ISHACK AI BOT

FreeBSD: (Multiple Advisories) (CVE-2024-10487): electron31 -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/29/2024 Created 11/05/2024 Added 11/03/2024 Modified 01/28/2025 Description Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron31 freebsd-upgrade-package-electron32 freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2024-10487

Debian: CVE-2024-50072: linux, linux-6.1 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/29/2024 Created 12/03/2024 Added 12/02/2024 Modified 01/28/2025 Description In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was executing vm86() system call: general protection fault: 0000 [#1] PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin Not tainted 6.6.21-gentoo-x86 #1 Hardware name: Dell Inc. PowerEdge 1950/0H723K, BIOS 2.7.0 10/30/2010 EIP: restore_all_switch_stack+0xbe/0xcf EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000 ESI: 00000000 EDI: 00000000 EBP: 00000000 ESP: ff8affdc DS: 0000 ES: 0000 FS: 0000 GS: 0033 SS: 0068 EFLAGS: 00010046 CR0: 80050033 CR2: 00c2101c CR3: 04b6d000 CR4: 000406d0 Call Trace: show_regs+0x70/0x78 die_addr+0x29/0x70 exc_general_protection+0x13c/0x348 exc_bounds+0x98/0x98 handle_exception+0x14d/0x14d exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf exc_bounds+0x98/0x98 restore_all_switch_stack+0xbe/0xcf This only happens in 32-bit mode when VERW based mitigations like MDS/RFDS are enabled. This is because segment registers with an arbitrary user value can result in #GP when executing VERW. Intel SDM vol. 2C documents the following behavior for VERW instruction: #GP(0) - If a memory operand effective address is outside the CS, DS, ES, FS, or GS segment limit. CLEAR_CPU_BUFFERS macro executes VERW instruction before returning to user space. Use %cs selector to reference VERW operand. This ensures VERW will not #GP for an arbitrary user %ds. [ mingo: Fixed the SOB chain. ] Solution(s) debian-upgrade-linux debian-upgrade-linux-6-1 References https://attackerkb.com/topics/cve-2024-50072 CVE - 2024-50072 DSA-5818-1

Oracle Linux: CVE-2024-10463: ELSA-2024-8790:thunderbird security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/29/2024 Created 11/13/2024 Added 11/11/2024 Modified 01/07/2025 Description Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: Video frames could have been leaked between origins in some situations. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-10463 CVE - 2024-10463 ELSA-2024-8790 ELSA-2024-8793 ELSA-2024-8727 ELSA-2024-8726 ELSA-2024-8729 ELSA-2024-9554 ELSA-2024-9552 View more

Alma Linux: CVE-2024-10461: Moderate: firefox security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-10461 CVE - 2024-10461 https://errata.almalinux.org/8/ALSA-2024-8729.html https://errata.almalinux.org/8/ALSA-2024-8790.html https://errata.almalinux.org/9/ALSA-2024-8726.html https://errata.almalinux.org/9/ALSA-2024-8793.html https://errata.almalinux.org/9/ALSA-2024-9552.html https://errata.almalinux.org/9/ALSA-2024-9554.html View more

Alma Linux: CVE-2024-10463: Moderate: firefox security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-10463 CVE - 2024-10463 https://errata.almalinux.org/8/ALSA-2024-8729.html https://errata.almalinux.org/8/ALSA-2024-8790.html https://errata.almalinux.org/9/ALSA-2024-8726.html https://errata.almalinux.org/9/ALSA-2024-8793.html https://errata.almalinux.org/9/ALSA-2024-9552.html https://errata.almalinux.org/9/ALSA-2024-9554.html View more

FreeBSD: VID-8CAA5D60-A174-11EF-9A62-002590C1F29C (CVE-2024-39281): FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/29/2024 Created 11/15/2024 Added 11/14/2024 Modified 11/14/2024 Description The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. Solution(s) freebsd-upgrade-base-13_3-release-p8 freebsd-upgrade-base-13_4-release-p2 freebsd-upgrade-base-14_1-release-p6 References CVE-2024-39281

Alma Linux: CVE-2024-10467: Moderate: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-10467 CVE - 2024-10467 https://errata.almalinux.org/8/ALSA-2024-8729.html https://errata.almalinux.org/8/ALSA-2024-8790.html https://errata.almalinux.org/9/ALSA-2024-8726.html https://errata.almalinux.org/9/ALSA-2024-8793.html https://errata.almalinux.org/9/ALSA-2024-9552.html https://errata.almalinux.org/9/ALSA-2024-9554.html View more

Alma Linux: CVE-2024-10459: Moderate: firefox security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2024-10459 CVE - 2024-10459 https://errata.almalinux.org/8/ALSA-2024-8729.html https://errata.almalinux.org/8/ALSA-2024-8790.html https://errata.almalinux.org/9/ALSA-2024-8726.html https://errata.almalinux.org/9/ALSA-2024-8793.html https://errata.almalinux.org/9/ALSA-2024-9552.html https://errata.almalinux.org/9/ALSA-2024-9554.html View more

Ubuntu: USN-7086-1 (CVE-2024-10464): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-10464 CVE - 2024-10464 USN-7086-1

Ubuntu: USN-7086-1 (CVE-2024-10463): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-10463 CVE - 2024-10463 USN-7086-1

Ubuntu: USN-7086-1 (CVE-2024-10458): Firefox vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-10458 CVE - 2024-10458 USN-7086-1

Ubuntu: USN-7086-1 (CVE-2024-10460): Firefox vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-10460 CVE - 2024-10460 USN-7086-1

Ubuntu: USN-7086-1 (CVE-2024-10465): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/30/2025 Description A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-10465 CVE - 2024-10465 USN-7086-1

Ubuntu: USN-7086-1 (CVE-2024-10468): Firefox vulnerabilities Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-10468 CVE - 2024-10468 USN-7086-1

Ubuntu: USN-7086-1 (CVE-2024-10467): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/29/2024 Created 11/05/2024 Added 11/04/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2024-10467 CVE - 2024-10467 USN-7086-1

OS X update for Safari (CVE-2024-44155) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/28/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 18, iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, watchOS 11, iOS 18 and iPadOS 18. Maliciously crafted web content may violate iframe sandboxing policy. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44155 CVE - 2024-44155 https://support.apple.com/en-us/121238

Ubuntu: (Multiple Advisories) (CVE-2024-49761): Ruby vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/28/2024 Created 11/07/2024 Added 11/06/2024 Modified 01/28/2025 Description REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability. Solution(s) ubuntu-upgrade-libruby2-7 ubuntu-upgrade-libruby3-0 ubuntu-upgrade-libruby3-2 ubuntu-upgrade-libruby3-3 ubuntu-upgrade-ruby2-7 ubuntu-upgrade-ruby3-0 ubuntu-upgrade-ruby3-2 ubuntu-upgrade-ruby3-3 References https://attackerkb.com/topics/cve-2024-49761 CVE - 2024-49761 USN-7091-1 USN-7091-2

OS X update for sips (CVE-2024-44279) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 10/28/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. Parsing a file may lead to disclosure of user information. Solution(s) apple-osx-upgrade-13_7_1 apple-osx-upgrade-14_7_1 apple-osx-upgrade-15_1 References https://attackerkb.com/topics/cve-2024-44279 CVE - 2024-44279 https://support.apple.com/en-us/121564 https://support.apple.com/en-us/121568 https://support.apple.com/en-us/121570

OS X update for Shortcuts (CVE-2024-44254) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/28/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 11.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, iOS 18.1 and iPadOS 18.1. An app may be able to access sensitive user data. Solution(s) apple-osx-upgrade-13_7_1 apple-osx-upgrade-14_7_1 apple-osx-upgrade-15_1 References https://attackerkb.com/topics/cve-2024-44254 CVE - 2024-44254 https://support.apple.com/en-us/121564 https://support.apple.com/en-us/121568 https://support.apple.com/en-us/121570

OS X update for SceneKit (CVE-2024-44144) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 10/28/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, macOS Sequoia 15, macOS Sonoma 14.7.1, tvOS 18, watchOS 11, visionOS 2, iOS 18 and iPadOS 18. Processing a maliciously crafted file may lead to unexpected app termination. Solution(s) apple-osx-upgrade-14_7_1 apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44144 CVE - 2024-44144 https://support.apple.com/en-us/121238 https://support.apple.com/en-us/121570

OS X update for Screen Capture (CVE-2024-44174) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/28/2024 Created 11/01/2024 Added 10/31/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An attacker may be able to view restricted content from the lock screen. Solution(s) apple-osx-upgrade-15 References https://attackerkb.com/topics/cve-2024-44174 CVE - 2024-44174 https://support.apple.com/en-us/121238

Red Hat: CVE-2024-44244: webkitgtk: webkit2gtk: Processing maliciously crafted web content may lead to an unexpected process crash (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 10/28/2024 Created 11/28/2024 Added 11/27/2024 Modified 11/27/2024 Description A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) redhat-upgrade-webkit2gtk3 redhat-upgrade-webkit2gtk3-debuginfo redhat-upgrade-webkit2gtk3-debugsource redhat-upgrade-webkit2gtk3-devel redhat-upgrade-webkit2gtk3-devel-debuginfo redhat-upgrade-webkit2gtk3-jsc redhat-upgrade-webkit2gtk3-jsc-debuginfo redhat-upgrade-webkit2gtk3-jsc-devel redhat-upgrade-webkit2gtk3-jsc-devel-debuginfo References CVE-2024-44244 RHSA-2024:9545 RHSA-2024:9553 RHSA-2024:9636 RHSA-2024:9638 RHSA-2024:9646

Red Hat: CVE-2024-49761: rexml: REXML ReDoS vulnerability (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/28/2024 Created 02/11/2025 Added 02/10/2025 Modified 02/10/2025 Description REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability. Solution(s) redhat-upgrade-ruby redhat-upgrade-ruby-bundled-gems redhat-upgrade-ruby-bundled-gems-debuginfo redhat-upgrade-ruby-debuginfo redhat-upgrade-ruby-debugsource redhat-upgrade-ruby-default-gems redhat-upgrade-ruby-devel redhat-upgrade-ruby-doc redhat-upgrade-ruby-irb redhat-upgrade-ruby-libs redhat-upgrade-ruby-libs-debuginfo redhat-upgrade-rubygem-abrt redhat-upgrade-rubygem-abrt-doc redhat-upgrade-rubygem-bigdecimal redhat-upgrade-rubygem-bigdecimal-debuginfo redhat-upgrade-rubygem-bson redhat-upgrade-rubygem-bson-debuginfo redhat-upgrade-rubygem-bson-debugsource redhat-upgrade-rubygem-bson-doc redhat-upgrade-rubygem-bundler redhat-upgrade-rubygem-bundler-doc redhat-upgrade-rubygem-did_you_mean redhat-upgrade-rubygem-io-console redhat-upgrade-rubygem-io-console-debuginfo redhat-upgrade-rubygem-irb redhat-upgrade-rubygem-json redhat-upgrade-rubygem-json-debuginfo redhat-upgrade-rubygem-minitest redhat-upgrade-rubygem-mongo redhat-upgrade-rubygem-mongo-doc redhat-upgrade-rubygem-mysql2 redhat-upgrade-rubygem-mysql2-debuginfo redhat-upgrade-rubygem-mysql2-debugsource redhat-upgrade-rubygem-mysql2-doc redhat-upgrade-rubygem-net-telnet redhat-upgrade-rubygem-openssl redhat-upgrade-rubygem-openssl-debuginfo redhat-upgrade-rubygem-pg redhat-upgrade-rubygem-pg-debuginfo redhat-upgrade-rubygem-pg-debugsource redhat-upgrade-rubygem-pg-doc redhat-upgrade-rubygem-power_assert redhat-upgrade-rubygem-psych redhat-upgrade-rubygem-psych-debuginfo redhat-upgrade-rubygem-rake redhat-upgrade-rubygem-rbs redhat-upgrade-rubygem-rbs-debuginfo redhat-upgrade-rubygem-rdoc redhat-upgrade-rubygem-rexml redhat-upgrade-rubygem-rss redhat-upgrade-rubygem-test-unit redhat-upgrade-rubygem-typeprof redhat-upgrade-rubygem-xmlrpc redhat-upgrade-rubygems redhat-upgrade-rubygems-devel References CVE-2024-49761 RHSA-2024:10834 RHSA-2024:10850 RHSA-2024:10858 RHSA-2024:10860 RHSA-2024:10961 RHSA-2024:10964 RHSA-2024:10966 RHSA-2024:10982 RHSA-2024:10984 RHSA-2024:11001 View more

Ubuntu: USN-7113-1 (CVE-2024-44244): WebKitGTK vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 10/28/2024 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) ubuntu-upgrade-libjavascriptcoregtk-4-0-18 ubuntu-upgrade-libjavascriptcoregtk-4-1-0 ubuntu-upgrade-libjavascriptcoregtk-6-0-1 ubuntu-upgrade-libwebkit2gtk-4-0-37 ubuntu-upgrade-libwebkit2gtk-4-1-0 ubuntu-upgrade-libwebkitgtk-6-0-4 References https://attackerkb.com/topics/cve-2024-44244 CVE - 2024-44244 USN-7113-1

Rocky Linux: CVE-2024-44244: webkit2gtk3 (RLSA-2024-9636) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:P) Published 10/28/2024 Created 11/21/2024 Added 11/20/2024 Modified 01/28/2025 Description A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unexpected process crash. Solution(s) rocky-upgrade-webkit2gtk3 rocky-upgrade-webkit2gtk3-debuginfo rocky-upgrade-webkit2gtk3-debugsource rocky-upgrade-webkit2gtk3-devel rocky-upgrade-webkit2gtk3-devel-debuginfo rocky-upgrade-webkit2gtk3-jsc rocky-upgrade-webkit2gtk3-jsc-debuginfo rocky-upgrade-webkit2gtk3-jsc-devel rocky-upgrade-webkit2gtk3-jsc-devel-debuginfo References https://attackerkb.com/topics/cve-2024-44244 CVE - 2024-44244 https://errata.rockylinux.org/RLSA-2024:9636