Advisory ROSA-SA-2024-2499

Software: python-setuptools 39.2.0 OS: ROSA Virtualization 2.1 packageevrstring: python-setuptools-39.2.0-8.rv3 CVE-ID: CVE-2022-40897 BDU-ID: 2023-02445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python Packaging Authority package installation tools is related to insufficient input...

Advisory ROSA-SA-2024-2498

Software: python-jwcrypto 0.5.0 OS: ROSA Virtualization 2.1 packageevrstring: python-jwcrypto-0.5.0-2.rv3 CVE-ID: CVE-2024-28102 BDU-ID: 2024-01978 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the deserialize JavaScript library function for Jwcrypto is associated with uncontrolled resource...

Advisory ROSA-SA-2024-2497

Software: python-urllib3 1.24.2 OS: ROSA Virtualization 2.1 packageevrstring: python-urllib3-1.24.2-8.rv3 CVE-ID: CVE-2020-26137 BDU-ID: 2021-05230 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the urllib3 module method of the Python programming language interpreter is related to insufficient...

Advisory ROSA-SA-2024-2496

Software: cups 2.2.6 OS: ROSA Virtualization 2.1 packageevrstring: cups-2.2.6-60.rv3 CVE-ID: CVE-2023-32324 BDU-ID: 2023-03873 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the formatlogline function of the CUPS print server is related to writing beyond buffer boundaries. Exploitation of the...

Advisory ROSA-SA-2024-2495

Software: libvpx 1.7.0 OS: ROSA Virtualization 2.1 packageevrstring: libvpx-1.7.0-11.rv3 CVE-ID: CVE-2023-44488 BDU-ID: 2023-06350 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the libvpx multimedia library is related to incorrect handling of exceptional states when processing certain special form...

Veertu Anka Build node agent update privilege escalation vulnerability

Talos Vulnerability Report TALOS-2024-2060 Veertu Anka Build node agent update privilege escalation vulnerability October 3, 2024 CVE Number CVE-2024-39755 SUMMARY A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG fil...

RHSA-2023:7521 Red Hat Security Advisory: OpenShift Virtualization 4.13.6 RPMs security and bug fix update

Bulletin has no description...

kernel: hw:amd: Incomplete system memory cleanup in SEV firmware corrupt guest private memory

A flaw was found in hw in the SNP-SEV firmware. This flaw could allow a privileged attacker to corrupt a guest's private memory, potentially resulting in the loss of data integrity of the guest...

kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity

A flaw was found in the way AMD IOMMU handles certain special address ranges with invalid device table entries DTEs, which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity...

kernel: hw:amd:IOMMU improperly handles certain special address leading to a loss of guest integrity

A flaw was found in the way AMD IOMMU handles certain special address ranges with invalid device table entries DTEs, which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest integrity...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to multiple vulnerabilities in IBM MQ

Summary IBM Virtualization Engine TS7700 is susceptible to three denial-of-service conditions CVE-2024-25016, CVE-2024-31919, CVE-2024-35116, a privilege escalation CVE-2024-31912 and a buffer overflow CVE-2024-25048 due to the use of IBM MQ. TS7700 uses IBM MQ for inter-process communication...

CLSA-2024-1727817133 Fix of 74 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2021-47188 - scsi: ufs: core: Improve SCSI abort handling CVE-url: https://ubuntu.com/security/CVE-2024-26677 - rxrpc: Fix delayed ACKs to not set the...

CLSA-2024-1727816710 Fix of 60 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2023-52527 - ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata CVE-url: https://ubuntu.com/security/CVE-2024-43882 - exec: Fix ToCToU between...

CLSA-2024-1727816002 Fix of 60 CVEs

CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6appenddata CVE-url: https://ubuntu.com/security/CVE-2023-52527 - ipv4, ipv6: Fix handling of transhdrlen in ip,6appenddata CVE-url: https://ubuntu.com/security/CVE-2024-43882 - exec: Fix ToCToU between...

RHSA-2024:6964 Red Hat Security Advisory: virt:rhel and virt-devel:rhel security update

Bulletin has no description...

Moderate: Red Hat Security Advisory: qemu-kvm security update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHSA-2022:4896 Red Hat Security Advisory: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.0]

Bulletin has no description...

RHSA-2022:1263 Red Hat Security Advisory: RHV-H security update (redhat-virtualization-host) 4.3.22

Bulletin has no description...

RHSA-2023:7672 Red Hat Security Advisory: OpenShift Virtualization 4.14.1 RPMs security and bug fix update

Bulletin has no description...

RHSA-2023:3204 Red Hat Security Advisory: OpenShift Virtualization 4.13.0 RPMs security and bug fix update

Bulletin has no description...