Red Hat Security Advisory 2024-4003-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include bypass and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4003.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:4003-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4003  
Issue date:         2024-06-20  
Revision:           03  
CVE Names:          CVE-2024-5688  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.12.1.

Security Fix(es):

* thunderbird: Use-after-free in networking (CVE-2024-5702)

* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)

* thunderbird: External protocol handlers leaked by timing attack  
(CVE-2024-5690)

* thunderbird:  Sandboxed iframes were able to bypass sandbox restrictions to  
open a new window (CVE-2024-5691)

* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)

* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and  
Thunderbird 115.12 (CVE-2024-5700)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE page(s)  
listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-5688

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2291394  
https://bugzilla.redhat.com/show_bug.cgi?id=2291395  
https://bugzilla.redhat.com/show_bug.cgi?id=2291396  
https://bugzilla.redhat.com/show_bug.cgi?id=2291397  
https://bugzilla.redhat.com/show_bug.cgi?id=2291399  
https://bugzilla.redhat.com/show_bug.cgi?id=2291400  
https://bugzilla.redhat.com/show_bug.cgi?id=2291401

Red Hat Security Advisory 2024-4003-03

Red Hat Security Advisory 2024-4002-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4002.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:4002-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4002  
Issue date:         2024-06-20  
Revision:           03  
CVE Names:          CVE-2024-5688  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.12.1.

Security Fix(es):

* thunderbird: Use-after-free in networking (CVE-2024-5702)

* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)

* thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)

* thunderbird:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)

* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)

* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-5688

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2291394  
https://bugzilla.redhat.com/show_bug.cgi?id=2291395  
https://bugzilla.redhat.com/show_bug.cgi?id=2291396  
https://bugzilla.redhat.com/show_bug.cgi?id=2291397  
https://bugzilla.redhat.com/show_bug.cgi?id=2291399  
https://bugzilla.redhat.com/show_bug.cgi?id=2291400  
https://bugzilla.redhat.com/show_bug.cgi?id=2291401

Red Hat Security Advisory 2024-4002-03

Red Hat Security Advisory 2024-4001-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4001.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: thunderbird security update  
Advisory ID:        RHSA-2024:4001-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4001  
Issue date:         2024-06-20  
Revision:           03  
CVE Names:          CVE-2024-5688  
====================================================================

Summary: 

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 115.12.1.

Security Fix(es):

* thunderbird: Use-after-free in networking (CVE-2024-5702)

* thunderbird: Use-after-free in JavaScript object transplant (CVE-2024-5688)

* thunderbird: External protocol handlers leaked by timing attack (CVE-2024-5690)

* thunderbird:  Sandboxed iframes were able to bypass sandbox restrictions to open a new window (CVE-2024-5691)

* thunderbird: Cross-Origin Image leak via Offscreen Canvas (CVE-2024-5693)

* thunderbird: Memory Corruption in Text Fragments (CVE-2024-5696)

* thunderbird: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12 (CVE-2024-5700)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-5688

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2291394  
https://bugzilla.redhat.com/show_bug.cgi?id=2291395  
https://bugzilla.redhat.com/show_bug.cgi?id=2291396  
https://bugzilla.redhat.com/show_bug.cgi?id=2291397  
https://bugzilla.redhat.com/show_bug.cgi?id=2291399  
https://bugzilla.redhat.com/show_bug.cgi?id=2291400  
https://bugzilla.redhat.com/show_bug.cgi?id=2291401

Red Hat Security Advisory 2024-4001-03

Red Hat Security Advisory 2024-4000-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4000.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: ghostscript security updateAdvisory ID:        RHSA-2024:4000-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4000Issue date:         2024-06-20Revision:           03CVE Names:          CVE-2024-33871====================================================================Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.Security Fix(es):* ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-33871References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2283508

Red Hat Security Advisory 2024-4000-03

Red Hat Security Advisory 2024-3999-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3999.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: ghostscript security updateAdvisory ID:        RHSA-2024:3999-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3999Issue date:         2024-06-20Revision:           03CVE Names:          CVE-2024-33871====================================================================Summary: An update for ghostscript is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.Security Fix(es):* ghostscript: OPVP device arbitrary code execution via custom Driver library (CVE-2024-33871)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-33871References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2283508

Red Hat Security Advisory 2024-3999-03

Red Hat Security Advisory 2024-3998-03 - An update for curl is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3998.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: curl security updateAdvisory ID:        RHSA-2024:3998-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3998Issue date:         2024-06-20Revision:           03CVE Names:          CVE-2024-2398====================================================================Summary: An update for curl is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.Security Fix(es):* curl: HTTP/2 push headers memory-leak (CVE-2024-2398)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-2398References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2270498

Red Hat Security Advisory 2024-3998-03

Red Hat Security Advisory 2024-3989-03 - Migration Toolkit for Applications 6.2.3 release. Issues addressed include denial of service, memory leak, and password leak vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3989.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Migration Toolkit for Applications security and bug fix update  
Advisory ID:        RHSA-2024:3989-03  
Product:            Migration Toolkit for Applications  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3989  
Issue date:         2024-06-20  
Revision:           03  
CVE Names:          CVE-2023-26159  
====================================================================

Summary: 

Migration Toolkit for Applications 6.2.3 release

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

Description:

Migration Toolkit for Applications 6.2.3 Images

Security Fix(es) from Bugzilla:

* keycloak: path transversal in redirection validation (CVE-2024-1132)

* webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)

* axios: exposure of confidential data stored in cookies (CVE-2023-45857)

* css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)

* css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)

* follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)

* io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)

* io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)

* commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file (CVE-2024-25710)

* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)

* follow-redirects: Possible credential leak (CVE-2024-28849)

* jetty: Improper addition of quotation marks to user inputs in CgiServlet (CVE-2023-36479)

* commons-configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (CVE-2024-29133)

* commons-configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (CVE-2024-29131)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-26159

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2239630  
https://bugzilla.redhat.com/show_bug.cgi?id=2248979  
https://bugzilla.redhat.com/show_bug.cgi?id=2250364  
https://bugzilla.redhat.com/show_bug.cgi?id=2254559  
https://bugzilla.redhat.com/show_bug.cgi?id=2256413  
https://bugzilla.redhat.com/show_bug.cgi?id=2260840  
https://bugzilla.redhat.com/show_bug.cgi?id=2262117  
https://bugzilla.redhat.com/show_bug.cgi?id=2263139  
https://bugzilla.redhat.com/show_bug.cgi?id=2264988  
https://bugzilla.redhat.com/show_bug.cgi?id=2264989  
https://bugzilla.redhat.com/show_bug.cgi?id=2269576  
https://bugzilla.redhat.com/show_bug.cgi?id=2270673  
https://bugzilla.redhat.com/show_bug.cgi?id=2270674  
https://bugzilla.redhat.com/show_bug.cgi?id=2270863

Red Hat Security Advisory 2024-3989-03

Red Hat Security Advisory 2024-3918-03 - Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3918.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.14.30 packages and security update  
Advisory ID:        RHSA-2024:3918-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3918  
Issue date:         2024-06-19  
Revision:           03  
CVE Names:          CVE-2023-48795  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of  Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.30. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:3881

Security Fix(es):

* ssh: Prefix truncation attack on Binary Packet Protocol (BPP)  
(CVE-2023-48795)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

CVEs:

CVE-2023-48795

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2254210

Red Hat Security Advisory 2024-3918-03

Red Hat Security Advisory 2024-3881-03 - Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3881.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.14.30 bug fix and security update  
Advisory ID:        RHSA-2024:3881-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3881  
Issue date:         2024-06-19  
Revision:           03  
CVE Names:          CVE-2024-4369  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.30 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.14.30. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:3918

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

Security Fix(es):

* cluster-image-registry-operator: Exposes a secret via env variable in pod  
definition on Azure (CVE-2024-4369)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-4369

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2278035  
https://issues.redhat.com/browse/OCPBUGS-32473  
https://issues.redhat.com/browse/OCPBUGS-34024  
https://issues.redhat.com/browse/OCPBUGS-34495  
https://issues.redhat.com/browse/OCPBUGS-34570  
https://issues.redhat.com/browse/OCPBUGS-34573  
https://issues.redhat.com/browse/OCPBUGS-34657  
https://issues.redhat.com/browse/OCPBUGS-34668  
https://issues.redhat.com/browse/OCPBUGS-34792  
https://issues.redhat.com/browse/OCPBUGS-34814  
https://issues.redhat.com/browse/OCPBUGS-34856  
https://issues.redhat.com/browse/OCPBUGS-34973  
https://issues.redhat.com/browse/OCPBUGS-35034  
https://issues.redhat.com/browse/OCPBUGS-35085  
https://issues.redhat.com/browse/OCPBUGS-35230

Red Hat Security Advisory 2024-3881-03

A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts.
Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA dropper, VBA downloader, link downloader, and executable downloader -- with some of them using a

Threat Intelligence / Cybercrime

A new Rust-based information stealer malware called **Fickle Stealer** has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts.

Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA dropper, VBA downloader, link downloader, and executable downloader -- with some of them using a PowerShell script to bypass User Account Control (UAC) and execute Fickle Stealer.

The PowerShell script ("bypass.ps1" or "u.ps1") is also designed to periodically send information about the victim, including country, city, IP address, operating system version, computer name, and username to a Telegram bot controlled by the attacker.

The stealer payload, which is protected using a packer, runs a series of anti-analysis checks to determine if it's running in a sandbox or a virtual machine environment, following which it beacons out to a remote server to exfiltrate data in the form of JSON strings.

Fickle Stealer is no different from other variants in that it's designed to gather information from crypto wallets, web browsers powered by Chromium and the Gecko browser engine (i.e, Google Chrome, Microsoft Edge, Brave, Vivaldi, and Mozilla Firefox), and applications like AnyDesk, Discord, FileZilla, Signal, Skype, Steam, and Telegram.

It's also designed to export files matching the extensions .txt, .kdbx, .pdf, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .odp, and wallet.dat.

"In addition to some popular applications, this stealer searches sensitive files in parent directories of common installation directories to ensure comprehensive data gathering," security researcher Pei Han Liao said. "It also receives a target list from the server, which makes Fickle Stealer more flexible."

The disclosure comes as Symantec disclosed details of an open-source Python stealer called AZStealer that comes with the functionality to steal a wide variety of information. Available on GitHub, it has been advertised as the "best undetected Discord stealer."

"All stolen information is zipped and depending on the size of the archive exfiltrated directly through Discord webhooks or first uploaded to Gofile online files storage and after that exfiltrated via Discord," the Broadcom-owned company said.

"AZStealer will also attempt the theft of document files with predefined targeted extensions or those having specific keywords such as password, wallet, backup, etc. in the filename."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#js