FFRI Security, Inc. Security Vulnerabilities

libxml2 security update

An update is available for libxml2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libxml2 library is a development toolbox providing the implementation of....

python3 security update

An update is available for python3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language,....

[SECURITY] [DSA 5703-1] linux security update

Debian Security Advisory DSA-5703-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 02, 2024 https://www.debian.org/security/faq Package : linux CVE ID : CVE-2022-48655 CVE-2023-52585...

ruby security update

[3.0.7-162] - Upgrade to Ruby 3.0.7. Resolves: RHEL-35740 - Fix HTTP response splitting in CGI. Resolves: RHEL-35741 - Fix ReDoS vulnerability in URI. Resolves: RHEL-35742 - Fix ReDoS vulnerability in Time. Resolves: RHEL-35743 - Fix buffer overread vulnerability in StringIO. Resolves:...

virt:kvm_utils1 security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt [5.7.0-42] - Document CVEs as fixed (Karl Heubaum) {CVE-2023-2700} - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364474] {CVE-2024-1441} - libvirt- : Check caller-provided buffers to be NULL with...

thunderbird security update

[115.11.0-1.0.1] - Add Oracle prefs file [115.11.0-1] - Update to 115.11.0...

[SECURITY] [DLA 3825-1] firefox-esr security update

Debian LTS Advisory DLA-3825-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort June 13, 2024 https://wiki.debian.org/LTS Package : firefox-esr Version : 115.12.0esr-1~deb10u1 CVE...

vlc - security update

Bulletin has no...

ipa security update

[4.6.8-5.0.1.el7_9.17] - Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818] [4.6.8-5.el7_9.17] - Resolves: RHEL-29926 ipa: user can obtain a hash of the passwords of all domain users and perform offline brute...

firefox security update

[115.11.0-1.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding OpenELA file [115.11.0-1] - Update to 115.11.0...

idm:DL1 security update

bind-dyndb-ldap custodia ipa [4.9.13-10.0.1] - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674] [4.9.13-10] - kdb: apply combinatorial logic for ticket flags (CVE-2024-3183) Resolves: RHEL-29927 - kdb: fix vulnerability in GCD rules handling (CVE-2024-2698) Resolves:...

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.29-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Bypass of CVE-2012-1823, Argument Injection in...

CVE-2023-50950

IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: ...

cockpit security update

[310.4-1.0.1] - Update documentation links [Orabug: 34706402] - Drop subscription-manager-cockpit requirement for ol [Orabug: 34681110] - Remove duplicate reference to server in cockpit [Orabug: 33862832] - Update documentation links [Orabug: 32795691] - Make documentation links point to Oracle...

libarchive - security update

Bulletin has no...

[SECURITY] [DSA 5701-1] chromium security update

Debian Security Advisory DSA-5701-1 [email protected] https://www.debian.org/security/ Andres Salomon May 31, 2024 https://www.debian.org/security/faq Package : chromium CVE ID : CVE-2024-5493 CVE-2024-5494...

libxml2 security update

[2.9.7-18.1] - Fix CVE-2024-25062...

Security Bulletin: IBM Security Verify Governance - Containerized Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in the latest update to IBM Security Verify Governance - Containerized Identity Manager. Vulnerability Details ** CVEID: CVE-2018-6561 DESCRIPTION: **Dojo Toolkit is vulnerable to cross-site scripting in dijit.Editor, caused by...

glibc security update

[2.17-326.3] - Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi [2.17-326.3] - nscd: Fix timeout type in netgroup cache (RHEL-34263) [2.17-326.2] - nscd: Do not use sendfile for the netgroup cache - nscd: Use-after-free in netgroup cache - CVE-2021-27645: nscd: double-free...

edk2 security update

Tue Feb 27 2024 Aaron Young Create new 1.7.0 release for OL7 which includes the following fixed CVEs: {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765} Update to OpenSSL...

less security update

[458-10] - Fix CVE-2024-32487 - Resolves:...

pillow - security update

Bulletin has no...

tinyproxy - security update

Bulletin has no...

edk2 security update

Tue Feb 27 2024 Aaron Young Create new 20240227 release for OL9 which includes the following fixed CVEs: {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765} Update to OpenSSL...

libvirt security update

libvirt [9.0.0-5.el9] - Fix off-by-one error in udevListInterfacesByStatus (Martin Kletzander) [Orabug: 36364464] {CVE-2024-1441} libvirt-python [9.0.0-5.el9] - Update to libvirt 9.0.0-5 (Karl...

linux - security update

Bulletin has no...

CVE-2023-21809

Microsoft Defender for Endpoint Security Feature Bypass...

CVE-2023-36088

Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive...

edk2 security update

Tue Feb 27 2024 Aaron Young Create new 20240227 release for OL9 which includes the following fixed CVEs: {CVE-2023-45229} {CVE-2023-45230} {CVE-2023-45231} {CVE-2023-45232} {CVE-2023-45233} {CVE-2023-45234} {CVE-2023-45235} {CVE-2022-36763} {CVE-2022-36764} {CVE-2022-36765} Update to OpenSSL...

CVE-2023-38163

Windows Defender Attack Surface Reduction Security Feature...

CVE-2010-5171

Race condition in Outpost Security Suite Pro 6.7.3.3063.452.0726 and 7.0.3330.505.1221 BETA on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via...

The map that stores device locked status of a user in keystore is not synchronized

In is_device_locked and set_device_locked of keystore_keymaster_enforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is.....

plasma-workspace - security update

Bulletin has no...

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

Moderate: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fix(es): firefox: Arbitrary JavaScript execution in PDF.js (CVE-2024-4367) firefox: IndexedDB files retained in private...

Important: pmix security update

The Process Management Interface (PMI) provides process management functions for MPI implementations. PMI Exascale (PMIx) provides an extended version of the PMI standard specifically designed to support clusters up to and including exascale sizes. Security Fix(es): pmix: race condition allows...

Moderate: sssd security update

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end...

nodejs:20 security update

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each...

httpd:2.4 security update

An update is available for httpd, mod_md, mod_http2, module.mod_md, module.mod_http2, module.httpd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd...

python-jinja2 security update

An update is available for python-jinja2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-jinja2 package contains Jinja2, a template engine written...

Important: booth security update

The Booth cluster ticket manager is a component to bridge high availability clusters spanning multiple sites, in particular, to provide decision inputs to local Pacemaker cluster resource managers. It operates as a distributed consensus-based service, presumably on a separate physical network....

Moderate: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c (CVE-2022-4645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,...

Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security...

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): libxml2: use-after-free in XMLReader (CVE-2024-25062) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related...

fence-agents security update

An update is available for fence-agents. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The fence-agents packages provide a collection of scripts for handling.....

go-toolset:rhel8 security update

An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset....

python3.11-urllib3 security update

An update is available for python3.11-urllib3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-urllib3 package provides the Python HTTP module with...

container-tools:rhel8 security update

An update is available for libslirp, module.buildah, module.crun, buildah, fuse-overlayfs, udica, module.oci-seccomp-bpf-hook, module.netavark, module.runc, conmon, module.containers-common, python-podman, module.libslirp, module.aardvark-dns, module.fuse-overlayfs, runc, criu, aardvark-dns,...

[SECURITY] [DLA 3823-1] less security update

Debian LTS Advisory DLA-3823-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 27, 2024 https://wiki.debian.org/LTS Package : less Version : 487-0.1+deb10u1 CVE ID :...

CVE-2023-42261

Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. NOTE: the vendor's position is that authentication is intentionally not implemented because the product is not intended for an untrusted network environment. Use cases requiring authentication could, for...