FEDORA-EPEL-2024-ee61987af9
Packages in this update:
python-webob-1.8.8-1.el8
Update description:
Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
python-webob-1.8.8-1.el8
Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
python-webob-1.8.8-1.fc41
Automatic update for python-webob-1.8.8-1.fc41.
* Thu Aug 15 2024 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> – 1.8.8-1
– Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
– pypi_source constructed manually according to project/name case inconsistency
– only require legacy-cgi on on systems where it’s present
– remove python3.9 patch (applied upstream)
python-webob-1.8.8-1.fc42
Automatic update for python-webob-1.8.8-1.fc42.
* Thu Aug 15 2024 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> – 1.8.8-1
– Update to upstream. Fix open redirect issue in 1.8-branch rhbz#2305065
– pypi_source constructed manually according to project/name case inconsistency
– only require legacy-cgi on on systems where it’s present
– remove python3.9 patch (applied upstream)
What are the Vulnerabilities?Threat actors are exploiting multiple zero-day vulnerabilities that were recently disclosed on the Microsoft Security Patch Tuesday- August, 2024. The six actively exploited zero-day vulnerabilities were also added to CISA’s Known Exploited Vulnerabilities catalog (KEV) after the disclosure. [August 2024 Security Updates- Release Notes- Microsoft]• CVE-2024-38189: Microsoft Project Remote Code Execution Vulnerability• CVE-2024-38178: Microsoft Windows Scripting Engine Memory Corruption Vulnerability• CVE-2024-38213: Microsoft Windows SmartScreen Security Feature Bypass Vulnerability• CVE-2024-38193: Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability• CVE-2024-38106: Microsoft Windows Kernel Privilege Escalation Vulnerability• CVE-2024-38107: Microsoft Windows Power Dependency Coordinator Privilege Escalation VulnerabilityWhat is the recommended Mitigation?Microsoft has released security updates for these actively exploited vulnerabilities along with other publicly disclosed vulnerabilities. Please see Appendix for the Individual Microsoft Security update guide.What FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by Microsoft immediately to secure their systems.FortiGuard Endpoint Vulnerability Service provides a systematic and automated method of patching applications on an endpoint, eliminating manual processes while reducing the attack surface.Endpoint Vulnerability | FortiGuard LabsFortiGuard IPS Signatures are available for protection against the exploitation of vulnerabilities where applicable. Intrusion Prevention | CVE-2024-38178 Intrusion Prevention | CVE-2024-38193Intrusion Prevention | CVE-2024-38106The FortiGuard Incident Response team can be engaged to help with any suspected compromise.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-37399.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-38653.
This vulnerability allows remote attackers to delete arbitrary files on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-38652.
It was discovered that BusyBox did not properly validate user input when
performing certain arithmetic operations. If a user or automated system
were tricked into processing a specially crafted file, an attacker could
possibly use this issue to cause a denial of service, or execute arbitrary
code. (CVE-2022-48174)
It was discovered that BusyBox incorrectly managed memory when evaluating
certain awk expressions. An attacker could possibly use this issue to cause
a denial of service, or execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS. (CVE-2023-42363, CVE-2023-42364, CVE-2023-42365)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– M68K architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Accessibility subsystem;
– Character device driver;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Hardware crypto device drivers;
– Buffer Sharing and Synchronization framework;
– FireWire subsystem;
– GPU drivers;
– HW tracing;
– Macintosh device drivers;
– Multiple devices driver;
– Media drivers;
– Network drivers;
– Pin controllers subsystem;
– S/390 drivers;
– SCSI drivers;
– SoundWire subsystem;
– Greybus lights staging drivers;
– TTY drivers;
– Framebuffer layer;
– Virtio drivers;
– 9P distributed file system;
– eCrypt file system;
– EROFS file system;
– Ext4 file system;
– F2FS file system;
– JFFS2 file system;
– Network file system client;
– NILFS2 file system;
– SMB network file system;
– Kernel debugger infrastructure;
– IRQ subsystem;
– Tracing infrastructure;
– Dynamic debug library;
– 9P file system network protocol;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Netfilter;
– NET/ROM layer;
– NFC subsystem;
– NSH protocol;
– Open vSwitch;
– Phonet protocol;
– TIPC protocol;
– Unix domain sockets;
– Wireless networking;
– eXpress Data Path;
– XFRM subsystem;
– ALSA framework;
(CVE-2024-36934, CVE-2024-38578, CVE-2024-38600, CVE-2024-27399,
CVE-2024-39276, CVE-2024-38596, CVE-2024-36933, CVE-2024-36919,
CVE-2024-35976, CVE-2024-37356, CVE-2023-52585, CVE-2024-38558,
CVE-2024-38560, CVE-2024-38634, CVE-2024-36959, CVE-2024-38633,
CVE-2024-36886, CVE-2024-27398, CVE-2024-39493, CVE-2024-26886,
CVE-2024-31076, CVE-2024-38559, CVE-2024-38615, CVE-2024-36971,
CVE-2024-38627, CVE-2024-36964, CVE-2024-38780, CVE-2024-37353,
CVE-2024-38621, CVE-2024-36883, CVE-2024-39488, CVE-2024-38661,
CVE-2024-36939, CVE-2024-38589, CVE-2024-38565, CVE-2024-38381,
CVE-2024-35947, CVE-2024-36905, CVE-2022-48772, CVE-2024-36017,
CVE-2024-36946, CVE-2024-27401, CVE-2024-38579, CVE-2024-38612,
CVE-2024-38598, CVE-2024-38635, CVE-2024-38587, CVE-2024-38567,
CVE-2024-38549, CVE-2024-36960, CVE-2023-52752, CVE-2024-27019,
CVE-2024-38601, CVE-2024-39489, CVE-2024-39467, CVE-2023-52882,
CVE-2024-38583, CVE-2024-39480, CVE-2024-38607, CVE-2024-36940,
CVE-2024-38659, CVE-2023-52434, CVE-2024-36015, CVE-2024-38582,
CVE-2024-36950, CVE-2024-38552, CVE-2024-33621, CVE-2024-36954,
CVE-2024-39475, CVE-2024-39301, CVE-2024-38599, CVE-2024-36902,
CVE-2024-36286, CVE-2024-38613, CVE-2024-38637, CVE-2024-36941,
CVE-2024-36014, CVE-2024-38618, CVE-2024-36904, CVE-2024-36270,
CVE-2024-39292, CVE-2024-39471, CVE-2022-48674)
Nick Browning discovered that RMagick incorrectly handled memory under
certain operations. An attacker could possibly use this issue to cause
a denial of service through memory exhaustion.