Oracle Linux 8 : edk2 (ELSA-2024-5297)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5297 advisory. - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch RHEL-21854 RHEL-21856 RHEL-40099 - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch...

kernel: tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized

In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcpinittransfer to not reset icskcainitialized This commit fixes a bug found by syzkaller that could cause spurious double-initializations for congestion control modules, which could cause memory leaks or other problems...

kernel: net: fix information leakage in /proc/net/ptype

In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new packettype added by this packet socket by...

kernel: mptcp: ensure snd_nxt is properly initialized on connect

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure sndnxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snduna: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 mptcpcleanuna+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules...

Django vulnerable to a denial-of-service attack

An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters...

The vulnerability of the Fake Authentication Result Handler component in the DKIM-filtering software OpenDKIM allows a perpetrator to influence the integrity of the protected information.

The vulnerability of the Fake Authentication Result Handler component in the DKIM-filtering software OpenDKIM is related to the lack of checks for sequence numbers during the deletion of fake fields. Exploiting this vulnerability allows a malicious actor to influence the integrity of the protecte...

The vulnerability of the tpm2_key_encode() function of the Trusted Platform Module (TPM) in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the tpm2keyencode function in the security/keys/trusted-keys/trustedtpm2.c file of the Trusted Platform Module TPM subsystem of the Linux kernel is related to improper handling of the asn1encodesequence function’s return code. Exploiting this vulnerability could allow an...

SUSE CVE-2024-42230

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL reloconexc, required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL i...

ROS-20240806-07

A vulnerability in the Fake Authentication Result Handler component of OpenDKIM DKIM filter software is related to the lack of sequence number verification when deleting fake fields. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity...

CVE-2024-42230

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL reloconexc, required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL i...

AZL-47232 CVE-2024-42230 affecting package kernel for versions less than 6.6.43.1-7

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL reloconexc, required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL i...

UBUNTU-CVE-2024-42230

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL reloconexc, required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL i...

CVE-2024-41085 cxl/mem: Fix no cxl_nvd during pmem region auto-assembling

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix no cxlnvd during pmem region auto-assembling When CXL subsystem is auto-assembling a pmem region during cxl endpoint port probing, always hit below calltrace. BUG: kernel NULL pointer dereference, address:...

Oracle Linux 9 : edk2 (ELSA-2024-4749)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4749 advisory. - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch RHEL-40270 RHEL-40272 - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch RHEL-40270...

edk2: Predictable TCP Initial Sequence Numbers

A security flaw has been identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker to potentially disclose sensitive information...

Moderate: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: EDK2: integer overflow in CreateHob could lead to HOB OOB R/W CVE-2022-36765 edk2: Predictable TCP Initial Sequence Numbers...

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-2014)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2024-1996)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : edk2 (EulerOS-SA-2024-2014)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise...