ISHACK AI BOT

Rocky Linux: CVE-2024-2611: thunderbird (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/29/2024 Added 03/28/2024 Modified 11/18/2024 Description A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2024-2611 CVE - 2024-2611 https://errata.rockylinux.org/RLSA-2024:1484 https://errata.rockylinux.org/RLSA-2024:1494

Huawei EulerOS: CVE-2024-29018: docker-engine security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/20/2024 Created 07/16/2024 Added 07/16/2024 Modified 11/26/2024 Description Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well. When containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs. Containers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly. In addition to configuring the Linux kernel's various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver. When a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container's network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself. As a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved. Many systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host's configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected. Because `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers. Docker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address. Moby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container's network namespace. Solution(s) huawei-euleros-2_0_sp10-upgrade-docker-engine huawei-euleros-2_0_sp10-upgrade-docker-engine-selinux References https://attackerkb.com/topics/cve-2024-29018 CVE - 2024-29018 EulerOS-SA-2024-1903

Rocky Linux: CVE-2024-22025: nodejs (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 05/10/2024 Added 05/13/2024 Modified 11/18/2024 Description A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration. Solution(s) rocky-upgrade-nodejs rocky-upgrade-nodejs-debuginfo rocky-upgrade-nodejs-debugsource rocky-upgrade-nodejs-devel rocky-upgrade-nodejs-full-i18n rocky-upgrade-nodejs-libs rocky-upgrade-nodejs-libs-debuginfo rocky-upgrade-npm References https://attackerkb.com/topics/cve-2024-22025 CVE - 2024-22025 https://errata.rockylinux.org/RLSA-2024:2778 https://errata.rockylinux.org/RLSA-2024:2779 https://errata.rockylinux.org/RLSA-2024:2780 https://errata.rockylinux.org/RLSA-2024:2853 https://errata.rockylinux.org/RLSA-2024:2910

Rocky Linux: CVE-2024-2609: firefox (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 05/08/2024 Added 05/08/2024 Modified 11/18/2024 Description The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2024-2609 CVE - 2024-2609 https://errata.rockylinux.org/RLSA-2024:1908 https://errata.rockylinux.org/RLSA-2024:1912

Rocky Linux: CVE-2024-2307: Image-builder-components-bug-fix,-enhancement-and (RLSA-2024-2961) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 06/17/2024 Added 06/17/2024 Modified 11/18/2024 Description A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. Solution(s) rocky-upgrade-osbuild-composer rocky-upgrade-osbuild-composer-core rocky-upgrade-osbuild-composer-core-debuginfo rocky-upgrade-osbuild-composer-debuginfo rocky-upgrade-osbuild-composer-debugsource rocky-upgrade-osbuild-composer-worker rocky-upgrade-osbuild-composer-worker-debuginfo References https://attackerkb.com/topics/cve-2024-2307 CVE - 2024-2307 https://errata.rockylinux.org/RLSA-2024:2961

Amazon Linux AMI 2: CVE-2024-2612: Security patch for firefox, thunderbird (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 04/02/2024 Added 04/02/2024 Modified 04/02/2024 Description If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo amazon-linux-ami-2-upgrade-thunderbird amazon-linux-ami-2-upgrade-thunderbird-debuginfo References https://attackerkb.com/topics/cve-2024-2612 AL2/ALAS-2024-2505 AL2/ALASFIREFOX-2024-023 CVE - 2024-2612

Ubuntu: USN-6703-1 (CVE-2024-2615): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/22/2024 Added 03/21/2024 Modified 10/23/2024 Description Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-2615 CVE - 2024-2615 USN-6703-1

Alma Linux: CVE-2024-2611: Critical: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 04/04/2024 Added 04/04/2024 Modified 09/19/2024 Description A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-2611 CVE - 2024-2611 https://errata.almalinux.org/8/ALSA-2024-1484.html https://errata.almalinux.org/8/ALSA-2024-1494.html https://errata.almalinux.org/9/ALSA-2024-1485.html https://errata.almalinux.org/9/ALSA-2024-1493.html

Red Hat: CVE-2024-2307: osbuild-composer: race condition may disable GPG verification for package repositories (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:P) Published 03/19/2024 Created 05/01/2024 Added 05/01/2024 Modified 09/03/2024 Description A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. Solution(s) redhat-upgrade-osbuild redhat-upgrade-osbuild-composer redhat-upgrade-osbuild-composer-core redhat-upgrade-osbuild-composer-core-debuginfo redhat-upgrade-osbuild-composer-debuginfo redhat-upgrade-osbuild-composer-debugsource redhat-upgrade-osbuild-composer-tests-debuginfo redhat-upgrade-osbuild-composer-worker redhat-upgrade-osbuild-composer-worker-debuginfo redhat-upgrade-osbuild-depsolve-dnf redhat-upgrade-osbuild-luks2 redhat-upgrade-osbuild-lvm2 redhat-upgrade-osbuild-ostree redhat-upgrade-osbuild-selinux redhat-upgrade-python3-osbuild References CVE-2024-2307 RHSA-2024:2119 RHSA-2024:2961

Red Hat: CVE-2024-2610: Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/27/2024 Added 03/26/2024 Modified 09/13/2024 Description Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-2610 RHSA-2024:1483 RHSA-2024:1484 RHSA-2024:1485 RHSA-2024:1486 RHSA-2024:1487 RHSA-2024:1488 RHSA-2024:1489 RHSA-2024:1492 RHSA-2024:1493 RHSA-2024:1494 RHSA-2024:1495 RHSA-2024:1496 RHSA-2024:1497 RHSA-2024:1498 View more

Ubuntu: USN-6703-1 (CVE-2024-2613): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/22/2024 Added 03/21/2024 Modified 10/23/2024 Description Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-2613 CVE - 2024-2613 USN-6703-1

Ubuntu: (Multiple Advisories) (CVE-2024-2610): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/22/2024 Added 03/21/2024 Modified 03/27/2024 Description Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-2610 CVE - 2024-2610 USN-6703-1 USN-6717-1

Ubuntu: (Multiple Advisories) (CVE-2024-2608): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/22/2024 Added 03/21/2024 Modified 03/27/2024 Description `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-2608 CVE - 2024-2608 USN-6703-1 USN-6717-1

Ubuntu: (Multiple Advisories) (CVE-2024-2614): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/22/2024 Added 03/21/2024 Modified 03/27/2024 Description Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-2614 CVE - 2024-2614 USN-6703-1 USN-6717-1

Ubuntu: (Multiple Advisories) (CVE-2024-2612): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/22/2024 Added 03/21/2024 Modified 03/27/2024 Description If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-2612 CVE - 2024-2612 USN-6703-1 USN-6717-1

MFSA2024-13 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.9 (CVE-2024-2616) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/20/2024 Added 03/20/2024 Modified 03/21/2024 Description To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. Solution(s) mozilla-firefox-esr-upgrade-115_9 References https://attackerkb.com/topics/cve-2024-2616 CVE - 2024-2616 http://www.mozilla.org/security/announce/2024/mfsa2024-13.html

MFSA2024-13 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.9 (CVE-2024-2611) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/20/2024 Added 03/20/2024 Modified 03/21/2024 Description A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) mozilla-firefox-esr-upgrade-115_9 References https://attackerkb.com/topics/cve-2024-2611 CVE - 2024-2611 http://www.mozilla.org/security/announce/2024/mfsa2024-13.html

MFSA2024-13 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.9 (CVE-2024-2610) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/20/2024 Added 03/20/2024 Modified 03/21/2024 Description Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) mozilla-firefox-esr-upgrade-115_9 References https://attackerkb.com/topics/cve-2024-2610 CVE - 2024-2610 http://www.mozilla.org/security/announce/2024/mfsa2024-13.html

MFSA2024-19 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.10 (CVE-2024-2609) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 04/17/2024 Added 04/17/2024 Modified 04/22/2024 Description The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) mozilla-firefox-esr-upgrade-115_10 References https://attackerkb.com/topics/cve-2024-2609 CVE - 2024-2609 http://www.mozilla.org/security/announce/2024/mfsa2024-19.html

MFSA2024-12 Firefox: Security Vulnerabilities fixed in Firefox 124 (CVE-2024-2609) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/20/2024 Added 03/20/2024 Modified 04/22/2024 Description The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) mozilla-firefox-upgrade-124_0 References https://attackerkb.com/topics/cve-2024-2609 CVE - 2024-2609 http://www.mozilla.org/security/announce/2024/mfsa2024-12.html

Oracle Linux: CVE-2024-22025: ELSA-2024-2853:nodejs:20 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/19/2024 Created 05/21/2024 Added 05/09/2024 Modified 01/07/2025 Description A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration. A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration. Solution(s) oracle-linux-upgrade-nodejs oracle-linux-upgrade-nodejs-devel oracle-linux-upgrade-nodejs-docs oracle-linux-upgrade-nodejs-full-i18n oracle-linux-upgrade-nodejs-libs oracle-linux-upgrade-nodejs-nodemon oracle-linux-upgrade-nodejs-packaging oracle-linux-upgrade-nodejs-packaging-bundler oracle-linux-upgrade-npm References https://attackerkb.com/topics/cve-2024-22025 CVE - 2024-22025 ELSA-2024-2853 ELSA-2024-2780 ELSA-2024-2910 ELSA-2024-2779 ELSA-2024-2778

Rocky Linux: CVE-2024-2610: thunderbird (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/29/2024 Added 03/28/2024 Modified 11/18/2024 Description Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2024-2610 CVE - 2024-2610 https://errata.rockylinux.org/RLSA-2024:1484 https://errata.rockylinux.org/RLSA-2024:1494

Rocky Linux: CVE-2024-2614: thunderbird (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/29/2024 Added 03/28/2024 Modified 11/18/2024 Description Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-thunderbird rocky-upgrade-thunderbird-debuginfo rocky-upgrade-thunderbird-debugsource References https://attackerkb.com/topics/cve-2024-2614 CVE - 2024-2614 https://errata.rockylinux.org/RLSA-2024:1484 https://errata.rockylinux.org/RLSA-2024:1494

Rocky Linux: CVE-2023-6597: python3.9 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 06/17/2024 Added 06/17/2024 Modified 11/20/2024 Description An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. Solution(s) rocky-upgrade-cython-debugsource rocky-upgrade-numpy-debugsource rocky-upgrade-platform-python rocky-upgrade-platform-python-debug rocky-upgrade-platform-python-devel rocky-upgrade-python-cffi-debugsource rocky-upgrade-python-cryptography-debugsource rocky-upgrade-python-lxml-debugsource rocky-upgrade-python-psutil-debugsource rocky-upgrade-python-psycopg2-debugsource rocky-upgrade-python3 rocky-upgrade-python3-debug rocky-upgrade-python3-debuginfo rocky-upgrade-python3-debugsource rocky-upgrade-python3-devel rocky-upgrade-python3-idle rocky-upgrade-python3-libs rocky-upgrade-python3-test rocky-upgrade-python3-tkinter rocky-upgrade-python3.11 rocky-upgrade-python3.11-debug rocky-upgrade-python3.11-debuginfo rocky-upgrade-python3.11-debugsource rocky-upgrade-python3.11-devel rocky-upgrade-python3.11-idle rocky-upgrade-python3.11-libs rocky-upgrade-python3.11-test rocky-upgrade-python3.11-tkinter rocky-upgrade-python39 rocky-upgrade-python39-cffi rocky-upgrade-python39-cffi-debuginfo rocky-upgrade-python39-cryptography rocky-upgrade-python39-cryptography-debuginfo rocky-upgrade-python39-cython rocky-upgrade-python39-cython-debuginfo rocky-upgrade-python39-debug rocky-upgrade-python39-debuginfo rocky-upgrade-python39-debugsource rocky-upgrade-python39-devel rocky-upgrade-python39-idle rocky-upgrade-python39-libs rocky-upgrade-python39-lxml rocky-upgrade-python39-lxml-debuginfo rocky-upgrade-python39-mod_wsgi rocky-upgrade-python39-numpy rocky-upgrade-python39-numpy-debuginfo rocky-upgrade-python39-numpy-f2py rocky-upgrade-python39-psutil rocky-upgrade-python39-psutil-debuginfo rocky-upgrade-python39-psycopg2 rocky-upgrade-python39-psycopg2-debuginfo rocky-upgrade-python39-psycopg2-doc rocky-upgrade-python39-psycopg2-tests rocky-upgrade-python39-pybind11 rocky-upgrade-python39-pybind11-devel rocky-upgrade-python39-pyyaml rocky-upgrade-python39-pyyaml-debuginfo rocky-upgrade-python39-scipy rocky-upgrade-python39-scipy-debuginfo rocky-upgrade-python39-test rocky-upgrade-python39-tkinter rocky-upgrade-pyyaml-debugsource rocky-upgrade-scipy-debugsource References https://attackerkb.com/topics/cve-2023-6597 CVE - 2023-6597 https://errata.rockylinux.org/RLSA-2024:3347 https://errata.rockylinux.org/RLSA-2024:3466 https://errata.rockylinux.org/RLSA-2024:4077 https://errata.rockylinux.org/RLSA-2024:4078

Microsoft Edge Chromium: CVE-2024-2628 Inappropriate implementation in Downloads Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 03/20/2024 Created 03/25/2024 Added 03/25/2024 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2024-2628 CVE - 2024-2628 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-2628