Gentoo Linux Security Advisory 202407-09

Gentoo Linux Security Advisory 202407-9 - A vulnerability has been discovered in OpenSSH, which can lead to remote code execution with root privileges. Versions greater than or equal to 9.7_p1-r6 are affected.

Ubuntu Security Notice USN-6851-2

Ubuntu Security Notice 6851-2 - USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl enable to fail on systems without dbus. This update fixes the problem.

Ubuntu Security Notice USN-6844-2

Ubuntu Security Notice 6844-2 - USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression in CUPS with regards to how the cupsd daemon handles Listen configuration directive. This update fixes the problem. Rory McNamara discovered that when starting the cupsd server with a Listen configuration item, the cupsd process fails to validate if bind call passed. An attacker could possibly trick cupsd to perform an arbitrary chmod of the provided argument, providing world-writable access to the target.

Red Hat Security Advisory 2024-4212-03

Red Hat Security Advisory 2024-4212-03 - An update for golang is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-4211-03

Red Hat Security Advisory 2024-4211-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.

Red Hat Security Advisory 2024-4210-03

Red Hat Security Advisory 2024-4210-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4209-03

Red Hat Security Advisory 2024-4209-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.2 for RHEL 8. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice USN-6859-1

Ubuntu Security Notice 6859-1 - It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials.

Debian Security Advisory 5724-1

Debian Linux Security Advisory 5724-1 - The Qualys Threat Research Unit (TRU) discovered that OpenSSH, an implementation of the SSH protocol suite, is prone to a signal handler race condition. If a client does not authenticate within LoginGraceTime seconds (120 by default), then sshd's SIGALRM handler is called asynchronously and calls various functions that are not async-signal-safe. A remote unauthenticated attacker can take advantage of this flaw to execute arbitrary code with root privileges. This flaw affects sshd in its default configuration.

Gentoo Linux Security Advisory 202407-08

Gentoo Linux Security Advisory 202407-8 - Multiple vulnerabilities have been discovered in GNU Emacs and Org Mode, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 26.3-r16:26 are affected.

Gentoo Linux Security Advisory 202407-07

Gentoo Linux Security Advisory 202407-7 - A vulnerability has been discovered in cpio, which can lead to arbitrary code execution. Versions greater than or equal to 2.13-r1 are affected.

OpenSSH Server regreSSHion Remote Code Execution

Qualys has discovered a a signal handler race condition vulnerability in OpenSSH's server, sshd. If a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously, but this signal handler calls various functions that are not async-signal-safe - for example, syslog(). This race condition affects sshd in its default configuration.

Ubuntu Security Notice USN-6858-1

Ubuntu Security Notice 6858-1 - It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.

Gentoo Linux Security Advisory 202407-06

Gentoo Linux Security Advisory 202407-6 - Multiple vulnerabilities have been discovered in cryptography, the worst of which could lead to a denial of service. Versions greater than or equal to 42.0.4 are affected.

Gentoo Linux Security Advisory 202407-05

Gentoo Linux Security Advisory 202407-5 - A vulnerability has been discovered in SSSD, which can lead to arbitrary code execution. Versions greater than or equal to 2.5.2-r1 are affected.

Ubuntu Security Notice USN-6855-1

Ubuntu Security Notice 6855-1 - Mansour Gashasbi discovered that libcdio incorrectly handled certain memory operations when parsing an ISO file, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

Gentoo Linux Security Advisory 202406-06

Gentoo Linux Security Advisory 202406-6 - Multiple vulnerabilities have been discovered in GStreamer and GStreamer Plugins, the worst of which could lead to code execution. Versions greater than or equal to 1.22.11-r1 are affected.

Gentoo Linux Security Advisory 202407-02

Gentoo Linux Security Advisory 202407-2 - A vulnerability has been discovered in SDL_ttf, which can lead to arbitrary memory writes. Versions greater than or equal to 2.20.0 are affected.

Gentoo Linux Security Advisory 202407-04

Gentoo Linux Security Advisory 202407-4 - A vulnerability has been discovered in Pixman, which can lead to a heap buffer overflow. Versions greater than or equal to 0.42.2 are affected.

Gentoo Linux Security Advisory 202407-03

Gentoo Linux Security Advisory 202407-3 - A vulnerability has been discovered in Liferea, which can lead to remote code execution. Versions greater than or equal to 1.12.10 are affected.

Gentoo Linux Security Advisory 202407-01

Gentoo Linux Security Advisory 202407-1 - A vulnerability has been discovered in Zsh, which can lead to execution of arbitrary code. Versions greater than or equal to 5.8.1 are affected.

Red Hat Security Advisory 2024-4200-03

Red Hat Security Advisory 2024-4200-03 - An update for libreswan is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-4197-03

Red Hat Security Advisory 2024-4197-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a HTTP response splitting vulnerability.

Red Hat Security Advisory 2024-4179-03

Red Hat Security Advisory 2024-4179-03 - An update for pki-core is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-3637-03

Red Hat Security Advisory 2024-3637-03 - Secondary Scheduler Operator for Red Hat OpenShift 1.3.0 for RHEL 9. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2024-3617-03

Red Hat Security Advisory 2024-3617-03 - Kube Descheduler Operator for Red Hat OpenShift 5.0.1 for RHEL 9. Issues addressed include a memory exhaustion vulnerability.

Red Hat Security Advisory 2024-1616-03

Red Hat Security Advisory 2024-1616-03 - Run Once Duration Override Operator for Red Hat OpenShift 1.1.1 for RHEL 9. Issues addressed include denial of service and memory exhaustion vulnerabilities.

Red Hat Security Advisory 2024-4166-03

Red Hat Security Advisory 2024-4166-03 - An update for python3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2024-4165-03

Red Hat Security Advisory 2024-4165-03 - An update for pki-core is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-4164-03

Red Hat Security Advisory 2024-4164-03 - An update for pki-core is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-0045-03

Red Hat Security Advisory 2024-0045-03 - Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service, memory exhaustion, and resource exhaustion vulnerabilities.

Red Hat Security Advisory 2024-0043-03

Red Hat Security Advisory 2024-0043-03 - Red Hat build of MicroShift release 4.16.0 is now available with updates to packages and images that include a security update. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-0041-03

Red Hat Security Advisory 2024-0041-03 - Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service, memory exhaustion, password leak, and resource exhaustion vulnerabilities.

Debian Security Advisory 5723-1

Debian Linux Security Advisory 5723-1 - Fabian Vogt discovered that the KDE session management server insufficiently restricted ICE connections from localhost, which could allow a local attacker to execute arbitrary code as another user on next boot.

Ubuntu Security Notice USN-5616-3

Ubuntu Security Notice 5616-3 - USN-5615-1 fixed several vulnerabilities in SQLite. This update provides the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS. It was discovered that SQLite incorrectly handled INTERSEC query processing. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

Ubuntu Security Notice USN-6857-1

Ubuntu Security Notice 6857-1 - Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that Squid incorrectly handled SSPI and SMB authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 16.04 LTS.

Debian Security Advisory 5722-1

Debian Linux Security Advisory 5722-1 - It was discovered that multiple integer overflows in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service and potentially the execution of arbitrary code.

Debian Security Advisory 5721-1

Debian Linux Security Advisory 5721-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

Red Hat Security Advisory 2024-4160-03

Red Hat Security Advisory 2024-4160-03 - An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4146-03

Red Hat Security Advisory 2024-4146-03 - An update for golang is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include denial of service and memory leak vulnerabilities.

Red Hat Security Advisory 2024-4144-03

Red Hat Security Advisory 2024-4144-03 - VolSync v0.9.2 general availability release images provide the following: enhancements, security fixes, and updated container images.

Red Hat Security Advisory 2024-4126-03

Red Hat Security Advisory 2024-4126-03 - This is release 1.4 of the container images for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site.

Red Hat Security Advisory 2024-4119-03

Red Hat Security Advisory 2024-4119-03 - Updated rhceph-5.3 container image is now available in the Red Hat Ecosystem Catalog. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-4118-03

Red Hat Security Advisory 2024-4118-03 - An update is now available for Red Hat Ceph Storage 5.3. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-4108-03

Red Hat Security Advisory 2024-4108-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-4107-03

Red Hat Security Advisory 2024-4107-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-4106-03

Red Hat Security Advisory 2024-4106-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-4101-03

Red Hat Security Advisory 2024-4101-03 - An update for samba is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Security Advisory 2024-4098-03

Red Hat Security Advisory 2024-4098-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.

Red Hat Security Advisory 2024-4092-03

Red Hat Security Advisory 2024-4092-03 - An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 for RHEL 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4084-03

Red Hat Security Advisory 2024-4084-03 - An update for git is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-4083-03

Red Hat Security Advisory 2024-4083-03 - An update for git is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2024-4081-03

Red Hat Security Advisory 2024-4081-03 - An update for the quarkus-mandrel-java and quarkus-mandrel-23 packages is now available for the Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4079-03

Red Hat Security Advisory 2024-4079-03 - An update for the quarkus-mandrel-java and quarkus-mandrel-231 packages is now available for the Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-4078-03

Red Hat Security Advisory 2024-4078-03 - An update for python3.9 is now available for Red Hat Enterprise Linux 9. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-4077-03

Red Hat Security Advisory 2024-4077-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 9. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2024-4075-03

Red Hat Security Advisory 2024-4075-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-4074-03

Red Hat Security Advisory 2024-4074-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-4073-03

Red Hat Security Advisory 2024-4073-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-4070-03

Red Hat Security Advisory 2024-4070-03 - An update for pki-core is now available for Red Hat Certificate System 10.4 for RHEL 8.6. Issues addressed include a bypass vulnerability.