Posted by Apple Product Security via Fulldisclosure on Oct 07
APPLE-SA-10-03-2024-1 iOS 18.0.1 and iPadOS 18.0.1
iOS 18.0.1 and iPadOS 18.0.1 addresses the following issues.
Information about the security content is also available at https://support.apple.com/121373.
Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent
software updates with security advisories.
Media Session
Available for: iPhone 16 (all models)
Impact: Audio messages in Messages may be able to…
update to 8.0.1
fixes
(CVE-2024-31449) Lua library commands may lead to stack overflow and potential RCE.
(CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors.
(CVE-2024-31228) Potential Denial-of-service due to unbounded pattern matching.
update to 8.0.1
fixes
(CVE-2024-31449) Lua library commands may lead to stack overflow and potential RCE.
(CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors.
(CVE-2024-31228) Potential Denial-of-service due to unbounded pattern matching.
update to 8.0.1
fixes
(CVE-2024-31449) Lua library commands may lead to stack overflow and potential RCE.
(CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors.
(CVE-2024-31228) Potential Denial-of-service due to unbounded pattern matching.
update to 8.0.1
fixes
(CVE-2024-31449) Lua library commands may lead to stack overflow and potential RCE.
(CVE-2024-31227) Potential Denial-of-service due to malformed ACL selectors.
(CVE-2024-31228) Potential Denial-of-service due to unbounded pattern matching.
It was discovered that WEBrick incorrectly handled having both a Content-
Length header and a Transfer-Encoding header. A remote attacker could
possibly use this issue to perform a HTTP request smuggling attack.
USN-7043-1 fixed a vulnerability in cups-filters. This update provides
the corresponding update for Ubuntu 16.04 LTS
Original advisory details:
Simone Margaritelli discovered that the cups-filters cups-browsed
component could be used to create arbitrary printers from outside
the local network. In combination with issues in other printing
components, a remote attacker could possibly use this issue to
connect to a system, created manipulated PPD files, and execute
arbitrary code when a printer is used. This update
disables support for the legacy CUPS printer discovery protocol.
(CVE-2024-47176)