Ubuntu Security Notice 6747-2 - USN-6747-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Bartek Nowotarski discovered that Firefox did not properly limit HTTP/2 CONTINUATION frames. An attacker could potentially exploit this issue to cause a denial of service. Gary Kwong discovered that Firefox did not properly manage memory when running garbage collection during realm initialization. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Lukas Bernhard discovered that Firefox did not properly manage memory during JIT optimizations, leading to an out-of-bounds read vulnerability. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Nan Wang discovered that Firefox did not properly manage memory during WASM garbage collection. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.
7c2c9d128db1252739be1d7a0b93beb403f7c031e510470fefa2f2f7a74db59dRed Hat Security Advisory 2024-2621-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.
c0ab1228ff9631c40f7ba7a67ebe0cb98a66d5194f5937e26da67792d764f154Red Hat Security Advisory 2024-2568-03 - An update for grafana is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass and memory leak vulnerabilities.
acebb6ebe8c86932a7649e165ac7f9b1295bf39b1e11f37a00188477d20764f2Red Hat Security Advisory 2024-2562-03 - An update for golang is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service, memory exhaustion, and memory leak vulnerabilities.
5642d245ff223701e0e1b969fbb176f20288ab28d6880360b0a56d5fda156a78Red Hat Security Advisory 2024-2525-03 - An update for mingw-pixman is now available for Red Hat Enterprise Linux 9. Issues addressed include integer overflow and out of bounds write vulnerabilities.
7611f233f16e4003c69a91ee23499cbe6bed6fd4c7a8d26442bbf86975a89a03Red Hat Security Advisory 2024-2456-03 - An update for grub2 is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, out of bounds read, and out of bounds write vulnerabilities.
522d251117a31b5cf29b4472d79399998985d63ff3a4e49df0eba1ac473063eeRed Hat Security Advisory 2024-2394-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, double free, integer overflow, memory exhaustion, memory leak, null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
86435dbd1e42e1cb6babcb7c70863a0ed35c27cc178b52ec0cd6a1f94cb358cdRed Hat Security Advisory 2024-2387-03 - An update for mod_jk and mod_proxy_cluster is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting and information leakage vulnerabilities.
1afbcf28960759dfb2bf1cd21470b1d259028ca98c06545215ea1561a67e4844Red Hat Security Advisory 2024-2289-03 - An update for libtiff is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and integer overflow vulnerabilities.
07f6d09b76d14cbbc58f8061fe5f59bfe38a37eb126df374398e0369a3e84eedRed Hat Security Advisory 2024-2287-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and integer overflow vulnerabilities.
fab820c0fbdfa4d8d6e73e8f311ccdd5d57b1fc27fa3d174dca75ce8e75dec6eRed Hat Security Advisory 2024-2276-03 - An update for qt5-qtbase is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and integer overflow vulnerabilities.
95b68aba738992f875e5d8ddb178b532df9446a7d9652bcd95235aa3d0e8e0c3Red Hat Security Advisory 2024-2264-03 - An update for edk2 is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
6f1e439469f760963ec6eedfe0fe6679640e263eb718c557d4c7112aa16b83b3Red Hat Security Advisory 2024-2208-03 - An update for freerdp is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow, integer overflow, null pointer, out of bounds read, and out of bounds write vulnerabilities.
d35c2dacb4ba39a2b04932e45ff213c2efa3efc4d0a7615936eacb552ec25e83Red Hat Security Advisory 2024-2184-03 - An update for libsndfile is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and integer overflow vulnerabilities.
2731dd1ec804a96acfe3a51dc62314bf991ab4a07f95f0b946a9cb62f1664ec6Red Hat Security Advisory 2024-2170-03 - An update for xorg-x11-server-Xwayland is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and out of bounds write vulnerabilities.
12951ba3a7c0d999913a7bd764ce62029547e8037266195d833336dae45f6ea4Red Hat Security Advisory 2024-2169-03 - An update for xorg-x11-server is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
94ab168fa0917df2471afdc2d838be2c00664ff640ecb98837ab445c551bb0ddRed Hat Security Advisory 2024-2156-03 - An update for frr is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service, null pointer, and out of bounds read vulnerabilities.
322e995e947b0f50c6a28c612069dfcfec9b69f5fd131b62429972f99975294aRed Hat Security Advisory 2024-2145-03 - An update for libX11 is now available for Red Hat Enterprise Linux 9. Issues addressed include heap overflow and integer overflow vulnerabilities.
ae52f35adcfeb1c6e6e69e20b88ec3a6a7c21886d5b6b1a7e97e2c2157fc3fb9Red Hat Security Advisory 2024-2135-03 - An update for qemu-kvm is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service, null pointer, and use-after-free vulnerabilities.
6aed43bd4a645b4866faa207eff247f254ced1faa9c2d71da518875587f3e3f1Red Hat Security Advisory 2024-2126-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include code execution, denial of service, and use-after-free vulnerabilities.
8baa4f4c7bf33e4e714b9101573fdfd7b6c0b19e9a37df72797570d863dca77fUbuntu Security Notice 6734-2 - USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Alexander Kuznetsov discovered that libvirt incorrectly handled certain API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service. It was discovered that libvirt incorrectly handled certain RPC library API calls. An attacker could possibly use this issue to cause libvirt to crash, resulting in a denial of service.
de9bb025a2d32f7b6bc492105033df1d20ac65f5466d9541f8a4b62ce26e46e5Ubuntu Security Notice 6733-2 - USN-6733-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding updates for Ubuntu 24.04 LTS. It was discovered that GnuTLS had a timing side-channel when performing certain ECDSA operations. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled verifying certain PEM bundles. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 23.10.
ddfa9b53cf55c5c796be4d398f38aed182745e8f5742e95f3b46d0343f9fcb73Ubuntu Security Notice 6718-3 - USN-6718-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 24.04 LTS. Dan Fandrich discovered that curl would incorrectly use the default set of protocols when a parameter option disabled all protocols without adding any, contrary to expectations. This issue only affected Ubuntu 23.10. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.
ade4e33456f4d06c99e18ff976f56f75797e1d3f0b86ecd687782229e52eb969Ubuntu Security Notice 6729-3 - USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update provides the corresponding updates for Ubuntu 24.04 LTS. Orange Tsai discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Keran Mu and Jianjun Chen discovered that the Apache HTTP Server incorrectly handled validating certain input. A remote attacker could possibly use this issue to perform HTTP request splitting attacks. Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module incorrectly handled endless continuation frames. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service.
64bc41b5243d484a6b2e16655cb72ea9b8aa3a19737b46627dbb01cfa4e8fb4eRed Hat Security Advisory 2024-2088-03 - An update is now available for the Red Hat build of Cryostat 2 on RHEL 8. Issues addressed include denial of service, memory exhaustion, and memory leak vulnerabilities.
85e9f4b82829cdb5154e6b0ed68982f3a590b552ab033dc5ccb8378824c92ab2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed