ISHACK AI BOT

Debian: CVE-2024-10464: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-10464 CVE - 2024-10464 DLA-3943-1 DSA-5801-1

Debian: CVE-2024-10465: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/30/2025 Description A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-10465 CVE - 2024-10465 DLA-3943-1 DSA-5801-1

Debian: CVE-2024-10461: firefox-esr, thunderbird -- security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-10461 CVE - 2024-10461 DLA-3943-1 DSA-5801-1

Debian: CVE-2024-10466: firefox-esr, thunderbird -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-10466 CVE - 2024-10466 DLA-3943-1 DSA-5801-1

Debian: CVE-2024-10487: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/29/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2024-10487 CVE - 2024-10487 DSA-5802-1

Debian: CVE-2024-10458: firefox-esr, thunderbird -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-10458 CVE - 2024-10458 DLA-3943-1 DSA-5801-1

FreeBSD: VID-CE0F52E1-A174-11EF-9A62-002590C1F29C (CVE-2024-45289): FreeBSD -- Certificate revocation list fetch(1) option fails Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/29/2024 Created 11/15/2024 Added 11/14/2024 Modified 11/14/2024 Description The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname.The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option. Solution(s) freebsd-upgrade-base-13_3-release-p8 freebsd-upgrade-base-13_4-release-p2 freebsd-upgrade-base-14_1-release-p6 References CVE-2024-45289

Debian: CVE-2024-10460: firefox-esr, thunderbird -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-10460 CVE - 2024-10460 DLA-3943-1 DSA-5801-1

FreeBSD: VID-3445E4B6-D2B8-11EF-9FF3-43C2B5D6C4C8 (CVE-2024-52006): git -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/29/2024 Created 01/18/2025 Added 01/16/2025 Modified 01/16/2025 Description Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.1, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones. Solution(s) freebsd-upgrade-package-git freebsd-upgrade-package-git-cvs freebsd-upgrade-package-git-gui freebsd-upgrade-package-git-p4 freebsd-upgrade-package-git-svn References CVE-2024-52006

FreeBSD: VID-EB5C615D-A173-11EF-9A62-002590C1F29C (CVE-2024-51566): FreeBSD -- Multiple issues in the bhyve hypervisor Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/29/2024 Created 11/15/2024 Added 11/14/2024 Modified 11/14/2024 Description The NVMe driver queue processing is vulernable to guest-induced infinite loops. Solution(s) freebsd-upgrade-base-13_3-release-p8 freebsd-upgrade-base-13_4-release-p2 freebsd-upgrade-base-14_1-release-p6 References CVE-2024-51566

FreeBSD: VID-EB5C615D-A173-11EF-9A62-002590C1F29C (CVE-2024-51562): FreeBSD -- Multiple issues in the bhyve hypervisor Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/29/2024 Created 11/15/2024 Added 11/14/2024 Modified 11/14/2024 Description The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value. Solution(s) freebsd-upgrade-base-13_3-release-p8 freebsd-upgrade-base-13_4-release-p2 freebsd-upgrade-base-14_1-release-p6 References CVE-2024-51562

FreeBSD: VID-3445E4B6-D2B8-11EF-9FF3-43C2B5D6C4C8 (CVE-2024-50349): git -- multiple vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/29/2024 Created 01/18/2025 Added 01/16/2025 Modified 01/16/2025 Description Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escape sequences that the terminal interpret to confuse users e.g. into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control. This issue has been patch via commits `7725b81` and `c903985` which are included in release versions v2.48.1, v2.47.1, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones. Solution(s) freebsd-upgrade-package-git freebsd-upgrade-package-git-cvs freebsd-upgrade-package-git-gui freebsd-upgrade-package-git-p4 freebsd-upgrade-package-git-svn References CVE-2024-50349

FreeBSD: VID-EB5C615D-A173-11EF-9A62-002590C1F29C (CVE-2024-51565): FreeBSD -- Multiple issues in the bhyve hypervisor Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/29/2024 Created 11/15/2024 Added 11/14/2024 Modified 11/14/2024 Description The hda driver is vulnerable to a buffer over-read from a guest-controlled value. Solution(s) freebsd-upgrade-base-13_3-release-p8 freebsd-upgrade-base-13_4-release-p2 freebsd-upgrade-base-14_1-release-p6 References CVE-2024-51565

CentOS Stream Obsolete Version Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/29/2024 Created 10/31/2024 Added 10/29/2024 Modified 10/29/2024 Description Unsupported versions of CentOS Stream may contain unpatched security flaws. It is recommended to upgrade to a supported version. Solution(s) linux-centos-stream-upgrade-latest

Gentoo Linux: CVE-2024-10458: Mozilla Thunderbird: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/29/2024 Created 12/10/2024 Added 12/09/2024 Modified 01/28/2025 Description A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin gentoo-linux-upgrade-www-client-firefox gentoo-linux-upgrade-www-client-firefox-bin References https://attackerkb.com/topics/cve-2024-10458 CVE - 2024-10458 202412-06 202501-10

Debian: CVE-2024-50088: linux, linux-6.1 -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/29/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free in add_inode_ref() The add_inode_ref() function does not initialize the "name" struct when it is declared.If any of the following calls to "read_one_inode() returns NULL, dir = read_one_inode(root, parent_objectid); if (!dir) { ret = -ENOENT; goto out; } inode = read_one_inode(root, inode_objectid); if (!inode) { ret = -EIO; goto out; } then "name.name" would be freed on "out" before being initialized. out: ... kfree(name.name); This issue was reported by Coverity with CID 1526744. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-50088 CVE - 2024-50088 DLA-4008-1

Debian: CVE-2024-50073: linux, linux-6.1 -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/29/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace: <TASK> gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] __pfx_gsm_cleanup_mux+0x10/0x10 drivers/tty/n_gsm.c:3124 [n_gsm] __pfx_sched_clock_cpu+0x10/0x10 kernel/sched/clock.c:389 update_load_avg+0x1c1/0x27b0 kernel/sched/fair.c:4500 __pfx_min_vruntime_cb_rotate+0x10/0x10 kernel/sched/fair.c:846 __rb_insert_augmented+0x492/0xbf0 lib/rbtree.c:161 gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm] _raw_spin_lock_irqsave+0x92/0xf0 arch/x86/include/asm/atomic.h:107 __pfx_gsmld_ioctl+0x10/0x10 drivers/tty/n_gsm.c:3822 [n_gsm] ktime_get+0x5e/0x140 kernel/time/timekeeping.c:195 ldsem_down_read+0x94/0x4e0 arch/x86/include/asm/atomic64_64.h:79 __pfx_ldsem_down_read+0x10/0x10 drivers/tty/tty_ldsem.c:338 __pfx_do_vfs_ioctl+0x10/0x10 fs/ioctl.c:805 tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818 Allocated by task 65: gsm_data_alloc.constprop.0+0x27/0x190 drivers/tty/n_gsm.c:926 [n_gsm] gsm_send+0x2c/0x580 drivers/tty/n_gsm.c:819 [n_gsm] gsm1_receive+0x547/0xad0 drivers/tty/n_gsm.c:3038 [n_gsm] gsmld_receive_buf+0x176/0x280 drivers/tty/n_gsm.c:3609 [n_gsm] tty_ldisc_receive_buf+0x101/0x1e0 drivers/tty/tty_buffer.c:391 tty_port_default_receive_buf+0x61/0xa0 drivers/tty/tty_port.c:39 flush_to_ldisc+0x1b0/0x750 drivers/tty/tty_buffer.c:445 process_scheduled_works+0x2b0/0x10d0 kernel/workqueue.c:3229 worker_thread+0x3dc/0x950 kernel/workqueue.c:3391 kthread+0x2a3/0x370 kernel/kthread.c:389 ret_from_fork+0x2d/0x70 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:257 Freed by task 3367: kfree+0x126/0x420 mm/slub.c:4580 gsm_cleanup_mux+0x36c/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] gsmld_ioctl+0x395/0x1450 drivers/tty/n_gsm.c:3408 [n_gsm] tty_ioctl+0x643/0x1100 drivers/tty/tty_io.c:2818 [Analysis] gsm_msg on the tx_ctrl_list or tx_data_list of gsm_mux can be freed by multi threads through ioctl,which leads to the occurrence of uaf. Protect it by gsm tx lock. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-50073 CVE - 2024-50073 DLA-4008-1

Debian: CVE-2024-50074: linux, linux-6.1 -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/29/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf().However, since snprintf() returns the would-be-printed size, not the actually output size, the length calculation can still go over the given limit. Use scnprintf() instead of snprintf(), which returns the actually output letters, for addressing the potential out-of-bounds access properly. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-50074 CVE - 2024-50074 DLA-4008-1

Debian: CVE-2024-50087: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/29/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/30/2025 Description In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fails to allocate the corresponding buffer.Thus, it is not guaranteed that fscrypt_str.name is initialized when freeing it. This is a follow-up to the linked patch that fixes the remaining instances of the bug introduced by commit e43eec81c516 ("btrfs: use struct qstr instead of name and namelen pairs"). Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-50087 CVE - 2024-50087 DLA-4008-1

Debian: CVE-2024-50069: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/29/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-50069 CVE - 2024-50069 DLA-4008-1

Debian: CVE-2024-49769: waitress -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/29/2024 Created 11/26/2024 Added 11/25/2024 Modified 01/30/2025 Description Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition. Solution(s) debian-upgrade-waitress References https://attackerkb.com/topics/cve-2024-49769 CVE - 2024-49769 DLA-3955-1

Debian: CVE-2024-50077: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/29/2024 Created 11/12/2024 Added 11/11/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix multiple init when debugfs is disabled If bt_debugfs is not created successfully, which happens if either CONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init() returns early and does not set iso_inited to true. This means that a subsequent call to iso_init() will result in duplicate calls to proto_register(), bt_sock_register(), etc. With CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, the duplicate call to proto_register() triggers this BUG(): list_add double add: new=ffffffffc0b280d0, prev=ffffffffbab56250, next=ffffffffc0b280d0. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:35! Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 2 PID: 887 Comm: bluetoothd Not tainted 6.10.11-1-ao-desktop #1 RIP: 0010:__list_add_valid_or_report+0x9a/0xa0 ... __list_add_valid_or_report+0x9a/0xa0 proto_register+0x2b5/0x340 iso_init+0x23/0x150 [bluetooth] set_iso_socket_func+0x68/0x1b0 [bluetooth] kmem_cache_free+0x308/0x330 hci_sock_sendmsg+0x990/0x9e0 [bluetooth] __sock_sendmsg+0x7b/0x80 sock_write_iter+0x9a/0x110 do_iter_readv_writev+0x11d/0x220 vfs_writev+0x180/0x3e0 do_writev+0xca/0x100 ... This change removes the early return. The check for iso_debugfs being NULL was unnecessary, it is always NULL when iso_inited is false. Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-50077 CVE - 2024-50077 DLA-4008-1

Red Hat: CVE-2024-10461: firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 11/14/2024 Description In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2024-10461 RHSA-2024:8720 RHSA-2024:8722 RHSA-2024:8726 RHSA-2024:8728 RHSA-2024:8729 RHSA-2024:8790 RHSA-2024:8793 RHSA-2024:9018 RHSA-2024:9552 RHSA-2024:9554 View more

MFSA2024-59 Thunderbird: Security Vulnerabilities fixed in Thunderbird 132 (CVE-2024-10461) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/29/2024 Created 10/31/2024 Added 10/30/2024 Modified 02/14/2025 Description In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) mozilla-thunderbird-upgrade-132_0 References https://attackerkb.com/topics/cve-2024-10461 CVE - 2024-10461 http://www.mozilla.org/security/announce/2024/mfsa2024-59.html

MFSA2024-59 Thunderbird: Security Vulnerabilities fixed in Thunderbird 132 (CVE-2024-10463) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 10/29/2024 Created 10/31/2024 Added 10/30/2024 Modified 02/14/2025 Description Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) mozilla-thunderbird-upgrade-132_0 References https://attackerkb.com/topics/cve-2024-10463 CVE - 2024-10463 http://www.mozilla.org/security/announce/2024/mfsa2024-59.html