Important: kernel-livepatch-4.14.343-259.562

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv-len is a multiple of 4, then dstlen / 4 can write past the destination array which leads to stack corruption. This construct is necessary to clean th...

Medium: iperf3

Issue Overview: It is possible for a malicious or malfunctioning client to send less than the expected amount of data to the server. If this happens, the server will hang indefinitely waiting for the remainder or until the connection gets closed. Because iperf3 is deliberately designed to service...

Medium: golang

Issue Overview: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip...

Important: unbound

Issue Overview: A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw...

Important: kernel

Issue Overview: kernel: Type confusion in picknextrtentity, which can result in memory corruption. CVE-2023-1077 An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x8664 lacks consistency checks for CR0 and CR4. CVE-2023-30456 In the Linux kernel, the...

Medium: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...

Important: unbound

Issue Overview: A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw...

Medium: edk2

Issue Overview: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. CVE-2024-1298 Affected Packages: edk2 Note: This adviso...

Important: ecs-service-connect-agent

Issue Overview: Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedgeonpertrytimeout is enabled, 2. pertryidletimeout is enabled it can only be done in configuration, 3...

Medium: dnsmasq

Issue Overview: dnsmasq 2.9 is vulnerable to Integer Overflow via forwardquery. CVE-2023-49441 Affected Packages: dnsmasq Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction...

Medium: golang

Issue Overview: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip...

Important: tomcat8

Issue Overview: Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through...

Important: kernel-livepatch-4.14.343-260.564

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv-len is a multiple of 4, then dstlen / 4 can write past the destination array which leads to stack corruption. This construct is necessary to clean th...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmiunregisterfunction CVE-2023-52840 In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header CVE-2023-52843 I...

Medium: ruby

Issue Overview: ruby: RCE vulnerability with .rdocoptions in RDoc CVE-2024-27281 Affected Packages: ruby Note: This advisory is applicable to Amazon Linux 2 - Ruby3.0 Extra. Visit this page to learn more about Amazon Linux 2 AL2 Extras and this FAQ section for the difference between AL2 Core and...

Medium: webkitgtk4

Issue Overview: An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user. CVE-2024-23280 The issue was addressed with...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmiunregisterfunction CVE-2023-52840 In the Linux kernel, the following vulnerability has been resolved: llc: verify mac len before reading mac header CVE-2023-52843 I...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel. When reusing a socket with an attached dccpshctxccid as a listener, the socket will be used after being released leading to denial of service DoS or a potential code execution. The highest threat from this vulnerability is to data...

Important: kernel

Issue Overview: An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x8664 lacks consistency checks for CR0 and CR4. CVE-2023-30456 In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEVSTATSINC CVE-2023-52578 In the Linu...

Important: python3-jinja2

Issue Overview: In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. CVE-2019-10906 Affected Packages: python3-jinja2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

Important: qemu

Issue Overview: A double free vulnerability was found in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto, where the memreentrancyguard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on...

Important: booth

Issue Overview: A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcrymdgetalgodlen, it may allow an invalid HMAC to be accepted by the Booth server. CVE-2024-3049 Affected Packages: booth Note: This advisory is applicable to Amazon Linux 2 AL2 Core...

Medium: dnsmasq

Issue Overview: dnsmasq 2.9 is vulnerable to Integer Overflow via forwardquery. CVE-2023-49441 Affected Packages: dnsmasq Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction...

Important: qemu

Issue Overview: A double free vulnerability was found in QEMU virtio devices virtio-gpu, virtio-serial-bus, virtio-crypto, where the memreentrancyguard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on...

Important: docker

Issue Overview: A file permissions vulnerability was found in Moby Docker Engine. Copying files by using into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker acce...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev-serial CVE-2024-26900 In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUGON in control parser CVE-2024-35947 In the Linux kernel, the following...

Important: kernel

Issue Overview: An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x8664 lacks consistency checks for CR0 and CR4. CVE-2023-30456 In the Linux kernel, the following vulnerability has been resolved: net: bridge: use DEVSTATSINC CVE-2023-52578 In the Linu...

Important: python-crypto

Issue Overview: Heap-based buffer overflow in the ALGnew function in blocktemplace.c in Python Cryptography Toolkit aka pycrypto allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. CVE-2013-7459 Affected Packages: python-crypto Note: This...

Important: containerd

Issue Overview: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. CVE-2023-39325 A malicious HTTP sender can use chunk extensions to cause a receiver...

Medium: python-jinja2

Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...

Important: php

Issue Overview: The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/138...

Medium: edk2

Issue Overview: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. CVE-2024-1298 Affected Packages: edk2 Note: This adviso...

Important: libndp

Issue Overview: A vulnerability was found in libndp. A buffer overflow in NetworkManager that can be triggered by sending a malformed IPv6 router advertisement packet via malicious user locally. This happens as libndp was not validating correctly the route length information and hence leading to ...

Medium: iperf3

Issue Overview: It is possible for a malicious or malfunctioning client to send less than the expected amount of data to the server. If this happens, the server will hang indefinitely waiting for the remainder or until the connection gets closed. Because iperf3 is deliberately designed to service...

Important: ecs-init

Issue Overview: The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGSSYSRET64 paravirt call CVE-2021-4440 In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect flwalk with rcu CVE-2021-47402 A flaw was found in the...

Medium: python3-jinja2

Issue Overview: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application...

Medium: nasm

Issue Overview: Null pointer dereference in ieeewritefile in nasm 2.16rc0 allows attackers to cause a denial of service crash. CVE-2023-38665 Affected Packages: nasm Issue Correction: Run dnf update nasm --releasever 2023.4.20240611 or dnf update --advisory ALAS2023-2024-642 --releasever...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep CVE-2024-26605 In the...

Medium: bouncycastle

Issue Overview: An issue was discovered in Bouncy Castle Java Cryptography APIs before ... NOTE: https://github.com/bcgit/bc-java/issues/1635 NOTE: https://www.bouncycastle.org/latestreleases.html DEBIANBUG: 1070655 CVE-2024-29857 An issue was discovered in Bouncy Castle Java Cryptography APIs...

Important: R

Issue Overview: Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep CVE-2024-26605 In the...

Medium: nasm

Issue Overview: Null pointer dereference in ieeewritefile in nasm 2.16rc0 allows attackers to cause a denial of service crash. CVE-2023-38665 Affected Packages: nasm Issue Correction: Run dnf update nasm --releasever 2023.4.20240611 to update your system. New Packages: aarch64: ...

Medium: unixODBC

Issue Overview: An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. CVE-2024-1013 Affected Packages: unixOD...

Medium: openssl

Issue Overview: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem...

Important: ghostscript

Issue Overview: NOTE: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7145885041bb52cc23964f0aa2aec1b1c82b5908 ghostpdl-10.03.1 NOTE: https://bugs.ghostscript.com/showbug.cgi?id=707754 CVE-2024-33871 Affected...

Important: R

Issue Overview: Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS R Data Serialization formatted file or R package to run arbitrary code on an end user's system...

Low: postgresql15

Issue Overview: postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 Affected Packages: postgresql15 Issue Correction: Run dnf update postgresql15 --releasever 2023.4.20240611 to update your system. New Packages: aarch64: ...

Low: postgresql15

Issue Overview: postgresql: PostgreSQL pgstatsext and pgstatsextexprs lack authorization checks CVE-2024-4317 Affected Packages: postgresql15 Issue Correction: Run dnf update postgresql15 --releasever 2023.4.20240611 or dnf update --advisory ALAS2023-2024-635 --releasever 2023.4.20240611 to updat...

Medium: bouncycastle

Issue Overview: An issue was discovered in Bouncy Castle Java Cryptography APIs before ... NOTE: https://github.com/bcgit/bc-java/issues/1635 NOTE: https://www.bouncycastle.org/latestreleases.html DEBIANBUG: 1070655 CVE-2024-29857 An issue was discovered in Bouncy Castle Java Cryptography APIs...