Ubuntu Security Notice 6795-1 - Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service. It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6795-1May 28, 2024linux-intel-iotg vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-intel-iotg: Linux kernel for Intel IoT platformsDetails:Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linuxkernel contained a race condition during device removal, leading to a use-after-free vulnerability. A physically proximate attacker could possiblyuse this to cause a denial of service (system crash). (CVE-2023-47233)It was discovered that the Open vSwitch implementation in the Linux kernelcould overflow its stack during recursive action operations under certainconditions. A local attacker could use this to cause a denial of service(system crash). (CVE-2024-1151)Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffridadiscovered that the Linux kernel mitigations for the initial Branch HistoryInjection vulnerability (CVE-2022-0001) were insufficient for Intelprocessors. A local attacker could potentially use this to expose sensitiveinformation. (CVE-2024-2201)Chenyuan Yang discovered that the RDS Protocol implementation in the Linuxkernel contained an out-of-bounds read vulnerability. An attacker could usethis to possibly cause a denial of service (system crash). (CVE-2024-23849)Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:   - PowerPC architecture;   - S390 architecture;   - Core kernel;   - Block layer subsystem;   - Android drivers;   - Power management core;   - Bus devices;   - Hardware random number generator core;   - Cryptographic API;   - Device frequency;   - DMA engine subsystem;   - ARM SCMI message protocol;   - GPU drivers;   - HID subsystem;   - Hardware monitoring drivers;   - I2C subsystem;   - IIO ADC drivers;   - IIO subsystem;   - IIO Magnetometer sensors drivers;   - InfiniBand drivers;   - Media drivers;   - Network drivers;   - PCI driver for MicroSemi Switchtec;   - PHY drivers;   - SCSI drivers;   - DesignWare USB3 driver;   - BTRFS file system;   - Ceph distributed file system;   - Ext4 file system;   - F2FS file system;   - JFS file system;   - NILFS2 file system;   - NTFS3 file system;   - Pstore file system;   - SMB network file system;   - Memory management;   - CAN network layer;   - Networking core;   - HSR network protocol;   - IPv4 networking;   - IPv6 networking;   - Logical Link layer;   - MAC80211 subsystem;   - Multipath TCP;   - Netfilter;   - NFC subsystem;   - SMC sockets;   - Sun RPC protocol;   - TIPC protocol;   - Unix domain sockets;   - Tomoyo security module;   - Realtek audio codecs;(CVE-2023-52616, CVE-2024-26679, CVE-2024-26608, CVE-2023-52594,CVE-2024-26622, CVE-2023-52643, CVE-2024-26594, CVE-2023-52598,CVE-2023-52627, CVE-2023-52491, CVE-2024-26592, CVE-2024-26717,CVE-2023-52638, CVE-2024-26704, CVE-2023-52637, CVE-2024-26645,CVE-2023-52602, CVE-2024-26722, CVE-2024-26671, CVE-2023-52599,CVE-2024-26720, CVE-2023-52631, CVE-2023-52486, CVE-2024-26640,CVE-2023-52606, CVE-2023-52633, CVE-2024-26593, CVE-2024-26664,CVE-2023-52618, CVE-2024-26625, CVE-2023-52604, CVE-2024-26695,CVE-2024-26644, CVE-2024-26826, CVE-2024-26600, CVE-2024-26808,CVE-2023-52619, CVE-2023-52597, CVE-2024-26602, CVE-2024-26635,CVE-2023-52623, CVE-2024-26665, CVE-2024-26916, CVE-2024-26689,CVE-2023-52635, CVE-2024-26712, CVE-2023-52614, CVE-2024-26606,CVE-2024-26610, CVE-2024-26675, CVE-2023-52617, CVE-2024-26697,CVE-2023-52595, CVE-2023-52494, CVE-2024-26641, CVE-2024-26698,CVE-2024-26707, CVE-2024-26673, CVE-2023-52493, CVE-2024-26676,CVE-2024-26910, CVE-2023-52601, CVE-2024-26660, CVE-2023-52608,CVE-2024-26615, CVE-2023-52587, CVE-2024-26825, CVE-2023-52498,CVE-2023-52492, CVE-2024-26668, CVE-2024-26715, CVE-2024-26685,CVE-2024-26702, CVE-2024-26663, CVE-2024-26636, CVE-2024-26627,CVE-2024-26696, CVE-2023-52583, CVE-2023-52642, CVE-2023-52489,CVE-2024-26614, CVE-2024-26829, CVE-2024-26684, CVE-2023-52615,CVE-2023-52435, CVE-2023-52530, CVE-2023-52607, CVE-2024-26920,CVE-2023-52622, CVE-2023-52588)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS   linux-image-5.15.0-1057-intel-iotg  5.15.0-1057.63   linux-image-intel-iotg          5.15.0.1057.57After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6795-1   CVE-2023-47233, CVE-2023-52435, CVE-2023-52486, CVE-2023-52489,   CVE-2023-52491, CVE-2023-52492, CVE-2023-52493, CVE-2023-52494,   CVE-2023-52498, CVE-2023-52530, CVE-2023-52583, CVE-2023-52587,   CVE-2023-52588, CVE-2023-52594, CVE-2023-52595, CVE-2023-52597,   CVE-2023-52598, CVE-2023-52599, CVE-2023-52601, CVE-2023-52602,   CVE-2023-52604, CVE-2023-52606, CVE-2023-52607, CVE-2023-52608,   CVE-2023-52614, CVE-2023-52615, CVE-2023-52616, CVE-2023-52617,   CVE-2023-52618, CVE-2023-52619, CVE-2023-52622, CVE-2023-52623,   CVE-2023-52627, CVE-2023-52631, CVE-2023-52633, CVE-2023-52635,   CVE-2023-52637, CVE-2023-52638, CVE-2023-52642, CVE-2023-52643,   CVE-2024-1151, CVE-2024-2201, CVE-2024-23849, CVE-2024-26592,   CVE-2024-26593, CVE-2024-26594, CVE-2024-26600, CVE-2024-26602,   CVE-2024-26606, CVE-2024-26608, CVE-2024-26610, CVE-2024-26614,   CVE-2024-26615, CVE-2024-26622, CVE-2024-26625, CVE-2024-26627,   CVE-2024-26635, CVE-2024-26636, CVE-2024-26640, CVE-2024-26641,   CVE-2024-26644, CVE-2024-26645, CVE-2024-26660, CVE-2024-26663,   CVE-2024-26664, CVE-2024-26665, CVE-2024-26668, CVE-2024-26671,   CVE-2024-26673, CVE-2024-26675, CVE-2024-26676, CVE-2024-26679,   CVE-2024-26684, CVE-2024-26685, CVE-2024-26689, CVE-2024-26695,   CVE-2024-26696, CVE-2024-26697, CVE-2024-26698, CVE-2024-26702,   CVE-2024-26704, CVE-2024-26707, CVE-2024-26712, CVE-2024-26715,   CVE-2024-26717, CVE-2024-26720, CVE-2024-26722, CVE-2024-26808,   CVE-2024-26825, CVE-2024-26826, CVE-2024-26829, CVE-2024-26910,   CVE-2024-26916, CVE-2024-26920Package Information:   https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1057.63

Ubuntu Security Notice USN-6795-1

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

jSQL Injection 0.96

Red Hat Security Advisory 2024-3464-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3464.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: glibc security updateAdvisory ID:        RHSA-2024:3464-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3464Issue date:         2024-05-29Revision:           03CVE Names:          CVE-2024-2961====================================================================Summary: An update for glibc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.Security Fix(es):* glibc: Out of bounds write in iconv may lead to remote code execution (CVE-2024-2961)* glibc: stack-based buffer overflow in netgroup cache (CVE-2024-33599)* glibc: null pointer dereferences after failed netgroup cache insertion (CVE-2024-33600)* glibc: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601)* glibc: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602)For more details about the security issue(s), including the impact,            a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)            listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-2961References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2273404https://bugzilla.redhat.com/show_bug.cgi?id=2277202https://bugzilla.redhat.com/show_bug.cgi?id=2277204https://bugzilla.redhat.com/show_bug.cgi?id=2277205https://bugzilla.redhat.com/show_bug.cgi?id=2277206

Red Hat Security Advisory 2024-3464-03

Red Hat Security Advisory 2024-3462-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3462.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security and bug fix update  
Advisory ID:        RHSA-2024:3462-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3462  
Issue date:         2024-05-29  
Revision:           03  
CVE Names:          CVE-2021-47013  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* RHEL: Add Spectre-BHB mitigation for AmpereOne (CVE-2023-3006)

* kernel: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (CVE-2021-47013)

* kernel: net: bridge: data races indata-races in br_handle_frame_finish() (CVE-2023-52578)

Bug Fix(es):

* XFS: thaw operation hungs if caches are dropped while FS is frozen  (JIRA:RHEL-34522)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-47013

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2141026  
https://bugzilla.redhat.com/show_bug.cgi?id=2266841  
https://bugzilla.redhat.com/show_bug.cgi?id=2267758

Red Hat Security Advisory 2024-3462-03

Red Hat Security Advisory 2024-3461-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3461.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security and bug fix update  
Advisory ID:        RHSA-2024:3461-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3461  
Issue date:         2024-05-29  
Revision:           03  
CVE Names:          CVE-2024-26642  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643)

* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)

* kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (CVE-2024-26673)

* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

* kernel: cifs: fix underflow in parse_server_interfaces() (CVE-2024-26828)

* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

Bug Fix(es):

* lan78xx changes for 9.2.z, to fix link speed change exception and other bug fixes (JIRA:RHEL-34926)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-26642

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2270879  
https://bugzilla.redhat.com/show_bug.cgi?id=2270881  
https://bugzilla.redhat.com/show_bug.cgi?id=2272816  
https://bugzilla.redhat.com/show_bug.cgi?id=2273278  
https://bugzilla.redhat.com/show_bug.cgi?id=2273423  
https://bugzilla.redhat.com/show_bug.cgi?id=2275600  
https://bugzilla.redhat.com/show_bug.cgi?id=2278314

Red Hat Security Advisory 2024-3461-03

Red Hat Security Advisory 2024-3460-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3460.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security and bug fix update  
Advisory ID:        RHSA-2024:3460-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:3460  
Issue date:         2024-05-29  
Revision:           03  
CVE Names:          CVE-2024-26642  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (CVE-2024-26643)

* kernel: netfilter: nf_tables: disallow anonymous set with timeout flag (CVE-2024-26642)

* kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (CVE-2024-26673)

* kernel: ipv6: sr: fix possible use-after-free and null-ptr-deref (CVE-2024-26735)

* kernel: net: ip_tunnel: prevent perpetual headroom growth (CVE-2024-26804)

* kernel: cifs: fix underflow in parse_server_interfaces() (CVE-2024-26828)

* kernel: fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993)

Bug Fix:

* kernel-rt: update RT source tree to the latest RHEL-9.2 ad hoc schedule build (JIRA:RHEL-36221)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-26642

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2270879  
https://bugzilla.redhat.com/show_bug.cgi?id=2270881  
https://bugzilla.redhat.com/show_bug.cgi?id=2272816  
https://bugzilla.redhat.com/show_bug.cgi?id=2273278  
https://bugzilla.redhat.com/show_bug.cgi?id=2273423  
https://bugzilla.redhat.com/show_bug.cgi?id=2275600  
https://bugzilla.redhat.com/show_bug.cgi?id=2278314

Red Hat Security Advisory 2024-3460-03

Red Hat Security Advisory 2024-3433-03 - An update for protobuf is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3433.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: protobuf security updateAdvisory ID:        RHSA-2024:3433-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3433Issue date:         2024-05-28Revision:           03CVE Names:          CVE-2021-22570====================================================================Summary: An update for protobuf is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The protobuf packages provide Protocol Buffers, Google's data interchange format. Protocol Buffers can encode structured data in an efficient yet extensible format, and provide a flexible, efficient, and automated mechanism for serializing structured data.Security Fix(es):* protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference (CVE-2021-22570)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2021-22570References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2049429

Red Hat Security Advisory 2024-3433-03

Red Hat Security Advisory 2024-3431-03 - An update for pcs is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3431.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: pcs security updateAdvisory ID:        RHSA-2024:3431-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3431Issue date:         2024-05-28Revision:           03CVE Names:          CVE-2024-25126====================================================================Summary: An update for pcs is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.Security Fix(es):* rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126)* rubygem-rack: Possible DoS Vulnerability with Range Header in Rack (CVE-2024-26141)* rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing (CVE-2024-26146)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-25126References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2265593https://bugzilla.redhat.com/show_bug.cgi?id=2265594https://bugzilla.redhat.com/show_bug.cgi?id=2265595

Red Hat Security Advisory 2024-3431-03

Red Hat Security Advisory 2024-3428-03 - An update for the rust-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3428.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: rust-toolset:rhel8 security updateAdvisory ID:        RHSA-2024:3428-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3428Issue date:         2024-05-28Revision:           03CVE Names:          CVE-2023-38497====================================================================Summary: An update for the rust-toolset:rhel8 module is now available for Red HatEnterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Rust Toolset provides the Rust programming language compiler rustc, the cargobuild tool and dependency manager, and required libraries.Security Fix(es):* rust-cargo: cargo does not respect the umask when extracting dependencies(CVE-2023-38497)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-38497References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2228038

Red Hat Security Advisory 2024-3428-03

Red Hat Security Advisory 2024-3427-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_3427.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:3427-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:3427Issue date:         2024-05-28Revision:           03CVE Names:          CVE-2024-1086====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1086References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2262126

Tag

#linux