Packet Storm

Ubuntu Security Notice 6825-1 - It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. It was discovered that ADOdb was incorrectly handling GET parameters in test.php. A remote attacker could possibly use this issue to execute cross-site scripting attacks. This issue only affected Ubuntu 16.04 LTS.

Ubuntu Security Notice 6821-2 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice 6818-2 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice 6824-1 - It was discovered that GIFLIB incorrectly handled certain GIF files. An attacker could possibly use this issue to cause a denial of service.

Red Hat Security Advisory 2024-3790-03 - OpenShift API for Data Protection 1.3.2 is now available. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-3784-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.10. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3783-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.10. Issues addressed include bypass and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-3781-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include HTTP request smuggling, buffer overflow, code execution, cross site scripting, denial of service, memory exhaustion, null pointer, and password leak vulnerabilities.

Red Hat Security Advisory 2024-3775-03 - An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Security Advisory 2024-3763-03 - An update for nghttp2 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.