upgrade-php8-1-opcache amazon-linux-2023-upgrade-php8-1-opcache-debuginfo amazon-linux-2023-upgrade-php8-1-pdo amazon-linux-2023-upgrade-php8-1-pdo-debuginfo amazon-linux-2023-upgrade-php8-1-pgsql amazon-linux-2023-upgrade-php8-1-pgsql-debuginfo amazon-linux-2023-upgrade-php8-1-process amazon-linux-2023-upgrade-php8-1-process-debuginfo amazon-linux-2023-upgrade-php8-1-pspell amazon-linux-2023-upgrade-php8-1-pspell-debuginfo amazon-linux-2023-upgrade-php8-1-snmp amazon-linux-2023-upgrade-php8-1-snmp-debuginfo amazon-linux-2023-upgrade-php8-1-soap amazon-linux-2023-upgrade-php8-1-soap-debuginfo amazon-linux-2023-upgrade-php8-1-tidy amazon-linux-2023-upgrade-php8-1-tidy-debuginfo amazon-linux-2023-upgrade-php8-1-xml amazon-linux-2023-upgrade-php8-1-xml-debuginfo amazon-linux-2023-upgrade-php8-1-zip amazon-linux-2023-upgrade-php8-1-zip-debuginfo amazon-linux-2023-upgrade-php8-2 amazon-linux-2023-upgrade-php8-2-bcmath amazon-linux-2023-upgrade-php8-2-bcmath-debuginfo amazon-linux-2023-upgrade-php8-2-cli amazon-linux-2023-upgrade-php8-2-cli-debuginfo amazon-linux-2023-upgrade-php8-2-common amazon-linux-2023-upgrade-php8-2-common-debuginfo amazon-linux-2023-upgrade-php8-2-dba amazon-linux-2023-upgrade-php8-2-dba-debuginfo amazon-linux-2023-upgrade-php8-2-dbg amazon-linux-2023-upgrade-php8-2-dbg-debuginfo amazon-linux-2023-upgrade-php8-2-debuginfo amazon-linux-2023-upgrade-php8-2-debugsource amazon-linux-2023-upgrade-php8-2-devel amazon-linux-2023-upgrade-php8-2-embedded amazon-linux-2023-upgrade-php8-2-embedded-debuginfo amazon-linux-2023-upgrade-php8-2-enchant amazon-linux-2023-upgrade-php8-2-enchant-debuginfo amazon-linux-2023-upgrade-php8-2-ffi amazon-linux-2023-upgrade-php8-2-ffi-debuginfo amazon-linux-2023-upgrade-php8-2-fpm amazon-linux-2023-upgrade-php8-2-fpm-debuginfo amazon-linux-2023-upgrade-php8-2-gd amazon-linux-2023-upgrade-php8-2-gd-debuginfo amazon-linux-2023-upgrade-php8-2-gmp amazon-linux-2023-upgrade-php8-2-gmp-debuginfo amazon-linux-2023-upgrade-php8-2-intl amazon-linux-2023-upgrade-php8-2-intl-debuginfo amazon-linux-2023-upgrade-php8-2-ldap amazon-linux-2023-upgrade-php8-2-ldap-debuginfo amazon-linux-2023-upgrade-php8-2-mbstring amazon-linux-2023-upgrade-php8-2-mbstring-debuginfo amazon-linux-2023-upgrade-php8-2-mysqlnd amazon-linux-2023-upgrade-php8-2-mysqlnd-debuginfo amazon-linux-2023-upgrade-php8-2-odbc amazon-linux-2023-upgrade-php8-2-odbc-debuginfo amazon-linux-2023-upgrade-php8-2-opcache amazon-linux-2023-upgrade-php8-2-opcache-debuginfo amazon-linux-2023-upgrade-php8-2-pdo amazon-linux-2023-upgrade-php8-2-pdo-debuginfo amazon-linux-2023-upgrade-php8-2-pgsql amazon-linux-2023-upgrade-php8-2-pgsql-debuginfo amazon-linux-2023-upgrade-php8-2-process amazon-linux-2023-upgrade-php8-2-process-debuginfo amazon-linux-2023-upgrade-php8-2-pspell amazon-linux-2023-upgrade-php8-2-pspell-debuginfo amazon-linux-2023-upgrade-php8-2-snmp amazon-linux-2023-upgrade-php8-2-snmp-debuginfo amazon-linux-2023-upgrade-php8-2-soap amazon-linux-2023-upgrade-php8-2-soap-debuginfo amazon-linux-2023-upgrade-php8-2-sodium amazon-linux-2023-upgrade-php8-2-sodium-debuginfo amazon-linux-2023-upgrade-php8-2-tidy amazon-linux-2023-upgrade-php8-2-tidy-debuginfo amazon-linux-2023-upgrade-php8-2-xml amazon-linux-2023-upgrade-php8-2-xml-debuginfo amazon-linux-2023-upgrade-php8-2-zip amazon-linux-2023-upgrade-php8-2-zip-debuginfo References https://attackerkb.com/topics/cve-2024-2756 CVE - 2024-2756 https://alas.aws.amazon.com/AL2023/ALAS-2024-612.html https://alas.aws.amazon.com/AL2023/ALAS-2024-624.html

Red Hat: CVE-2024-3651: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 04/12/2024 Created 05/31/2024 Added 05/30/2024 Modified 09/03/2024 Description A vulnerability was identified in the kjd/idna library, specifically within the `idna.encode()` function, affecting version 3.6. The issue arises from the function's handling of crafted input strings, which can lead to quadratic complexity and consequently, a denial of service condition. This vulnerability is triggered by a crafted input that causes the `idna.encode()` function to process the input with considerable computational load, significantly increasing the processing time in a quadratic manner relative to the input size. Solution(s) redhat-upgrade-cython-debugsource redhat-upgrade-numpy-debugsource redhat-upgrade-python-cffi-debugsource redhat-upgrade-python-cryptography-debugsource redhat-upgrade-python-lxml-debugsource redhat-upgrade-python-psutil-debugsource redhat-upgrade-python-psycopg2-debugsource redhat-upgrade-python3-idna redhat-upgrade-python39 redhat-upgrade-python39-attrs redhat-upgrade-python39-cffi redhat-upgrade-python39-cffi-debuginfo redhat-upgrade-python39-chardet redhat-upgrade-python39-cryptography redhat-upgrade-python39-cryptography-debuginfo redhat-upgrade-python39-cython redhat-upgrade-python39-cython-debuginfo redhat-upgrade-python39-debug redhat-upgrade-python39-debuginfo redhat-upgrade-python39-debugsource redhat-upgrade-python39-devel redhat-upgrade-python39-idle redhat-upgrade-python39-idna redhat-upgrade-python39-iniconfig redhat-upgrade-python39-libs redhat-upgrade-python39-lxml redhat-upgrade-python39-lxml-debuginfo redhat-upgrade-python39-mod_wsgi redhat-upgrade-python39-more-itertools redhat-upgrade-python39-numpy redhat-upgrade-python39-numpy-debuginfo redhat-upgrade-python39-numpy-doc redhat-upgrade-python39-numpy-f2py redhat-upgrade-python39-packaging redhat-upgrade-python39-pip redhat-upgrade-python39-pip-wheel redhat-upgrade-python39-pluggy redhat-upgrade-python39-ply redhat-upgrade-python39-psutil redhat-upgrade-python39-psutil-debuginfo redhat-upgrade-python39-psycopg2 redhat-upgrade-python39-psycopg2-debuginfo redhat-upgrade-python39-psycopg2-doc redhat-upgrade-python39-psycopg2-tests redhat-upgrade-python39-py redhat-upgrade-python39-pybind11 redhat-upgrade-python39-pybind11-devel redhat-upgrade-python39-pycparser redhat-upgrade-python39-pymysql redhat-upgrade-python39-pyparsing redhat-upgrade-python39-pysocks redhat-upgrade-python39-pytest redhat-upgrade-python39-pyyaml redhat-upgrade-python39-pyyaml-debuginfo redhat-upgrade-python39-requests redhat-upgrade-python39-rpm-macros redhat-upgrade-python39-scipy redhat-upgrade-python39-scipy-debuginfo redhat-upgrade-python39-setuptools redhat-upgrade-python39-setuptools-wheel redhat-upgrade-python39-six redhat-upgrade-python39-test redhat-upgrade-python39-tkinter redhat-upgrade-python39-toml redhat-upgrade-python39-urllib3 redhat-upgrade-python39-wcwidth redhat-upgrade-python39-wheel redhat-upgrade-python39-wheel-wheel redhat-upgrade-pyyaml-debugsource redhat-upgrade-scipy-debugsource References CVE-2024-3651 RHSA-2024:3466 RHSA-2024:3543 RHSA-2024:3846 RHSA-2024:4260

Red Hat: CVE-2024-3652: libreswan: IKEv1 default AH/ESP responder can crash and restart (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 04/11/2024 Created 06/26/2024 Added 06/26/2024 Modified 09/03/2024 Description The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. Solution(s) redhat-upgrade-libreswan redhat-upgrade-libreswan-debuginfo redhat-upgrade-libreswan-debugsource References CVE-2024-3652 RHSA-2024:4050 RHSA-2024:4200 RHSA-2024:4376 RHSA-2024:4431

Google Chrome Vulnerability: CVE-2024-3515 Use after free in Dawn Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/11/2024 Created 04/11/2024 Added 04/11/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-3515 CVE - 2024-3515

Huawei EulerOS: CVE-2023-29483: python-dns security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2024 Created 01/15/2025 Added 01/14/2025 Modified 01/14/2025 Description eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. Solution(s) huawei-euleros-2_0_sp10-upgrade-python3-dns References https://attackerkb.com/topics/cve-2023-29483 CVE - 2023-29483 EulerOS-SA-2025-1028

Red Hat OpenShift: CVE-2024-3652: libreswan: IKEv1 default AH/ESP responder can crash and restart Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2024 Created 01/11/2025 Added 01/10/2025 Modified 01/10/2025 Description The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. Solution(s) linuxrpm-upgrade-libreswan References https://attackerkb.com/topics/cve-2024-3652 CVE - 2024-3652 RHSA-2024:4050 RHSA-2024:4200 RHSA-2024:4376 RHSA-2024:4377 RHSA-2024:4417 RHSA-2024:4431 View more

Red Hat OpenShift: CVE-2023-29483: dnspython: denial of service in stub resolver Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2024 Created 06/28/2024 Added 06/28/2024 Modified 11/13/2024 Description eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. Solution(s) linuxrpm-upgrade-python-eventlet References https://attackerkb.com/topics/cve-2023-29483 CVE - 2023-29483 RHSA-2024:0045 RHSA-2024:3275 RHSA-2024:3483 RHSA-2024:4699 RHSA-2024:4846 RHSA-2024:4960 RHSA-2024:9423 View more

SUSE: CVE-2023-29483: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2024 Created 07/27/2024 Added 07/26/2024 Modified 07/31/2024 Description eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. Solution(s) suse-upgrade-python-dnspython suse-upgrade-python3-dnspython suse-upgrade-python311-dnspython References https://attackerkb.com/topics/cve-2023-29483 CVE - 2023-29483

Alpine Linux: CVE-2024-3652: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/01/2024 Description The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. Solution(s) alpine-linux-upgrade-libreswan References https://attackerkb.com/topics/cve-2024-3652 CVE - 2024-3652 https://security.alpinelinux.org/vuln/CVE-2024-3652

Alma Linux: CVE-2024-3652: Moderate: libreswan security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2024 Created 06/26/2024 Added 06/26/2024 Modified 09/18/2024 Description The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. Solution(s) alma-upgrade-libreswan References https://attackerkb.com/topics/cve-2024-3652 CVE - 2024-3652 https://errata.almalinux.org/8/ALSA-2024-4376.html https://errata.almalinux.org/9/ALSA-2024-4050.html

Red Hat: CVE-2023-29483: dnspython: denial of service in stub resolver (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 04/11/2024 Created 05/24/2024 Added 05/23/2024 Modified 11/13/2024 Description eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. Solution(s) redhat-upgrade-python3-dns References CVE-2023-29483 RHSA-2024:3275 RHSA-2024:9423

Huawei EulerOS: CVE-2023-29483: python-dns security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. Solution(s) huawei-euleros-2_0_sp12-upgrade-python3-dns References https://attackerkb.com/topics/cve-2023-29483 CVE - 2023-29483 EulerOS-SA-2024-2538

Alma Linux: CVE-2023-29483: Moderate: python-dns security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2024 Created 06/01/2024 Added 05/31/2024 Modified 11/19/2024 Description eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. Solution(s) alma-upgrade-python3-dns References https://attackerkb.com/topics/cve-2023-29483 CVE - 2023-29483 https://errata.almalinux.org/8/ALSA-2024-3275.html https://errata.almalinux.org/9/ALSA-2024-9423.html

Google Chrome Vulnerability: CVE-2024-3516 Heap buffer overflow in ANGLE Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/11/2024 Created 04/11/2024 Added 04/11/2024 Modified 01/28/2025 Description Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2024-3516 CVE - 2024-3516

Rocky Linux: CVE-2024-3652: libreswan (RLSA-2024-4050) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2024 Created 07/03/2024 Added 07/03/2024 Modified 11/18/2024 Description The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected. Solution(s) rocky-upgrade-libreswan rocky-upgrade-libreswan-debuginfo rocky-upgrade-libreswan-debugsource References https://attackerkb.com/topics/cve-2024-3652 CVE - 2024-3652 https://errata.rockylinux.org/RLSA-2024:4050

Huawei EulerOS: CVE-2023-29483: python-dns security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/11/2024 Created 10/10/2024 Added 10/09/2024 Modified 10/09/2024 Description eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1. Solution(s) huawei-euleros-2_0_sp11-upgrade-python3-dns References https://attackerkb.com/topics/cve-2023-29483 CVE - 2023-29483 EulerOS-SA-2024-2590

Juniper Junos OS: 2024-04 Security Bulletin: Junos OS: SRX 5000 Series with SPC2: Processing of specific crafted packets when ALG is enabled causes a transit traffic Denial of Service (JSA79105) (CVE-2024-30405) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/10/2024 Created 04/11/2024 Added 04/11/2024 Modified 01/28/2025 Description An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. *All versions earlier than 21.2R3-S7; *21.4 versions earlier than 21.4R3-S6; *22.1 versions earlier than 22.1R3-S5; *22.2 versions earlier than 22.2R3-S3; *22.3 versions earlier than 22.3R3-S2; *22.4 versions earlier than 22.4R3; *23.2 versions earlier than 23.2R2. Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2024-30405 CVE - 2024-30405 JSA79105

Juniper Junos OS: 2024-04 Security Bulletin: Junos OS: SRX4600 Series: A high amount of specific traffic causes packet drops and an eventual PFE crash (JSA79176) (CVE-2024-30398) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/10/2024 Created 04/11/2024 Added 04/11/2024 Modified 01/28/2025 Description An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state. This issue affects Junos OS: *21.2 before 21.2R3-S7, *21.4 before 21.4R3-S6, *22.1 before 22.1R3-S5, *22.2 before 22.2R3-S3, *22.3 before 22.3R3-S2, *22.4 before 22.4R3, *23.2 before 23.2R1-S2, 23.2R2. Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2024-30398 CVE - 2024-30398 JSA79176

Microsoft Edge Chromium: CVE-2024-3515 Use after free in Dawn Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/10/2024 Created 04/15/2024 Added 04/15/2024 Modified 01/28/2025 Description Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-3515 CVE - 2024-3515 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3515

Juniper Junos OS: 2024-04 Security Bulletin: Junos OS and Junos OS Evolved: In a EVPN-VXLAN scenario state changes on adjacent systems can cause an l2ald process crash (JSA79184) (CVE-2024-30386) Severity 6 CVSS (AV:A/AC:M/Au:N/C:N/I:N/A:C) Published 04/10/2024 Created 04/11/2024 Added 04/11/2024 Modified 01/28/2025 Description A Use-After-Free vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause l2ald to crash leading to a Denial-of-Service (DoS). In an EVPN-VXLAN scenario, when state updates are received and processed by the affected system, the correct order of some processing steps is not ensured, which can lead to an l2ald crash and restart. Whether the crash occurs depends on system internal timing which is outside the attackers control. This issue affects: Junos OS: *All versions before 20.4R3-S8, *21.2 versions before 21.2R3-S6, *21.3 versions before 21.3R3-S5, *21.4 versions before 21.4R3-S4, *22.1 versions before 22.1R3-S3, *22.2 versions before 22.2R3-S1, *22.3 versions before 22.3R3,, *22.4 versions before 22.4R2; Junos OS Evolved: *All versions before 20.4R3-S8-EVO, *21.2-EVO versions before 21.2R3-S6-EVO, *21.3-EVO versions before 21.3R3-S5-EVO, *21.4-EVO versions before 21.4R3-S4-EVO, *22.1-EVO versions before 22.1R3-S3-EVO, *22.2-EVO versions before 22.2R3-S1-EVO, *22.3-EVO versions before 22.3R3-EVO, *22.4-EVO versions before 22.4R2-EVO. Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2024-30386 CVE - 2024-30386 JSA79184

Microsoft Edge Chromium: CVE-2024-3157 Out of bounds write in Compositing Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/10/2024 Created 04/15/2024 Added 04/15/2024 Modified 01/28/2025 Description Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-3157 CVE - 2024-3157 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-3157

Juniper Junos OS: 2024-04 Security Bulletin: Junos OS: MX Series with MPC10, MPC11, LC9600, and MX304: A specific MPLS packet will cause a PFE crash (JSA75732) (CVE-2024-21593) Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 04/10/2024 Created 04/11/2024 Added 04/11/2024 Modified 01/28/2025 Description An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition. Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue. This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304. This issue affects: Juniper Networks Junos OS 21.4 versions from 21.4R3 earlier than 21.4R3-S5; 22.2 versions from 22.2R2 earlier than 22.2R3-S2; 22.3 versions from 22.3R1 earlier than 22.3R2-S2; 22.3 versions from 22.3R3 earlier than 22.3R3-S1 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3; 23.2 versions earlier than 23.2R1-S1, 23.2R2. Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2024-21593 CVE - 2024-21593 JSA75732

Huawei EulerOS: CVE-2021-47183: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 04/10/2024 Created 10/10/2024 Added 10/09/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL pointer dereference. Driver unload requests may hang with repeated "2878" log messages. The Link down processing results in ABTS requests for outstanding ELS requests. The Abort WQEs are sent for the ELSs before the driver had set the link state to down. Thus the driver is sending the Abort with the expectation that an ABTS will be sent on the wire. The Abort request is stalled waiting for the link to come up. In some conditions the driver may auto-complete the ELSs thus if the link does come up, the Abort completions may reference an invalid structure. Fix by ensuring that Abort set the flag to avoid link traffic if issued due to conditions where the link failed. Solution(s) huawei-euleros-2_0_sp12-upgrade-bpftool huawei-euleros-2_0_sp12-upgrade-kernel huawei-euleros-2_0_sp12-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp12-upgrade-kernel-tools huawei-euleros-2_0_sp12-upgrade-kernel-tools-libs huawei-euleros-2_0_sp12-upgrade-python3-perf References https://attackerkb.com/topics/cve-2021-47183 CVE - 2021-47183 EulerOS-SA-2024-2544