ISHACK AI BOT

MFSA2024-12 Firefox: Security Vulnerabilities fixed in Firefox 124 (CVE-2024-2606) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/20/2024 Added 03/20/2024 Modified 03/21/2024 Description Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124. Solution(s) mozilla-firefox-upgrade-124_0 References https://attackerkb.com/topics/cve-2024-2606 CVE - 2024-2606 http://www.mozilla.org/security/announce/2024/mfsa2024-12.html

MFSA2024-13 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.9 (CVE-2024-2614) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/20/2024 Added 03/20/2024 Modified 03/21/2024 Description Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) mozilla-firefox-esr-upgrade-115_9 References https://attackerkb.com/topics/cve-2024-2614 CVE - 2024-2614 http://www.mozilla.org/security/announce/2024/mfsa2024-13.html

MFSA2024-12 Firefox: Security Vulnerabilities fixed in Firefox 124 (CVE-2024-2615) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/20/2024 Added 03/20/2024 Modified 03/21/2024 Description Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124. Solution(s) mozilla-firefox-upgrade-124_0 References https://attackerkb.com/topics/cve-2024-2615 CVE - 2024-2615 http://www.mozilla.org/security/announce/2024/mfsa2024-12.html

MFSA2024-13 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.9 (CVE-2023-5388) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/20/2024 Added 03/20/2024 Modified 03/21/2024 Description NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) mozilla-firefox-esr-upgrade-115_9 References https://attackerkb.com/topics/cve-2023-5388 CVE - 2023-5388 http://www.mozilla.org/security/announce/2024/mfsa2024-13.html

MFSA2024-12 Firefox: Security Vulnerabilities fixed in Firefox 124 (CVE-2024-2613) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/20/2024 Added 03/20/2024 Modified 03/21/2024 Description Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. Solution(s) mozilla-firefox-upgrade-124_0 References https://attackerkb.com/topics/cve-2024-2613 CVE - 2024-2613 http://www.mozilla.org/security/announce/2024/mfsa2024-12.html

MFSA2024-13 Firefox: Security Vulnerabilities fixed in Firefox ESR 115.9 (CVE-2024-2608) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/20/2024 Added 03/20/2024 Modified 03/21/2024 Description `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) mozilla-firefox-esr-upgrade-115_9 References https://attackerkb.com/topics/cve-2024-2608 CVE - 2024-2608 http://www.mozilla.org/security/announce/2024/mfsa2024-13.html

Huawei EulerOS: CVE-2024-0450: python3 security update Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 11/12/2024 Added 11/11/2024 Modified 11/11/2024 Description An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. Solution(s) huawei-euleros-2_0_sp10-upgrade-python3 huawei-euleros-2_0_sp10-upgrade-python3-fgo huawei-euleros-2_0_sp10-upgrade-python3-unversioned-command References https://attackerkb.com/topics/cve-2024-0450 CVE - 2024-0450 EulerOS-SA-2024-2911

Red Hat: CVE-2024-22025: nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/19/2024 Created 05/10/2024 Added 05/13/2024 Modified 09/06/2024 Description A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration. Solution(s) redhat-upgrade-nodejs redhat-upgrade-nodejs-debuginfo redhat-upgrade-nodejs-debugsource redhat-upgrade-nodejs-devel redhat-upgrade-nodejs-docs redhat-upgrade-nodejs-full-i18n redhat-upgrade-nodejs-libs redhat-upgrade-nodejs-libs-debuginfo redhat-upgrade-nodejs-nodemon redhat-upgrade-nodejs-packaging redhat-upgrade-nodejs-packaging-bundler redhat-upgrade-npm References CVE-2024-22025 RHSA-2024:2778 RHSA-2024:2779 RHSA-2024:2780 RHSA-2024:2853 RHSA-2024:2910 RHSA-2024:4559 View more

MFSA2024-14 Thunderbird: Security Vulnerabilities fixed in Thunderbird 115.9 (CVE-2024-2616) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/20/2024 Added 03/20/2024 Modified 03/21/2024 Description To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. Solution(s) mozilla-thunderbird-upgrade-115_9 References https://attackerkb.com/topics/cve-2024-2616 CVE - 2024-2616 http://www.mozilla.org/security/announce/2024/mfsa2024-14.html

IBM AIX: python_advisory8 (CVE-2023-6597): Vulnerability in python affects AIX Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 04/12/2024 Added 04/12/2024 Modified 04/12/2024 Description An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. Solution(s) ibm-aix-python_advisory8 References https://attackerkb.com/topics/cve-2023-6597 CVE - 2023-6597 https://aix.software.ibm.com/aix/efixes/security/python_advisory8.asc

Alma Linux: CVE-2024-2608: Critical: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 04/04/2024 Added 04/04/2024 Modified 09/19/2024 Description `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-2608 CVE - 2024-2608 https://errata.almalinux.org/8/ALSA-2024-1484.html https://errata.almalinux.org/8/ALSA-2024-1494.html https://errata.almalinux.org/9/ALSA-2024-1485.html https://errata.almalinux.org/9/ALSA-2024-1493.html

Alpine Linux: CVE-2024-2611: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/01/2024 Description A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2024-2611 CVE - 2024-2611 https://security.alpinelinux.org/vuln/CVE-2024-2611

Alpine Linux: CVE-2024-2616: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/01/2024 Description To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2024-2616 CVE - 2024-2616 https://security.alpinelinux.org/vuln/CVE-2024-2616

Azul Zulu: CVE-2024-20923: Vulnerability in the JavaFX component Severity 3 CVSS (AV:N/AC:H/Au:N/C:P/I:N/A:N) Published 03/19/2024 Created 03/20/2024 Added 03/19/2024 Modified 01/28/2025 Description Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX).Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result inunauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts).CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). Solution(s) azul-zulu-upgrade-latest References https://attackerkb.com/topics/cve-2024-20923 CVE - 2024-20923 https://www.azul.com/downloads/

Alpine Linux: CVE-2024-21503: Vulnerability in Multiple Components Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/19/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. Solution(s) alpine-linux-upgrade-black References https://attackerkb.com/topics/cve-2024-21503 CVE - 2024-21503 https://security.alpinelinux.org/vuln/CVE-2024-21503

Alpine Linux: CVE-2024-2610: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/01/2024 Description Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2024-2610 CVE - 2024-2610 https://security.alpinelinux.org/vuln/CVE-2024-2610

Alpine Linux: CVE-2024-2607: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 08/23/2024 Added 08/22/2024 Modified 10/01/2024 Description Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) alpine-linux-upgrade-firefox-esr References https://attackerkb.com/topics/cve-2024-2607 CVE - 2024-2607 https://security.alpinelinux.org/vuln/CVE-2024-2607

Red Hat: CVE-2024-2614: Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/27/2024 Added 03/26/2024 Modified 09/13/2024 Description Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-2614 RHSA-2024:1483 RHSA-2024:1484 RHSA-2024:1485 RHSA-2024:1486 RHSA-2024:1487 RHSA-2024:1488 RHSA-2024:1489 RHSA-2024:1492 RHSA-2024:1493 RHSA-2024:1494 RHSA-2024:1495 RHSA-2024:1496 RHSA-2024:1497 RHSA-2024:1498 View more

Red Hat: CVE-2024-2609: Mozilla: Permission prompt input delay could expire when not in focus (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 04/19/2024 Added 04/19/2024 Modified 09/03/2024 Description The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-2609 RHSA-2024:1905 RHSA-2024:1906 RHSA-2024:1907 RHSA-2024:1908 RHSA-2024:1909 RHSA-2024:1910 RHSA-2024:1912 RHSA-2024:1935 RHSA-2024:1936 RHSA-2024:1937 RHSA-2024:1938 RHSA-2024:1939 RHSA-2024:1940 RHSA-2024:1941 View more

Red Hat: CVE-2024-2612: Mozilla: Self referencing object could have potentially led to a use-after-free (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/27/2024 Added 03/26/2024 Modified 09/13/2024 Description If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-2612 RHSA-2024:1483 RHSA-2024:1484 RHSA-2024:1485 RHSA-2024:1486 RHSA-2024:1487 RHSA-2024:1488 RHSA-2024:1489 RHSA-2024:1492 RHSA-2024:1493 RHSA-2024:1494 RHSA-2024:1495 RHSA-2024:1496 RHSA-2024:1497 RHSA-2024:1498 View more

Ubuntu: (Multiple Advisories) (CVE-2024-2609): Firefox vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/22/2024 Added 03/21/2024 Modified 04/26/2024 Description The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR < 115.10, and Thunderbird < 115.10. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-2609 CVE - 2024-2609 USN-6703-1 USN-6750-1

Ubuntu: (Multiple Advisories) (CVE-2024-26635): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/18/2024 Created 05/18/2024 Added 05/17/2024 Modified 11/15/2024 Description In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the bug. write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', "90e5dd"}}}}, 0x16) llc_conn_handler() initialises local variables {saddr,daddr}.mac based on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes them to __llc_lookup(). However, the initialisation is done only when skb->protocol is htons(ETH_P_802_2), otherwise, __llc_lookup_established() and __llc_lookup_listener() will read garbage. The missing initialisation existed prior to commit 211ed865108e ("net: delete all instances of special processing for token ring"). It removed the part to kick out the token ring stuff but forgot to close the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv(). Let's remove llc_tr_packet_type and complete the deprecation. [0]: BUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90 __llc_lookup_established+0xe9d/0xf90 __llc_lookup net/llc/llc_conn.c:611 [inline] llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791 llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206 __netif_receive_skb_one_core net/core/dev.c:5527 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641 netif_receive_skb_internal net/core/dev.c:5727 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5786 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x1490 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b Local variable daddr created at: llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783 llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206 CPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 Solution(s) ubuntu-upgrade-linux-image-4-15-0-1131-oracle ubuntu-upgrade-linux-image-4-15-0-1152-kvm ubuntu-upgrade-linux-image-4-15-0-1162-gcp ubuntu-upgrade-linux-image-4-15-0-1168-aws ubuntu-upgrade-linux-image-4-15-0-1177-azure ubuntu-upgrade-linux-image-4-15-0-225-generic ubuntu-upgrade-linux-image-4-15-0-225-lowlatency ubuntu-upgrade-linux-image-4-4-0-1131-aws ubuntu-upgrade-linux-image-4-4-0-1132-kvm ubuntu-upgrade-linux-image-4-4-0-1169-aws ubuntu-upgrade-linux-image-4-4-0-254-generic ubuntu-upgrade-linux-image-4-4-0-254-lowlatency ubuntu-upgrade-linux-image-5-15-0-1044-gkeop ubuntu-upgrade-linux-image-5-15-0-1054-ibm ubuntu-upgrade-linux-image-5-15-0-1054-nvidia ubuntu-upgrade-linux-image-5-15-0-1054-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1054-raspi ubuntu-upgrade-linux-image-5-15-0-1057-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1058-gke ubuntu-upgrade-linux-image-5-15-0-1058-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1058-kvm ubuntu-upgrade-linux-image-5-15-0-1059-gcp ubuntu-upgrade-linux-image-5-15-0-1059-oracle ubuntu-upgrade-linux-image-5-15-0-106-generic ubuntu-upgrade-linux-image-5-15-0-106-generic-64k ubuntu-upgrade-linux-image-5-15-0-106-generic-lpae ubuntu-upgrade-linux-image-5-15-0-106-lowlatency ubuntu-upgrade-linux-image-5-15-0-106-lowlatency-64k ubuntu-upgrade-linux-image-5-15-0-1061-aws ubuntu-upgrade-linux-image-5-15-0-1063-azure ubuntu-upgrade-linux-image-5-15-0-1063-azure-fde ubuntu-upgrade-linux-image-5-4-0-1036-iot ubuntu-upgrade-linux-image-5-4-0-1043-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1071-ibm ubuntu-upgrade-linux-image-5-4-0-1084-bluefield ubuntu-upgrade-linux-image-5-4-0-1091-gkeop ubuntu-upgrade-linux-image-5-4-0-1108-raspi ubuntu-upgrade-linux-image-5-4-0-1112-kvm ubuntu-upgrade-linux-image-5-4-0-1123-oracle ubuntu-upgrade-linux-image-5-4-0-1124-aws ubuntu-upgrade-linux-image-5-4-0-1128-gcp ubuntu-upgrade-linux-image-5-4-0-1129-azure ubuntu-upgrade-linux-image-5-4-0-181-generic ubuntu-upgrade-linux-image-5-4-0-181-generic-lpae ubuntu-upgrade-linux-image-5-4-0-181-lowlatency ubuntu-upgrade-linux-image-6-5-0-1014-starfive ubuntu-upgrade-linux-image-6-5-0-1016-laptop ubuntu-upgrade-linux-image-6-5-0-1017-raspi ubuntu-upgrade-linux-image-6-5-0-1019-nvidia ubuntu-upgrade-linux-image-6-5-0-1019-nvidia-64k ubuntu-upgrade-linux-image-6-5-0-1020-aws ubuntu-upgrade-linux-image-6-5-0-1020-gcp ubuntu-upgrade-linux-image-6-5-0-1021-azure ubuntu-upgrade-linux-image-6-5-0-1021-azure-fde ubuntu-upgrade-linux-image-6-5-0-1023-oem ubuntu-upgrade-linux-image-6-5-0-1023-oracle ubuntu-upgrade-linux-image-6-5-0-1023-oracle-64k ubuntu-upgrade-linux-image-6-5-0-35-generic ubuntu-upgrade-linux-image-6-5-0-35-generic-64k ubuntu-upgrade-linux-image-6-5-0-35-lowlatency ubuntu-upgrade-linux-image-6-5-0-35-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-laptop-23-10 ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-5 ubuntu-upgrade-linux-image-nvidia-64k-6-5 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-26635 CVE - 2024-26635 USN-6765-1 USN-6766-1 USN-6766-2 USN-6766-3 USN-6767-1 USN-6767-2 USN-6774-1 USN-6777-1 USN-6777-2 USN-6777-3 USN-6777-4 USN-6778-1 USN-6795-1 USN-6828-1 View more

Red Hat: CVE-2024-2611: Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/19/2024 Created 03/27/2024 Added 03/26/2024 Modified 09/13/2024 Description A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-2611 RHSA-2024:1483 RHSA-2024:1484 RHSA-2024:1485 RHSA-2024:1486 RHSA-2024:1487 RHSA-2024:1488 RHSA-2024:1489 RHSA-2024:1492 RHSA-2024:1493 RHSA-2024:1494 RHSA-2024:1495 RHSA-2024:1496 RHSA-2024:1497 RHSA-2024:1498 View more

Ubuntu: (Multiple Advisories) (CVE-2024-26636): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/18/2024 Created 05/18/2024 Added 05/17/2024 Modified 12/11/2024 Description In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others, llc_ui_sendmsg() releases the socket lock before calling sock_alloc_send_skb(). Then it acquires it again, but does not redo all the sanity checks that were performed. This fix: - Uses LL_RESERVED_SPACE() to reserve space. - Check all conditions again after socket lock is held again. - Do not account Ethernet header for mtu limitation. [1] skbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0 kernel BUG at net/core/skbuff.c:193 ! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_panic net/core/skbuff.c:189 [inline] pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 lr : skb_panic net/core/skbuff.c:189 [inline] lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 sp : ffff800096f97000 x29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000 x26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2 x23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0 x20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce x17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001 x14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400 x8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714 x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089 Call trace: skb_panic net/core/skbuff.c:189 [inline] skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 skb_push+0xf0/0x108 net/core/skbuff.c:2451 eth_header+0x44/0x1f8 net/ethernet/eth.c:83 dev_hard_header include/linux/netdevice.h:3188 [inline] llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33 llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85 llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline] llc_sap_next_state net/llc/llc_sap.c:182 [inline] llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209 llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270 llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x194/0x274 net/socket.c:767 splice_to_socket+0x7cc/0xd58 fs/splice.c:881 do_splice_from fs/splice.c:933 [inline] direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142 splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088 do_splice_direct+0x20c/0x348 fs/splice.c:1194 do_sendfile+0x4bc/0xc70 fs/read_write.c:1254 __do_sys_sendfile64 fs/read_write.c:1322 [inline] __se_sys_sendfile64 fs/read_write.c:1308 [inline] __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595 Code: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000) Solution(s) ubuntu-upgrade-linux-image-4-15-0-1137-oracle ubuntu-upgrade-linux-image-4-15-0-1158-kvm ubuntu-upgrade-linux-image-4-15-0-1168-gcp ubuntu-upgrade-linux-image-4-15-0-1175-aws ubuntu-upgrade-linux-image-4-15-0-1183-azure ubuntu-upgrade-linux-image-4-15-0-231-generic ubuntu-upgrade-linux-image-4-15-0-231-lowlatency ubuntu-upgrade-linux-image-4-4-0-1138-aws ubuntu-upgrade-linux-image-4-4-0-1139-kvm ubuntu-upgrade-linux-image-4-4-0-1176-aws ubuntu-upgrade-linux-image-4-4-0-261-generic ubuntu-upgrade-linux-image-4-4-0-261-lowlatency ubuntu-upgrade-linux-image-5-15-0-1044-gkeop ubuntu-upgrade-linux-image-5-15-0-1054-ibm ubuntu-upgrade-linux-image-5-15-0-1054-nvidia ubuntu-upgrade-linux-image-5-15-0-1054-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1054-raspi ubuntu-upgrade-linux-image-5-15-0-1057-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1058-gke ubuntu-upgrade-linux-image-5-15-0-1058-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1058-kvm ubuntu-upgrade-linux-image-5-15-0-1059-gcp ubuntu-upgrade-linux-image-5-15-0-1059-oracle ubuntu-upgrade-linux-image-5-15-0-106-generic ubuntu-upgrade-linux-image-5-15-0-106-generic-64k ubuntu-upgrade-linux-image-5-15-0-106-generic-lpae ubuntu-upgrade-linux-image-5-15-0-106-lowlatency ubuntu-upgrade-linux-image-5-15-0-106-lowlatency-64k ubuntu-upgrade-linux-image-5-15-0-1061-aws ubuntu-upgrade-linux-image-5-15-0-1063-azure ubuntu-upgrade-linux-image-5-15-0-1063-azure-fde ubuntu-upgrade-linux-image-5-4-0-1036-iot ubuntu-upgrade-linux-image-5-4-0-1043-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1071-ibm ubuntu-upgrade-linux-image-5-4-0-1084-bluefield ubuntu-upgrade-linux-image-5-4-0-1091-gkeop ubuntu-upgrade-linux-image-5-4-0-1108-raspi ubuntu-upgrade-linux-image-5-4-0-1112-kvm ubuntu-upgrade-linux-image-5-4-0-1123-oracle ubuntu-upgrade-linux-image-5-4-0-1124-aws ubuntu-upgrade-linux-image-5-4-0-1128-gcp ubuntu-upgrade-linux-image-5-4-0-1129-azure ubuntu-upgrade-linux-image-5-4-0-181-generic ubuntu-upgrade-linux-image-5-4-0-181-generic-lpae ubuntu-upgrade-linux-image-5-4-0-181-lowlatency ubuntu-upgrade-linux-image-6-5-0-1015-starfive ubuntu-upgrade-linux-image-6-5-0-1017-laptop ubuntu-upgrade-linux-image-6-5-0-1018-raspi ubuntu-upgrade-linux-image-6-5-0-1021-aws ubuntu-upgrade-linux-image-6-5-0-1021-nvidia ubuntu-upgrade-linux-image-6-5-0-1021-nvidia-64k ubuntu-upgrade-linux-image-6-5-0-1022-azure ubuntu-upgrade-linux-image-6-5-0-1022-azure-fde ubuntu-upgrade-linux-image-6-5-0-1022-gcp ubuntu-upgrade-linux-image-6-5-0-1024-oem ubuntu-upgrade-linux-image-6-5-0-1024-oracle ubuntu-upgrade-linux-image-6-5-0-1024-oracle-64k ubuntu-upgrade-linux-image-6-5-0-41-generic ubuntu-upgrade-linux-image-6-5-0-41-generic-64k ubuntu-upgrade-linux-image-6-5-0-41-lowlatency ubuntu-upgrade-linux-image-6-5-0-41-lowlatency-64k ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-laptop-23-10 ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-5 ubuntu-upgrade-linux-image-nvidia-64k-6-5 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-64k ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2024-26636 CVE - 2024-26636 USN-6765-1 USN-6766-1 USN-6766-2 USN-6766-3 USN-6767-1 USN-6767-2 USN-6795-1 USN-6818-1 USN-6818-2 USN-6818-3 USN-6818-4 USN-6819-1 USN-6819-2 USN-6819-3 USN-6819-4 USN-6828-1 USN-7121-1 USN-7121-2 USN-7121-3 USN-7148-1 View more

VMware Photon OS: CVE-2024-1013 Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 03/18/2024 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2024-1013 CVE - 2024-1013