Debian Security Advisory 5630-1

Debian Linux Security Advisory 5630-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5629-1

Debian Linux Security Advisory 5629-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Debian Security Advisory 5628-1

Debian Linux Security Advisory 5628-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed image files are processed.

Red Hat Security Advisory 2024-0952-03

Red Hat Security Advisory 2024-0952-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2024-0951-03

Red Hat Security Advisory 2024-0951-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-0950-03

Red Hat Security Advisory 2024-0950-03 - An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9.

Debian Security Advisory 5627-1

Debian Linux Security Advisory 5627-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

Gentoo Linux Security Advisory 202402-29

Gentoo Linux Security Advisory 202402-29 - Multiple vulnerabilities have been found in LibreOffice, the worst of which could result in user-assisted code execution. Versions greater than or equal to 7.5.9.2 are affected.

Ubuntu Security Notice USN-6649-1

Ubuntu Security Notice 6649-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Alfred Peters discovered that Firefox did not properly manage memory when storing and re-accessing data on a networking channel. An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6648-1

Ubuntu Security Notice 6648-1 - It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Zhenghan Wang discovered that the generic ID allocator implementation in the Linux kernel did not properly check for null bitmap when releasing IDs. A local attacker could use this to cause a denial of service.

Red Hat Security Advisory 2024-0937-03

Red Hat Security Advisory 2024-0937-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-0934-03

Red Hat Security Advisory 2024-0934-03 - An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-0853-03

Red Hat Security Advisory 2024-0853-03 - Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent.

Ubuntu Security Notice USN-6647-1

Ubuntu Security Notice 6647-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6646-1

Ubuntu Security Notice 6646-1 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6584-2

Ubuntu Security Notice 6584-2 - USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 andCVE-2021-33913 in Ubuntu 16.04 LTS. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Ubuntu Security Notice USN-6645-1

Ubuntu Security Notice 6645-1 - It was discovered that the netfilter connection tracker for netlink in the Linux kernel did not properly perform reference counting in some error conditions. A local attacker could possibly use this to cause a denial of service.

Red Hat Security Advisory 2024-0930-03

Red Hat Security Advisory 2024-0930-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow, null pointer, out of bounds access, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0845-03

Red Hat Security Advisory 2024-0845-03 - Red Hat OpenShift Container Platform release 4.13.34 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-0837-03

Red Hat Security Advisory 2024-0837-03 - Red Hat OpenShift Container Platform release 4.14.13 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-0832-03

Red Hat Security Advisory 2024-0832-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs. Issues addressed include denial of service and traversal vulnerabilities.

Ubuntu Security Notice USN-6644-1

Ubuntu Security Notice 6644-1 - It was discovered that LibTIFF incorrectly handled certain files. If a user were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause the application to crash, resulting in a denial of service. It was discovered that LibTIFF incorrectly handled certain image files with the tiffcp utility. If a user were tricked into opening a specially crafted image file, an attacker could possibly use this issue to cause tiffcp to crash, resulting in a denial of service.

Ubuntu Security Notice USN-6643-1

Ubuntu Security Notice 6643-1 - Emre Durmaz discovered that NPM IP package incorrectly distinguished between private and public IP addresses. A remote attacker could possibly use this issue to perform Server-Side Request Forgery attacks.

Ubuntu Security Notice USN-6625-3

Ubuntu Security Notice 6625-3 - Marek Marczykowski-Górecki discovered that the Xen event channel infrastructure implementation in the Linux kernel contained a race condition. An attacker in a guest VM could possibly use this to cause a denial of service. Zheng Wang discovered a use-after-free in the Renesas Ethernet AVB driver in the Linux kernel during device removal. A privileged attacker could use this to cause a denial of service.

Ubuntu Security Notice USN-6642-1

Ubuntu Security Notice 6642-1 - Shoham Danino, Anat Bremler-Barr, Yehuda Afek, and Yuval Shavitt discovered that Bind incorrectly handled parsing large DNS messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Bind incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.

Ubuntu Security Notice USN-6641-1

Ubuntu Security Notice 6641-1 - Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains.

Red Hat Security Advisory 2024-0903-03

Red Hat Security Advisory 2024-0903-03 - Red Hat AMQ Broker 7.10.6 is now available from the Red Hat Customer Portal. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-0897-03

Red Hat Security Advisory 2024-0897-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0894-03

Red Hat Security Advisory 2024-0894-03 - An update for the mysql:8.0 module is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-0893-03

Red Hat Security Advisory 2024-0893-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-0889-03

Red Hat Security Advisory 2024-0889-03 - An update for oniguruma is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer over-read, integer overflow, out of bounds read, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0888-03

Red Hat Security Advisory 2024-0888-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.

Red Hat Security Advisory 2024-0887-03

Red Hat Security Advisory 2024-0887-03 - An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-0881-03

Red Hat Security Advisory 2024-0881-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-0880-03

Red Hat Security Advisory 2024-0880-03 - Red Hat OpenShift Serverless 1.31.1 is now available. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-0879-03

Red Hat Security Advisory 2024-0879-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Issues addressed include denial of service and deserialization vulnerabilities.

Red Hat Security Advisory 2024-0876-03

Red Hat Security Advisory 2024-0876-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-0866-03

Red Hat Security Advisory 2024-0866-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 8. Issues addressed include denial of service and deserialization vulnerabilities.

Red Hat Security Advisory 2024-0863-03

Red Hat Security Advisory 2024-0863-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-0862-03

Red Hat Security Advisory 2024-0862-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2024-0861-03

Red Hat Security Advisory 2024-0861-03 - An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.

Gentoo Linux Security Advisory 202402-28

Gentoo Linux Security Advisory 202402-28 - Multiple vulnerabilities have been discovered in Samba, the worst of which can lead to remote code execution. Versions greater than or equal to 4.18.9 are affected.

Debian Security Advisory 5626-1

Debian Linux Security Advisory 5626-1 - It was discovered that malformed DNSSEC records within a DNS zone could result in denial of service against PDNS Recursor, a resolving name server.

Gentoo Linux Security Advisory 202402-27

Gentoo Linux Security Advisory 202402-27 - A vulnerability has been discovered in Glade which can lead to a denial of service. Versions greater than or equal to 3.38.2 are affected.

Gentoo Linux Security Advisory 202402-26

Gentoo Linux Security Advisory 202402-26 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions greater than or equal to 115.7.0:esr are affected.

Gentoo Linux Security Advisory 202402-25

Gentoo Linux Security Advisory 202402-25 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.7.0 are affected.

Gentoo Linux Security Advisory 202402-21

Gentoo Linux Security Advisory 202402-21 - Multiple vulnerabilities have been discovered in QtNetwork, the worst of which could lead to execution of arbitrary code. Versions greater than or equal to 6.6.1-r2 are affected.

Gentoo Linux Security Advisory 202402-24

Gentoo Linux Security Advisory 202402-24 - Multiple vulnerabilities have been discovered in Seamonkey, the worst of which can lead to remote code execution. Versions greater than or equal to 2.53.10.2 are affected.

Gentoo Linux Security Advisory 202402-23

Gentoo Linux Security Advisory 202402-23 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 121.0.6167.139 are affected.

Gentoo Linux Security Advisory 202402-22

Gentoo Linux Security Advisory 202402-22 - Multiple vulnerabilities have been discovered in intel-microcode, the worst of which can lead to privilege escalation. Versions greater than or equal to 20230214_p20230212 are affected.

Gentoo Linux Security Advisory 202402-20

Gentoo Linux Security Advisory 202402-20 - A vulnerability has been discovered in Thunar which may lead to arbitrary code execution Versions greater than or equal to 4.17.3 are affected.

Gentoo Linux Security Advisory 202402-19

Gentoo Linux Security Advisory 202402-19 - A vulnerability has been discovered in libcaca which can lead to arbitrary code execution. Versions greater than or equal to 0.99_beta19-r4 are affected.

Gentoo Linux Security Advisory 202402-18

Gentoo Linux Security Advisory 202402-18 - Multiple vulnerabilities have been discovered in Exim, the worst of which can lead to remote code execution. Versions greater than or equal to 4.97.1 are affected.

Gentoo Linux Security Advisory 202402-17

Gentoo Linux Security Advisory 202402-17 - Multiple vulnerabilities have been discovered in CUPS, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 2.4.7 are affected.

Gentoo Linux Security Advisory 202402-16

Gentoo Linux Security Advisory 202402-16 - Multiple vulnerabilities have been discovered in Apache Log4j, the worst of which can lead to remote code execution. Versions less than or equal to 1.2.17 are affected.

Gentoo Linux Security Advisory 202402-15

Gentoo Linux Security Advisory 202402-15 - A vulnerability has been discovered in e2fsprogs which can lead to arbitrary code execution. Versions greater than or equal to 1.46.6 are affected.

Gentoo Linux Security Advisory 202402-14

Gentoo Linux Security Advisory 202402-14 - Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to remote code execution. Versions greater than or equal to 5.15.12_p20240122 are affected.

Gentoo Linux Security Advisory 202402-13

Gentoo Linux Security Advisory 202402-13 - A vulnerability has been discovered in TACACS+ which could lead to remote code execution. Versions less than or equal to 4.0.4.27a-r3 are affected.

Gentoo Linux Security Advisory 202402-12

Gentoo Linux Security Advisory 202402-12 - A vulnerability has been discovered in GNU Tar which may lead to an out of bounds read. Versions greater than or equal to 1.34-r3 are affected.

Debian Security Advisory 5625-1

Debian Linux Security Advisory 5625-1 - It was discovered that Engrampa, an archive manager for the MATE desktop environment was susceptible to path traversal when handling CPIO archives.