CIS Benchmarks November 2024 UpdateThu, 07 Nov 2024 09:20:00 -0500 Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for November 2024.
Debian Security Advisory 5822-1Mon, 02 Dec 2024 18:09:54 GMT Debian Linux Security Advisory 5822-1 - It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, is prone to a XXE vulnerability when loading an (untrusted) XML document.
Debian Security Advisory 5821-1Mon, 02 Dec 2024 18:09:41 GMT Debian Linux Security Advisory 5821-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
Debian Security Advisory 5820-1Mon, 02 Dec 2024 18:09:30 GMT Debian Linux Security Advisory 5820-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing or cross-site scripting.
Ubuntu Security Notice USN-7132-1Mon, 02 Dec 2024 18:07:46 GMT Ubuntu Security Notice 7132-1 - It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is able to intercept network communications could possibly use this issue to inject error messages that could be interpreted as valid query results.
Ubuntu Security Notice USN-6846-2Mon, 02 Dec 2024 18:07:30 GMT Ubuntu Security Notice 6846-2 - USN-6846-1 fixed vulnerabilities in ansible. The update introduced a regression in ansible. This update fixes the problem. It was discovered that Ansible incorrectly handled certain inputs when using tower_callback parameter. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
Ubuntu Security Notice USN-7131-1Mon, 02 Dec 2024 18:07:08 GMT Ubuntu Security Notice 7131-1 - It was discovered that Vim incorrectly handled memory when closing a buffer, leading to use-after-free. If a user was tricked into opening a specially crafted file, an attacker could crash the application, leading to a denial of service.
Ubuntu Security Notice USN-7092-2Mon, 02 Dec 2024 18:00:20 GMT Ubuntu Security Notice 7092-2 - USN-7092-1 fixed a vulnerability in mpg123. Bastien Roucariès discovered that the fix was incomplete on Ubuntu 20.04 LTS. This update fixes the problem. It was discovered that mpg123 incorrectly handled certain mp3 files. If a user or automated system were tricked into opening a specially crafted mp3 file, a remote attacker could use this issue to cause mpg123 to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2024-8704-03Mon, 02 Dec 2024 17:59:58 GMT Red Hat Security Advisory 2024-8704-03 - Kube Descheduler Operator for Red Hat OpenShift 5.0.2 for RHEL 9.
Red Hat Security Advisory 2024-10704-03Mon, 02 Dec 2024 17:59:51 GMT Red Hat Security Advisory 2024-10704-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.
Red Hat Security Advisory 2024-10702-03Mon, 02 Dec 2024 17:59:44 GMT Red Hat Security Advisory 2024-10702-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.
Red Hat Security Advisory 2024-10677-03Mon, 02 Dec 2024 17:59:38 GMT Red Hat Security Advisory 2024-10677-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2024-10667-03Mon, 02 Dec 2024 17:59:30 GMT Red Hat Security Advisory 2024-10667-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.
Red Hat Security Advisory 2024-10666-03Mon, 02 Dec 2024 17:59:18 GMT Red Hat Security Advisory 2024-10666-03 - An update for the gimp:2.8.22 module is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2024-10665-03Mon, 02 Dec 2024 17:56:55 GMT Red Hat Security Advisory 2024-10665-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes a security fix. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-10595-03Mon, 02 Dec 2024 17:56:37 GMT Red Hat Security Advisory 2024-10595-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2024-10594-03Mon, 02 Dec 2024 17:56:29 GMT Red Hat Security Advisory 2024-10594-03 - An update for libreswan is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-10593-03Mon, 02 Dec 2024 17:56:21 GMT Red Hat Security Advisory 2024-10593-03 - An update for the postgresql:16 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Issues addressed include a code execution vulnerability.
Red Hat Security Advisory 2024-10592-03Mon, 02 Dec 2024 17:55:56 GMT Red Hat Security Advisory 2024-10592-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.
Red Hat Security Advisory 2024-10591-03Mon, 02 Dec 2024 17:55:29 GMT Red Hat Security Advisory 2024-10591-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.
Red Hat Security Advisory 2024-10590-03Mon, 02 Dec 2024 17:54:51 GMT Red Hat Security Advisory 2024-10590-03 - An update for python-tornado is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-10501-03Mon, 02 Dec 2024 17:54:22 GMT Red Hat Security Advisory 2024-10501-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2024-10496-03Mon, 02 Dec 2024 17:52:49 GMT Red Hat Security Advisory 2024-10496-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2024-10489-03Mon, 02 Dec 2024 17:52:27 GMT Red Hat Security Advisory 2024-10489-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2024-10482-03Mon, 02 Dec 2024 17:52:21 GMT Red Hat Security Advisory 2024-10482-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2024-10481-03Mon, 02 Dec 2024 17:52:13 GMT Red Hat Security Advisory 2024-10481-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.