Red Hat Security Advisory 2024-4591-03 - Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.16.0 on Red Hat Enterprise Linux 9. Issues addressed include denial of service, memory leak, and resource exhaustion vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4591.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat OpenShift Data Foundation 4.16.0 security, enhancement & bug fix update  
Advisory ID:        RHSA-2024:4591-03  
Product:            Red Hat OpenShift Data Foundation  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4591  
Issue date:         2024-07-17  
Revision:           03  
CVE Names:          CVE-2023-43646  
====================================================================

Summary: 

Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.16.0 on Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API.

Security Fix(es):

* get-func-name: ReDoS in chai module (CVE-2023-43646)

* opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics (CVE-2023-47108)

* golang-fips&#x2F;openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)

* golang: crypto&#x2F;x509: Verify panics on certificates with an unknown public key algorithm (CVE-2024-24783)

* golang: html&#x2F;template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)

* golang-protobuf: encoding&#x2F;protojson, internal&#x2F;encoding&#x2F;json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)

* jose: resource exhaustion (CVE-2024-28176)

* jose-go: improper handling of highly compressed data (CVE-2024-28180)

* submariner-operator: RBAC permissions can allow for the spread of node compromises (CVE-2024-5042)

* nodejs-ws: denial of service when handling a request with many HTTP headers (CVE-2024-37890)

* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):  
These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes:

https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.16/html/4.16_release_notes/index

All Red Hat OpenShift Data Foundation users are advised to upgrade to these packages that provide these bug fixes and enhancements.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-43646

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/cve/CVE-2023-43646  
https://access.redhat.com/security/cve/CVE-2023-47108  
https://access.redhat.com/security/cve/CVE-2024-1394  
https://access.redhat.com/security/cve/CVE-2024-5042  
https://access.redhat.com/security/cve/CVE-2024-24783  
https://access.redhat.com/security/cve/CVE-2024-24785  
https://access.redhat.com/security/cve/CVE-2024-24786  
https://access.redhat.com/security/cve/CVE-2024-28176  
https://access.redhat.com/security/cve/CVE-2024-28863  
https://access.redhat.com/security/cve/CVE-2024-28180  
https://access.redhat.com/security/cve/CVE-2024-37890  
https://bugzilla.redhat.com/show_bug.cgi?id=2069759  
https://bugzilla.redhat.com/show_bug.cgi?id=2078270  
https://bugzilla.redhat.com/show_bug.cgi?id=2128142  
https://bugzilla.redhat.com/show_bug.cgi?id=2132724  
https://bugzilla.redhat.com/show_bug.cgi?id=2136413  
https://bugzilla.redhat.com/show_bug.cgi?id=2139835  
https://bugzilla.redhat.com/show_bug.cgi?id=2210040  
https://bugzilla.redhat.com/show_bug.cgi?id=2214499  
https://bugzilla.redhat.com/show_bug.cgi?id=2214948  
https://bugzilla.redhat.com/show_bug.cgi?id=2215910  
https://bugzilla.redhat.com/show_bug.cgi?id=2216213  
https://bugzilla.redhat.com/show_bug.cgi?id=2216803  
https://bugzilla.redhat.com/show_bug.cgi?id=2222146  
https://bugzilla.redhat.com/show_bug.cgi?id=2231360  
https://bugzilla.redhat.com/show_bug.cgi?id=2238308  
https://bugzilla.redhat.com/show_bug.cgi?id=2239587  
https://bugzilla.redhat.com/show_bug.cgi?id=2240951  
https://bugzilla.redhat.com/show_bug.cgi?id=2241149  
https://bugzilla.redhat.com/show_bug.cgi?id=2242832  
https://bugzilla.redhat.com/show_bug.cgi?id=2243244  
https://bugzilla.redhat.com/show_bug.cgi?id=2244353  
https://bugzilla.redhat.com/show_bug.cgi?id=2246186  
https://bugzilla.redhat.com/show_bug.cgi?id=2246364  
https://bugzilla.redhat.com/show_bug.cgi?id=2246834  
https://bugzilla.redhat.com/show_bug.cgi?id=2251022  
https://bugzilla.redhat.com/show_bug.cgi?id=2251198  
https://bugzilla.redhat.com/show_bug.cgi?id=2251308  
https://bugzilla.redhat.com/show_bug.cgi?id=2252318  
https://bugzilla.redhat.com/show_bug.cgi?id=2253043  
https://bugzilla.redhat.com/show_bug.cgi?id=2253076  
https://bugzilla.redhat.com/show_bug.cgi?id=2255998  
https://bugzilla.redhat.com/show_bug.cgi?id=2256563  
https://bugzilla.redhat.com/show_bug.cgi?id=2256899  
https://bugzilla.redhat.com/show_bug.cgi?id=2257259  
https://bugzilla.redhat.com/show_bug.cgi?id=2257949  
https://bugzilla.redhat.com/show_bug.cgi?id=2258801  
https://bugzilla.redhat.com/show_bug.cgi?id=2258861  
https://bugzilla.redhat.com/show_bug.cgi?id=2258950  
https://bugzilla.redhat.com/show_bug.cgi?id=2259195  
https://bugzilla.redhat.com/show_bug.cgi?id=2259209  
https://bugzilla.redhat.com/show_bug.cgi?id=2259616  
https://bugzilla.redhat.com/show_bug.cgi?id=2259847  
https://bugzilla.redhat.com/show_bug.cgi?id=2260325  
https://bugzilla.redhat.com/show_bug.cgi?id=2260550  
https://bugzilla.redhat.com/show_bug.cgi?id=2260757  
https://bugzilla.redhat.com/show_bug.cgi?id=2261938  
https://bugzilla.redhat.com/show_bug.cgi?id=2262134  
https://bugzilla.redhat.com/show_bug.cgi?id=2262455  
https://bugzilla.redhat.com/show_bug.cgi?id=2262461  
https://bugzilla.redhat.com/show_bug.cgi?id=2262921  
https://bugzilla.redhat.com/show_bug.cgi?id=2262943  
https://bugzilla.redhat.com/show_bug.cgi?id=2262992  
https://bugzilla.redhat.com/show_bug.cgi?id=2262997  
https://bugzilla.redhat.com/show_bug.cgi?id=2263148  
https://bugzilla.redhat.com/show_bug.cgi?id=2263468  
https://bugzilla.redhat.com/show_bug.cgi?id=2263488  
https://bugzilla.redhat.com/show_bug.cgi?id=2263818  
https://bugzilla.redhat.com/show_bug.cgi?id=2264435  
https://bugzilla.redhat.com/show_bug.cgi?id=2264480  
https://bugzilla.redhat.com/show_bug.cgi?id=2264767  
https://bugzilla.redhat.com/show_bug.cgi?id=2264900  
https://bugzilla.redhat.com/show_bug.cgi?id=2265340  
https://bugzilla.redhat.com/show_bug.cgi?id=2265492  
https://bugzilla.redhat.com/show_bug.cgi?id=2265562  
https://bugzilla.redhat.com/show_bug.cgi?id=2266316  
https://bugzilla.redhat.com/show_bug.cgi?id=2266562  
https://bugzilla.redhat.com/show_bug.cgi?id=2266621  
https://bugzilla.redhat.com/show_bug.cgi?id=2266629  
https://bugzilla.redhat.com/show_bug.cgi?id=2266845  
https://bugzilla.redhat.com/show_bug.cgi?id=2266930  
https://bugzilla.redhat.com/show_bug.cgi?id=2267067  
https://bugzilla.redhat.com/show_bug.cgi?id=2267610  
https://bugzilla.redhat.com/show_bug.cgi?id=2267907  
https://bugzilla.redhat.com/show_bug.cgi?id=2267965  
https://bugzilla.redhat.com/show_bug.cgi?id=2268019  
https://bugzilla.redhat.com/show_bug.cgi?id=2268022  
https://bugzilla.redhat.com/show_bug.cgi?id=2268046  
https://bugzilla.redhat.com/show_bug.cgi?id=2268820  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854  
https://bugzilla.redhat.com/show_bug.cgi?id=2268939  
https://bugzilla.redhat.com/show_bug.cgi?id=2269319  
https://bugzilla.redhat.com/show_bug.cgi?id=2269354  
https://bugzilla.redhat.com/show_bug.cgi?id=2270064  
https://bugzilla.redhat.com/show_bug.cgi?id=2270446  
https://bugzilla.redhat.com/show_bug.cgi?id=2271593  
https://bugzilla.redhat.com/show_bug.cgi?id=2271804  
https://bugzilla.redhat.com/show_bug.cgi?id=2271921  
https://bugzilla.redhat.com/show_bug.cgi?id=2272386  
https://bugzilla.redhat.com/show_bug.cgi?id=2272469  
https://bugzilla.redhat.com/show_bug.cgi?id=2272528  
https://bugzilla.redhat.com/show_bug.cgi?id=2272644  
https://bugzilla.redhat.com/show_bug.cgi?id=2272664  
https://bugzilla.redhat.com/show_bug.cgi?id=2272666  
https://bugzilla.redhat.com/show_bug.cgi?id=2272928  
https://bugzilla.redhat.com/show_bug.cgi?id=2272932  
https://bugzilla.redhat.com/show_bug.cgi?id=2272938  
https://bugzilla.redhat.com/show_bug.cgi?id=2273305  
https://bugzilla.redhat.com/show_bug.cgi?id=2273336  
https://bugzilla.redhat.com/show_bug.cgi?id=2273386  
https://bugzilla.redhat.com/show_bug.cgi?id=2273387  
https://bugzilla.redhat.com/show_bug.cgi?id=2273398  
https://bugzilla.redhat.com/show_bug.cgi?id=2273533  
https://bugzilla.redhat.com/show_bug.cgi?id=2273553  
https://bugzilla.redhat.com/show_bug.cgi?id=2273560  
https://bugzilla.redhat.com/show_bug.cgi?id=2273605  
https://bugzilla.redhat.com/show_bug.cgi?id=2273702  
https://bugzilla.redhat.com/show_bug.cgi?id=2273705  
https://bugzilla.redhat.com/show_bug.cgi?id=2274107  
https://bugzilla.redhat.com/show_bug.cgi?id=2274175  
https://bugzilla.redhat.com/show_bug.cgi?id=2274193  
https://bugzilla.redhat.com/show_bug.cgi?id=2274324  
https://bugzilla.redhat.com/show_bug.cgi?id=2274373  
https://bugzilla.redhat.com/show_bug.cgi?id=2274381  
https://bugzilla.redhat.com/show_bug.cgi?id=2274392  
https://bugzilla.redhat.com/show_bug.cgi?id=2274476  
https://bugzilla.redhat.com/show_bug.cgi?id=2274548  
https://bugzilla.redhat.com/show_bug.cgi?id=2274728  
https://bugzilla.redhat.com/show_bug.cgi?id=2274734  
https://bugzilla.redhat.com/show_bug.cgi?id=2274750  
https://bugzilla.redhat.com/show_bug.cgi?id=2274757  
https://bugzilla.redhat.com/show_bug.cgi?id=2274765  
https://bugzilla.redhat.com/show_bug.cgi?id=2275049  
https://bugzilla.redhat.com/show_bug.cgi?id=2275181  
https://bugzilla.redhat.com/show_bug.cgi?id=2275222  
https://bugzilla.redhat.com/show_bug.cgi?id=2275254  
https://bugzilla.redhat.com/show_bug.cgi?id=2275413  
https://bugzilla.redhat.com/show_bug.cgi?id=2275456  
https://bugzilla.redhat.com/show_bug.cgi?id=2275484  
https://bugzilla.redhat.com/show_bug.cgi?id=2275886  
https://bugzilla.redhat.com/show_bug.cgi?id=2275935  
https://bugzilla.redhat.com/show_bug.cgi?id=2276028  
https://bugzilla.redhat.com/show_bug.cgi?id=2276055  
https://bugzilla.redhat.com/show_bug.cgi?id=2276056  
https://bugzilla.redhat.com/show_bug.cgi?id=2276135  
https://bugzilla.redhat.com/show_bug.cgi?id=2276222  
https://bugzilla.redhat.com/show_bug.cgi?id=2276344  
https://bugzilla.redhat.com/show_bug.cgi?id=2276353  
https://bugzilla.redhat.com/show_bug.cgi?id=2276366  
https://bugzilla.redhat.com/show_bug.cgi?id=2276413  
https://bugzilla.redhat.com/show_bug.cgi?id=2276438  
https://bugzilla.redhat.com/show_bug.cgi?id=2276591  
https://bugzilla.redhat.com/show_bug.cgi?id=2276593  
https://bugzilla.redhat.com/show_bug.cgi?id=2276694  
https://bugzilla.redhat.com/show_bug.cgi?id=2276913  
https://bugzilla.redhat.com/show_bug.cgi?id=2276941  
https://bugzilla.redhat.com/show_bug.cgi?id=2277184  
https://bugzilla.redhat.com/show_bug.cgi?id=2277186  
https://bugzilla.redhat.com/show_bug.cgi?id=2277711  
https://bugzilla.redhat.com/show_bug.cgi?id=2277766  
https://bugzilla.redhat.com/show_bug.cgi?id=2277770  
https://bugzilla.redhat.com/show_bug.cgi?id=2277773  
https://bugzilla.redhat.com/show_bug.cgi?id=2277785  
https://bugzilla.redhat.com/show_bug.cgi?id=2278120  
https://bugzilla.redhat.com/show_bug.cgi?id=2278389  
https://bugzilla.redhat.com/show_bug.cgi?id=2278593  
https://bugzilla.redhat.com/show_bug.cgi?id=2278603  
https://bugzilla.redhat.com/show_bug.cgi?id=2278606  
https://bugzilla.redhat.com/show_bug.cgi?id=2278676  
https://bugzilla.redhat.com/show_bug.cgi?id=2278681  
https://bugzilla.redhat.com/show_bug.cgi?id=2278684  
https://bugzilla.redhat.com/show_bug.cgi?id=2278799  
https://bugzilla.redhat.com/show_bug.cgi?id=2278815  
https://bugzilla.redhat.com/show_bug.cgi?id=2279742  
https://bugzilla.redhat.com/show_bug.cgi?id=2279860  
https://bugzilla.redhat.com/show_bug.cgi?id=2279928  
https://bugzilla.redhat.com/show_bug.cgi?id=2280342  
https://bugzilla.redhat.com/show_bug.cgi?id=2280378  
https://bugzilla.redhat.com/show_bug.cgi?id=2280657  
https://bugzilla.redhat.com/show_bug.cgi?id=2280813  
https://bugzilla.redhat.com/show_bug.cgi?id=2280818  
https://bugzilla.redhat.com/show_bug.cgi?id=2280820  
https://bugzilla.redhat.com/show_bug.cgi?id=2280834  
https://bugzilla.redhat.com/show_bug.cgi?id=2280921  
https://bugzilla.redhat.com/show_bug.cgi?id=2280946  
https://bugzilla.redhat.com/show_bug.cgi?id=2280953  
https://bugzilla.redhat.com/show_bug.cgi?id=2281580  
https://bugzilla.redhat.com/show_bug.cgi?id=2281722  
https://bugzilla.redhat.com/show_bug.cgi?id=2281729  
https://bugzilla.redhat.com/show_bug.cgi?id=2282243  
https://bugzilla.redhat.com/show_bug.cgi?id=2282254  
https://bugzilla.redhat.com/show_bug.cgi?id=2282284  
https://bugzilla.redhat.com/show_bug.cgi?id=2282314  
https://bugzilla.redhat.com/show_bug.cgi?id=2282543  
https://bugzilla.redhat.com/show_bug.cgi?id=2282834  
https://bugzilla.redhat.com/show_bug.cgi?id=2283024  
https://bugzilla.redhat.com/show_bug.cgi?id=2283489  
https://bugzilla.redhat.com/show_bug.cgi?id=2283621  
https://bugzilla.redhat.com/show_bug.cgi?id=2283629  
https://bugzilla.redhat.com/show_bug.cgi?id=2283651  
https://bugzilla.redhat.com/show_bug.cgi?id=2283797  
https://bugzilla.redhat.com/show_bug.cgi?id=2283820  
https://bugzilla.redhat.com/show_bug.cgi?id=2283965  
https://bugzilla.redhat.com/show_bug.cgi?id=2283981  
https://bugzilla.redhat.com/show_bug.cgi?id=2284090  
https://bugzilla.redhat.com/show_bug.cgi?id=2284430  
https://bugzilla.redhat.com/show_bug.cgi?id=2284652  
https://bugzilla.redhat.com/show_bug.cgi?id=2290677  
https://bugzilla.redhat.com/show_bug.cgi?id=2290847  
https://bugzilla.redhat.com/show_bug.cgi?id=2291132  
https://bugzilla.redhat.com/show_bug.cgi?id=2291182  
https://bugzilla.redhat.com/show_bug.cgi?id=2291255  
https://bugzilla.redhat.com/show_bug.cgi?id=2291301  
https://bugzilla.redhat.com/show_bug.cgi?id=2291305  
https://bugzilla.redhat.com/show_bug.cgi?id=2291336  
https://bugzilla.redhat.com/show_bug.cgi?id=2292114  
https://bugzilla.redhat.com/show_bug.cgi?id=2292241  
https://bugzilla.redhat.com/show_bug.cgi?id=2292777  
https://bugzilla.redhat.com/show_bug.cgi?id=2293200  
https://bugzilla.redhat.com/show_bug.cgi?id=2293621  
https://bugzilla.redhat.com/show_bug.cgi?id=2293634  
https://bugzilla.redhat.com/show_bug.cgi?id=2293881  
https://bugzilla.redhat.com/show_bug.cgi?id=2294383  
https://bugzilla.redhat.com/show_bug.cgi?id=2296991

Red Hat Security Advisory 2024-4591-03

Ubuntu Security Notice 6896-3 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6896-3July 17, 2024linux-oracle, linux-xilinx-zynqmp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-oracle: Linux kernel for Oracle Cloud systems- linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processorsDetails:It was discovered that the ATA over Ethernet (AoE) driver in the Linuxkernel contained a race condition, leading to a use-after-freevulnerability. An attacker could use this to cause a denial of service orpossibly execute arbitrary code. (CVE-2023-6270)It was discovered that the Atheros 802.11ac wireless driver did notproperly validate certain data structures, leading to a NULL pointerdereference. An attacker could possibly use this to cause a denial ofservice. (CVE-2023-7042)Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the LinuxKernel contained a race condition, leading to a NULL pointer dereference.An attacker could possibly use this to cause a denial of service (systemcrash). (CVE-2024-22099)Gui-Dong Han discovered that the software RAID driver in the Linux kernelcontained a race condition, leading to an integer overflow vulnerability. Aprivileged attacker could possibly use this to cause a denial of service(system crash). (CVE-2024-23307)It was discovered that a race condition existed in the Bluetooth subsystemin the Linux kernel when modifying certain settings values through debugfs.A privileged local attacker could use this to cause a denial of service.(CVE-2024-24857, CVE-2024-24858, CVE-2024-24859)Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver inthe Linux kernel contained a race condition, leading to an integer overflowvulnerability. An attacker could possibly use this to cause a denial ofservice (system crash). (CVE-2024-24861)Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash devicevolume management subsystem did not properly validate logical eraseblocksizes in certain situations. An attacker could possibly use this to cause adenial of service (system crash). (CVE-2024-25739)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - x86 architecture;  - Block layer subsystem;  - Accessibility subsystem;  - ACPI drivers;  - Android drivers;  - Bluetooth drivers;  - Clock framework and drivers;  - Data acquisition framework and drivers;  - Cryptographic API;  - GPU drivers;  - HID subsystem;  - I2C subsystem;  - IRQ chip drivers;  - Multiple devices driver;  - Media drivers;  - VMware VMCI Driver;  - MMC subsystem;  - Network drivers;  - PCI subsystem;  - SCSI drivers;  - Freescale SoC drivers;  - SPI subsystem;  - Media staging drivers;  - TTY drivers;  - USB subsystem;  - VFIO drivers;  - Framebuffer layer;  - Xen hypervisor drivers;  - File systems infrastructure;  - BTRFS file system;  - Ext4 file system;  - FAT file system;  - NILFS2 file system;  - Diskquota system;  - SMB network file system;  - UBI file system;  - io_uring subsystem;  - BPF subsystem;  - Core kernel;  - Memory management;  - B.A.T.M.A.N. meshing protocol;  - Bluetooth subsystem;  - Networking core;  - HSR network protocol;  - IPv4 networking;  - IPv6 networking;  - MAC80211 subsystem;  - Netfilter;  - NET/ROM layer;  - NFC subsystem;  - Open vSwitch;  - Packet sockets;  - RDS protocol;  - Network traffic control;  - Sun RPC protocol;  - Unix domain sockets;  - ALSA SH drivers;  - USB sound devices;  - KVM core;(CVE-2023-52620, CVE-2023-52650, CVE-2024-26999, CVE-2024-26857,CVE-2024-35984, CVE-2024-27043, CVE-2024-26810, CVE-2023-52880,CVE-2024-35915, CVE-2024-26955, CVE-2024-27396, CVE-2024-35922,CVE-2024-27395, CVE-2024-35899, CVE-2024-35809, CVE-2024-27000,CVE-2024-27004, CVE-2024-35830, CVE-2024-26931, CVE-2024-26993,CVE-2024-27013, CVE-2024-26812, CVE-2024-35893, CVE-2024-27073,CVE-2024-26687, CVE-2024-26969, CVE-2024-26901, CVE-2024-26875,CVE-2024-26976, CVE-2024-26889, CVE-2024-26586, CVE-2024-36020,CVE-2024-26859, CVE-2024-35944, CVE-2024-35888, CVE-2024-26965,CVE-2024-36007, CVE-2024-35847, CVE-2024-27436, CVE-2024-35982,CVE-2023-52699, CVE-2024-26903, CVE-2024-26966, CVE-2024-35910,CVE-2024-26973, CVE-2024-35895, CVE-2024-27008, CVE-2024-26934,CVE-2024-26923, CVE-2024-26956, CVE-2024-27001, CVE-2024-26651,CVE-2024-26894, CVE-2024-27028, CVE-2024-27053, CVE-2024-27059,CVE-2023-52656, CVE-2024-26878, CVE-2024-35806, CVE-2024-27038,CVE-2024-27076, CVE-2024-26994, CVE-2024-27077, CVE-2024-27437,CVE-2024-26813, CVE-2024-26828, CVE-2024-35807, CVE-2024-35969,CVE-2024-35805, CVE-2024-26862, CVE-2022-48627, CVE-2024-26926,CVE-2024-35933, CVE-2024-35898, CVE-2024-27024, CVE-2024-35789,CVE-2024-35819, CVE-2024-35930, CVE-2024-26654, CVE-2024-26922,CVE-2024-26984, CVE-2024-26880, CVE-2024-27388, CVE-2024-27046,CVE-2024-26820, CVE-2024-36006, CVE-2024-26883, CVE-2024-27078,CVE-2024-35813, CVE-2024-35935, CVE-2024-35855, CVE-2024-35973,CVE-2024-27044, CVE-2024-35886, CVE-2024-26642, CVE-2024-35997,CVE-2024-35822, CVE-2024-27074, CVE-2024-35853, CVE-2024-35936,CVE-2024-35821, CVE-2024-26981, CVE-2024-35852, CVE-2024-26852,CVE-2024-26863, CVE-2024-27065, CVE-2024-35828, CVE-2024-26974,CVE-2024-35823, CVE-2024-35900, CVE-2024-36004, CVE-2024-35960,CVE-2024-35978, CVE-2024-26855, CVE-2024-26816, CVE-2024-35897,CVE-2024-35815, CVE-2024-26884, CVE-2023-52644, CVE-2024-27419,CVE-2024-26882, CVE-2024-35955, CVE-2024-35877, CVE-2024-26957,CVE-2024-35849, CVE-2024-26817, CVE-2024-35925, CVE-2024-26935,CVE-2024-27020, CVE-2024-35950, CVE-2024-26937, CVE-2024-26898,CVE-2024-35854, CVE-2024-26851, CVE-2024-27030, CVE-2024-26874,CVE-2024-35825, CVE-2024-27075)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1047-xilinx-zynqmp  5.4.0-1047.51  linux-image-5.4.0-1127-oracle   5.4.0-1127.136  linux-image-oracle-lts-20.04    5.4.0.1127.120  linux-image-xilinx-zynqmp       5.4.0.1047.47After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-6896-3  https://ubuntu.com/security/notices/USN-6896-1  CVE-2022-48627, CVE-2023-52620, CVE-2023-52644, CVE-2023-52650,  CVE-2023-52656, CVE-2023-52699, CVE-2023-52880, CVE-2023-6270,  CVE-2023-7042, CVE-2024-22099, CVE-2024-23307, CVE-2024-24857,  CVE-2024-24858, CVE-2024-24859, CVE-2024-24861, CVE-2024-25739,  CVE-2024-26586, CVE-2024-26642, CVE-2024-26651, CVE-2024-26654,  CVE-2024-26687, CVE-2024-26810, CVE-2024-26812, CVE-2024-26813,  CVE-2024-26816, CVE-2024-26817, CVE-2024-26820, CVE-2024-26828,  CVE-2024-26851, CVE-2024-26852, CVE-2024-26855, CVE-2024-26857,  CVE-2024-26859, CVE-2024-26862, CVE-2024-26863, CVE-2024-26874,  CVE-2024-26875, CVE-2024-26878, CVE-2024-26880, CVE-2024-26882,  CVE-2024-26883, CVE-2024-26884, CVE-2024-26889, CVE-2024-26894,  CVE-2024-26898, CVE-2024-26901, CVE-2024-26903, CVE-2024-26922,  CVE-2024-26923, CVE-2024-26926, CVE-2024-26931, CVE-2024-26934,  CVE-2024-26935, CVE-2024-26937, CVE-2024-26955, CVE-2024-26956,  CVE-2024-26957, CVE-2024-26965, CVE-2024-26966, CVE-2024-26969,  CVE-2024-26973, CVE-2024-26974, CVE-2024-26976, CVE-2024-26981,  CVE-2024-26984, CVE-2024-26993, CVE-2024-26994, CVE-2024-26999,  CVE-2024-27000, CVE-2024-27001, CVE-2024-27004, CVE-2024-27008,  CVE-2024-27013, CVE-2024-27020, CVE-2024-27024, CVE-2024-27028,  CVE-2024-27030, CVE-2024-27038, CVE-2024-27043, CVE-2024-27044,  CVE-2024-27046, CVE-2024-27053, CVE-2024-27059, CVE-2024-27065,  CVE-2024-27073, CVE-2024-27074, CVE-2024-27075, CVE-2024-27076,  CVE-2024-27077, CVE-2024-27078, CVE-2024-27388, CVE-2024-27395,  CVE-2024-27396, CVE-2024-27419, CVE-2024-27436, CVE-2024-27437,  CVE-2024-35789, CVE-2024-35805, CVE-2024-35806, CVE-2024-35807,  CVE-2024-35809, CVE-2024-35813, CVE-2024-35815, CVE-2024-35819,  CVE-2024-35821, CVE-2024-35822, CVE-2024-35823, CVE-2024-35825,  CVE-2024-35828, CVE-2024-35830, CVE-2024-35847, CVE-2024-35849,  CVE-2024-35852, CVE-2024-35853, CVE-2024-35854, CVE-2024-35855,  CVE-2024-35877, CVE-2024-35886, CVE-2024-35888, CVE-2024-35893,  CVE-2024-35895, CVE-2024-35897, CVE-2024-35898, CVE-2024-35899,  CVE-2024-35900, CVE-2024-35910, CVE-2024-35915, CVE-2024-35922,  CVE-2024-35925, CVE-2024-35930, CVE-2024-35933, CVE-2024-35935,  CVE-2024-35936, CVE-2024-35944, CVE-2024-35950, CVE-2024-35955,  CVE-2024-35960, CVE-2024-35969, CVE-2024-35973, CVE-2024-35978,  CVE-2024-35982, CVE-2024-35984, CVE-2024-35997, CVE-2024-36004,  CVE-2024-36006, CVE-2024-36007, CVE-2024-36020Package Information:  https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1127.136  https://launchpad.net/ubuntu/+source/linux-xilinx-zynqmp/5.4.0-1047.51

Ubuntu Security Notice USN-6896-3

Red Hat Security Advisory 2024-4590-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4590.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox security updateAdvisory ID:        RHSA-2024:4590-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4590Issue date:         2024-07-17Revision:           03CVE Names:          CVE-2024-6601====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.Security Fix(es):* Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (CVE-2024-6604)* Mozilla: Race condition in permission assignment (CVE-2024-6601)* Mozilla: Memory corruption in thread creation (CVE-2024-6603)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6601References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2296636https://bugzilla.redhat.com/show_bug.cgi?id=2296638https://bugzilla.redhat.com/show_bug.cgi?id=2296639

Red Hat Security Advisory 2024-4590-03

Red Hat Security Advisory 2024-4586-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4586.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: firefox security updateAdvisory ID:        RHSA-2024:4586-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4586Issue date:         2024-07-17Revision:           03CVE Names:          CVE-2024-6601====================================================================Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.Security Fix(es):* Mozilla: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13 (CVE-2024-6604)* Mozilla: Race condition in permission assignment (CVE-2024-6601)* Mozilla: Memory corruption in thread creation (CVE-2024-6603)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6601References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2296636https://bugzilla.redhat.com/show_bug.cgi?id=2296638https://bugzilla.redhat.com/show_bug.cgi?id=2296639

Red Hat Security Advisory 2024-4586-03

Red Hat Security Advisory 2024-4583-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4583.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security update  
Advisory ID:        RHSA-2024:4583-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:4583  
Issue date:         2024-07-17  
Revision:           03  
CVE Names:          CVE-2021-47548  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)

* kernel: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (CVE-2021-47548)

* kernel: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (CVE-2021-47596)

* kernel: vt: fix memory overlapping when deleting chars in the buffer (CVE-2022-48627)

* kernel: can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (CVE-2023-52638)

* kernel: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (CVE-2024-26783)

* kernel: net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (CVE-2024-26858)

* kernel: netfilter: nf_tables: use timestamp to check for set element timeout (CVE-2024-27397)

* kernel: nvme: fix reconnection fail due to reserved tag allocation (CVE-2024-27435)

* kernel: net: ena: Fix incorrect descriptor free behavior (CVE-2024-35958)

* kernel: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (CVE-2024-36904)

* kernel: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (CVE-2024-38543)

* kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)

* kernel: net: micrel: Fix receiving the timestamp in the frame for lan8841 (CVE-2024-38593)

* kernel: netfilter: tproxy: bail out if IP has been disabled on the device (CVE-2024-36270)

* kernel: octeontx2-af: avoid off-by-one read from userspace (CVE-2024-36957)

* kernel: blk-cgroup: fix list corruption from resetting io stat (CVE-2024-38663)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47548

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2267509  
https://bugzilla.redhat.com/show_bug.cgi?id=2273082  
https://bugzilla.redhat.com/show_bug.cgi?id=2273466  
https://bugzilla.redhat.com/show_bug.cgi?id=2275735  
https://bugzilla.redhat.com/show_bug.cgi?id=2277238  
https://bugzilla.redhat.com/show_bug.cgi?id=2280434  
https://bugzilla.redhat.com/show_bug.cgi?id=2281131  
https://bugzilla.redhat.com/show_bug.cgi?id=2281925  
https://bugzilla.redhat.com/show_bug.cgi?id=2283401  
https://bugzilla.redhat.com/show_bug.cgi?id=2284541  
https://bugzilla.redhat.com/show_bug.cgi?id=2284581  
https://bugzilla.redhat.com/show_bug.cgi?id=2293230  
https://bugzilla.redhat.com/show_bug.cgi?id=2293380  
https://bugzilla.redhat.com/show_bug.cgi?id=2293402  
https://bugzilla.redhat.com/show_bug.cgi?id=2293456  
https://bugzilla.redhat.com/show_bug.cgi?id=2293653  
https://bugzilla.redhat.com/show_bug.cgi?id=2294225

Red Hat Security Advisory 2024-4583-03

Red Hat Security Advisory 2024-4581-03 - An update for podman is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a memory leak vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4581.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: podman security updateAdvisory ID:        RHSA-2024:4581-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4581Issue date:         2024-07-16Revision:           03CVE Names:          CVE-2024-1394====================================================================Summary: An update for podman is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.Security Fix(es):* golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1394References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2262921

Red Hat Security Advisory 2024-4581-03

Red Hat Security Advisory 2024-4580-03 - An update for cups is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4580.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: cups security updateAdvisory ID:        RHSA-2024:4580-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4580Issue date:         2024-07-16Revision:           03CVE Names:          CVE-2024-35235====================================================================Summary: An update for cups is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems.Security Fix(es):* cups: Cupsd Listen arbitrary chmod 0140777 (CVE-2024-35235)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-35235References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2290318

Red Hat Security Advisory 2024-4580-03

Red Hat Security Advisory 2024-4579-03 - An update for git is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4579.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: git security updateAdvisory ID:        RHSA-2024:4579-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4579Issue date:         2024-07-16Revision:           03CVE Names:          CVE-2024-32002====================================================================Summary: An update for git is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.Security Fix(es):* git: Recursive clones RCE (CVE-2024-32002)* git: RCE while cloning local repos (CVE-2024-32004)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-32002References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2280421https://bugzilla.redhat.com/show_bug.cgi?id=2280428

Red Hat Security Advisory 2024-4579-03

Red Hat Security Advisory 2024-4577-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4577.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel security updateAdvisory ID:        RHSA-2024:4577-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4577Issue date:         2024-07-16Revision:           03CVE Names:          CVE-2023-6546====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6546References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2255498

Red Hat Security Advisory 2024-4577-03

Red Hat Security Advisory 2024-4576-03 - An update for nghttp2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_4576.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: nghttp2 security updateAdvisory ID:        RHSA-2024:4576-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:4576Issue date:         2024-07-16Revision:           03CVE Names:          CVE-2024-28182====================================================================Summary: An update for nghttp2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C.Security Fix(es):* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-28182References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2268639

Tag

#linux