It has been discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library. Included in this archive are not only the advisory but additional data and a testing script to see if you're affected.
24e782ee2711640bef44e50dae3e4bd40c2ec8ddbbf87dbc1461e7d4aa22e1dbDebian Linux Security Advisory 5649-1 - Andres Freund discovered that the upstream source tarballs for xz-utils, the XZ-format compression utilities, are compromised and inject malicious code, at build time, into the resulting liblzma5 library.
a36f16841d48439de0dca87969734d17803a93009098f4ca6fe3dd1c574bdc99Debian Linux Security Advisory 5648-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
d045fe2df3a7b0da1744ec322c6841faa9dc1ec5194d51870e6e7ca36abd50d6Ubuntu Security Notice 6707-4 - Lonial Con discovered that the netfilter subsystem in the Linux kernel did not properly handle element deactivation in certain cases, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Notselwyn discovered that the netfilter subsystem in the Linux kernel did not properly handle verdict parameters in certain cases, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
1e54ff144f57b2bd5a30a36e13436904969117b6a92329a52019596e2864df7aUbuntu Security Notice 6704-4 - It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service. Quentin Minster discovered that the KSMBD implementation in the Linux kernel did not properly handle session setup requests. A remote attacker could possibly use this to cause a denial of service.
4c20532debf7fe54f300253a8836c32c86a73b576ba2f48d948c642e26473036Intel PowerGadget version 3.6 suffers from a local privilege escalation vulnerability.
7c432edb9faa64203476b212e783bee97c24deb2ea70d71ff8bea318abd872feRed Hat Security Advisory 2024-1570-03 - Updated images are now available for Red Hat Advanced Cluster Security. Issues addressed include a denial of service vulnerability.
fc473960b45c7dead718a19c5497a2d2cefaf2ace8dddbdd11c7ab3b3f104830Ubuntu Security Notice 6715-1 - It was discovered that unixODBC incorrectly handled certain bytes. An attacker could use this issue to execute arbitrary code or cause a crash.
90500728052033e5941baa0debec66d17de2cf01ce56e1158e2523b231aff382Ubuntu Security Notice 6719-1 - Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.
ca6568bf9c3d47e1fa51be307d45564e306e622e9860f212c34d8a91f5a5e9deApple Security Advisory 03-25-2024-1 - Safari 17.4.1 addresses code execution and out of bounds write vulnerabilities.
f471ba7362f0f2b90319b73a7dc453ffcc58fe3527cb6cd08febf40e4748b5beRed Hat Security Advisory 2024-1557-03 - An update is now available for Red Hat OpenShift Builds 1.0. Issues addressed include denial of service and traversal vulnerabilities.
d29131168c6739c5f0e4cc9ca1fc6e36a8598723c0d447439443d07a778f5f03Red Hat Security Advisory 2024-1555-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
d54151bacb05204bba9e5815332d0b2dc57e10762149b6a53a140110b66a0156Red Hat Security Advisory 2024-1554-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
83824ae558a589ad40270cf3400f18a45b628d62f041edcab023885a5dd3d023Red Hat Security Advisory 2024-1553-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
30063cb073472365838f87d661f1130cf3a33293c62da11e429b2ab2ba96dba0Red Hat Security Advisory 2024-1552-03 - An update for.NET 6.0 is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
32501da709d2c9da666f8fa0b5b3db3389b9ca903bc3a5b59b0f3095f927deeaRed Hat Security Advisory 2024-1549-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes. Issues addressed include a traversal vulnerability.
613d16768e9453ed32d3909631e18954f65e67b01b9f4224704d674f28b94e98Red Hat Security Advisory 2024-1545-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.
6d39b9eda6e5d29e0e08583b1035ea45733058060bd2b0ab5476fa86f07636ddRed Hat Security Advisory 2024-1544-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
8d6947f4e3101dfe04b20bbb3ae830e7dfd57b406038e317ea2a6fc0f87e7bdbRed Hat Security Advisory 2024-1543-03 - An update for dnsmasq is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
acffe01fb5ff57defec5ec2a6269ed6386116513913de74d19d65127c368faffRed Hat Security Advisory 2024-1538-03 - An update for cnf-tests-container, dpdk-base-container, performance-addon-operator-must-gather NUMA-aware secondary scheduler, numaresources-operator is now available for Red Hat OpenShift Container Platform 4.12.
2a8ae5dc5326d3cae4397b5faa8148eb17d26e5c9b9db21409f3ff87f2656fccUbuntu Security Notice 6686-5 - It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Cypress touchscreen driver in the Linux kernel during device removal, leading to a use-after- free vulnerability. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.
2cf164acfc4647fa9f9d903eb698a241428bb60c804a90e576400594cbc4ac09Apple Security Advisory 03-25-2024-2 - macOS Sonoma 14.4.1 addresses code execution and out of bounds write vulnerabilities.
aa1fea3125ddd9a33b68d4eb2f5f45f2cb316680beb32f3c34b1ae1698937f06Red Hat Security Advisory 2024-1537-03 - An update for cnf-tests-container, dpdk-base-container, performance-addon-operator-must-gather NUMA-aware secondary scheduler, numaresources-operator is now available for Red Hat OpenShift Container Platform 4.13.
c960077309521acadd02ab7e94ad56ec82465691b07a8586cd972b49aad94c5fUbuntu Security Notice 6718-2 - USN-6718-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that curl incorrectly handled memory when limiting the amount of headers when HTTP/2 server push is allowed. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service.
254eb20ecc0dee862c1a54519635302b51b16e509db5e12799dbd97629205e05Apple Security Advisory 03-25-2024-3 - macOS Ventura 13.6.6 addresses code execution and out of bounds write vulnerabilities.
ced72f1a9374599bb4ba896407973597325dc34e5418151e9fa366065fa1f9d8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed