ISHACK AI BOT

Debian: CVE-2021-47147: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix a resource leak in an error handling path If an error occurs after a successful 'pci_ioremap_bar()' call, it must be undone by a corresponding 'pci_iounmap()' call, as already done in the remove function. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47147 CVE - 2021-47147

Huawei EulerOS: CVE-2024-30204: emacs security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 10/09/2024 Added 10/08/2024 Modified 10/14/2024 Description In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. Solution(s) huawei-euleros-2_0_sp12-upgrade-emacs-filesystem References https://attackerkb.com/topics/cve-2024-30204 CVE - 2024-30204 EulerOS-SA-2024-2234

Debian: CVE-2021-47177: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47177 CVE - 2021-47177

Debian: CVE-2021-47138: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the register can lead to out-of-bound memory access. So, fix by using the saved server TID base when clearing filters. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47138 CVE - 2021-47138

Debian: CVE-2021-47153: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of-range memory access. This condition was reproduced several times by syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 So disable interrupts while trying to reset the bus. Interrupts will be enabled again for the following transaction. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47153 CVE - 2021-47153

Debian: CVE-2021-47163: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In the Linux kernel, the following vulnerability has been resolved: tipc: wait and exit until all work queues are done On some host, a crash could be triggered simply by repeating these commands several times: # modprobe tipc # tipc bearer enable media udp name UDP1 localip 127.0.0.1 # rmmod tipc [] BUG: unable to handle kernel paging request at ffffffffc096bb00 [] Workqueue: events 0xffffffffc096bb00 [] Call Trace: []? process_one_work+0x1a7/0x360 []? worker_thread+0x30/0x390 []? create_worker+0x1a0/0x1a0 []? kthread+0x116/0x130 []? kthread_flush_work_fn+0x10/0x10 []? ret_from_fork+0x35/0x40 When removing the TIPC module, the UDP tunnel sock will be delayed to release in a work queue as sock_release() can't be done in rtnl_lock(). If the work queue is schedule to run after the TIPC module is removed, kernel will crash as the work queue function cleanup_beareri() code no longer exists when trying to invoke it. To fix it, this patch introduce a member wq_count in tipc_net to track the numbers of work queues in schedule, andwait and exit until all work queues are done in tipc_exit_net(). Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2021-47163 CVE - 2021-47163

Debian: CVE-2024-30205: emacs, org-mode -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 05/01/2024 Added 05/01/2024 Modified 05/01/2024 Description In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. Solution(s) debian-upgrade-emacs debian-upgrade-org-mode References https://attackerkb.com/topics/cve-2024-30205 CVE - 2024-30205 DLA-3801-1 DLA-3802-1

Huawei EulerOS: CVE-2021-47153: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/16/2024 Added 07/16/2024 Modified 07/16/2024 Description In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of-range memory access. This condition was reproduced several times by syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 So disable interrupts while trying to reset the bus. Interrupts will be enabled again for the following transaction. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2021-47153 CVE - 2021-47153 EulerOS-SA-2024-1911

Debian: CVE-2024-29025: netty -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 06/24/2024 Added 06/24/2024 Modified 06/24/2024 Description Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final. Solution(s) debian-upgrade-netty References https://attackerkb.com/topics/cve-2024-29025 CVE - 2024-29025 DLA-3834-1

Debian: CVE-2024-30202: emacs, org-mode -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/25/2024 Created 07/31/2024 Added 07/30/2024 Modified 07/30/2024 Description In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. Solution(s) debian-upgrade-emacs debian-upgrade-org-mode References https://attackerkb.com/topics/cve-2024-30202 CVE - 2024-30202

Debian: CVE-2024-28835: gnutls28 -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 07/31/2024 Added 07/30/2024 Modified 09/06/2024 Description A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. Solution(s) debian-upgrade-gnutls28 References https://attackerkb.com/topics/cve-2024-28835 CVE - 2024-28835 DLA-3875-1

Debian: CVE-2023-52620: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 05/08/2024 Added 05/08/2024 Modified 07/03/2024 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-52620 CVE - 2023-52620 DSA-5681-1

Huawei EulerOS: CVE-2023-52620: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 06/26/2024 Added 06/26/2024 Modified 11/11/2024 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-52620 CVE - 2023-52620 EulerOS-SA-2024-1837

Huawei EulerOS: CVE-2023-52620: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 07/16/2024 Added 07/16/2024 Modified 12/12/2024 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-52620 CVE - 2023-52620 EulerOS-SA-2024-1911

Debian: CVE-2024-26643: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 04/15/2024 Added 04/15/2024 Modified 07/03/2024 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on transaction abort"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2024-26643 CVE - 2024-26643 DSA-5658-1

Amazon Linux 2023: CVE-2023-52620: Medium priority package update for kernel (Multiple Advisories) Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:P) Published 03/21/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. A vulnerability was found in netfilter/nf_tables componets of Linux Kernel allows an userspace to set timeouts for anonymous sets, which are not intended to be used this way. This could lead to unexpected behaviour or security issues. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-82-99-168 amazon-linux-2023-upgrade-kernel-modules-extra amazon-linux-2023-upgrade-kernel-modules-extra-common amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-52620 CVE - 2023-52620 https://alas.aws.amazon.com/AL2023/ALAS-2024-603.html https://alas.aws.amazon.com/AL2023/ALAS-2024-784.html

Amazon Linux 2023: CVE-2024-28835: Medium priority package update for gnutls Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/21/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. Solution(s) amazon-linux-2023-upgrade-gnutls amazon-linux-2023-upgrade-gnutls-c amazon-linux-2023-upgrade-gnutls-c-debuginfo amazon-linux-2023-upgrade-gnutls-dane amazon-linux-2023-upgrade-gnutls-dane-debuginfo amazon-linux-2023-upgrade-gnutls-debuginfo amazon-linux-2023-upgrade-gnutls-debugsource amazon-linux-2023-upgrade-gnutls-devel amazon-linux-2023-upgrade-gnutls-utils amazon-linux-2023-upgrade-gnutls-utils-debuginfo References https://attackerkb.com/topics/cve-2024-28835 CVE - 2024-28835 https://alas.aws.amazon.com/AL2023/ALAS-2024-591.html

Amazon Linux 2023: CVE-2024-28834: Medium priority package update for gnutls Severity 5 CVSS (AV:N/AC:H/Au:S/C:C/I:N/A:N) Published 03/21/2024 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. Solution(s) amazon-linux-2023-upgrade-gnutls amazon-linux-2023-upgrade-gnutls-c amazon-linux-2023-upgrade-gnutls-c-debuginfo amazon-linux-2023-upgrade-gnutls-dane amazon-linux-2023-upgrade-gnutls-dane-debuginfo amazon-linux-2023-upgrade-gnutls-debuginfo amazon-linux-2023-upgrade-gnutls-debugsource amazon-linux-2023-upgrade-gnutls-devel amazon-linux-2023-upgrade-gnutls-utils amazon-linux-2023-upgrade-gnutls-utils-debuginfo References https://attackerkb.com/topics/cve-2024-28834 CVE - 2024-28834 https://alas.aws.amazon.com/AL2023/ALAS-2024-591.html

Alma Linux: CVE-2023-52620: Moderate: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 06/01/2024 Added 05/31/2024 Modified 11/04/2024 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-libperf alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla alma-upgrade-rv References https://attackerkb.com/topics/cve-2023-52620 CVE - 2023-52620 https://errata.almalinux.org/8/ALSA-2024-2950.html https://errata.almalinux.org/8/ALSA-2024-3138.html https://errata.almalinux.org/9/ALSA-2024-2394.html

Ubuntu: (Multiple Advisories) (CVE-2024-28834): GnuTLS vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 04/16/2024 Added 04/16/2024 Modified 04/30/2024 Description A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. Solution(s) ubuntu-upgrade-libgnutls30 ubuntu-upgrade-libgnutls30t64 References https://attackerkb.com/topics/cve-2024-28834 CVE - 2024-28834 USN-6733-1 USN-6733-2

Huawei EulerOS: CVE-2023-52620: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 07/23/2024 Added 07/23/2024 Modified 10/08/2024 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-52620 CVE - 2023-52620 EulerOS-SA-2024-2476

Huawei EulerOS: CVE-2024-26642: kernel security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 07/23/2024 Added 07/23/2024 Modified 10/08/2024 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2024-26642 CVE - 2024-26642 EulerOS-SA-2024-2476

Alma Linux: CVE-2024-28835: Moderate: gnutls security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 04/19/2024 Added 04/19/2024 Modified 05/13/2024 Description A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. Solution(s) alma-upgrade-gnutls alma-upgrade-gnutls-c++ alma-upgrade-gnutls-dane alma-upgrade-gnutls-devel alma-upgrade-gnutls-utils References https://attackerkb.com/topics/cve-2024-28835 CVE - 2024-28835 https://errata.almalinux.org/9/ALSA-2024-1879.html https://errata.almalinux.org/9/ALSA-2024-2570.html

Oracle Linux: CVE-2024-28835: ELSA-2024-1879:gnutls security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/21/2024 Created 05/22/2024 Added 04/19/2024 Modified 12/11/2024 Description A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. Solution(s) oracle-linux-upgrade-gnutls oracle-linux-upgrade-gnutls-c oracle-linux-upgrade-gnutls-dane oracle-linux-upgrade-gnutls-devel oracle-linux-upgrade-gnutls-utils References https://attackerkb.com/topics/cve-2024-28835 CVE - 2024-28835 ELSA-2024-1879 ELSA-2024-12336 ELSA-2024-12364 ELSA-2024-2570

Oracle Linux: CVE-2024-27281: ELSA-2024-3668:ruby:3.1 security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:N/C:P/I:P/A:P) Published 03/21/2024 Created 06/04/2024 Added 06/01/2024 Modified 01/08/2025 Description An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1. A flaw was found in Rubygem RDoc. When parsing .rdoc_options used for configuration in RDoc as a YAML file there are no restrictions on the classes that can be restored. This issue may lead to object injection, resulting in remote code execution. Solution(s) oracle-linux-upgrade-ruby oracle-linux-upgrade-ruby-bundled-gems oracle-linux-upgrade-ruby-default-gems oracle-linux-upgrade-ruby-devel oracle-linux-upgrade-ruby-doc oracle-linux-upgrade-rubygem-abrt oracle-linux-upgrade-rubygem-abrt-doc oracle-linux-upgrade-rubygem-bigdecimal oracle-linux-upgrade-rubygem-bson oracle-linux-upgrade-rubygem-bson-doc oracle-linux-upgrade-rubygem-bundler oracle-linux-upgrade-rubygem-bundler-doc oracle-linux-upgrade-rubygem-did-you-mean oracle-linux-upgrade-rubygem-io-console oracle-linux-upgrade-rubygem-irb oracle-linux-upgrade-rubygem-json oracle-linux-upgrade-rubygem-minitest oracle-linux-upgrade-rubygem-mongo oracle-linux-upgrade-rubygem-mongo-doc oracle-linux-upgrade-rubygem-mysql2 oracle-linux-upgrade-rubygem-mysql2-doc oracle-linux-upgrade-rubygem-net-telnet oracle-linux-upgrade-rubygem-openssl oracle-linux-upgrade-rubygem-pg oracle-linux-upgrade-rubygem-pg-doc oracle-linux-upgrade-rubygem-power-assert oracle-linux-upgrade-rubygem-psych oracle-linux-upgrade-rubygem-racc oracle-linux-upgrade-rubygem-rake oracle-linux-upgrade-rubygem-rbs oracle-linux-upgrade-rubygem-rdoc oracle-linux-upgrade-rubygem-rexml oracle-linux-upgrade-rubygem-rss oracle-linux-upgrade-rubygems oracle-linux-upgrade-rubygems-devel oracle-linux-upgrade-rubygem-test-unit oracle-linux-upgrade-rubygem-typeprof oracle-linux-upgrade-rubygem-xmlrpc oracle-linux-upgrade-ruby-irb oracle-linux-upgrade-ruby-libs References https://attackerkb.com/topics/cve-2024-27281 CVE - 2024-27281 ELSA-2024-3668 ELSA-2024-3671 ELSA-2024-4499 ELSA-2024-3500 ELSA-2024-3546 ELSA-2024-3670 ELSA-2024-3838 View more