September Linux Patch Wednesday. 460 vulnerabilities. Of these, 279 are in the Linux Kernel.
2 vulnerabilities with signs of exploitation in the wild, but without public exploits:
🔻 Security Feature Bypass – Chromium (CVE-2024-7965)
🔻 Memory Corruption – Chromium (CVE-2024-7971)
29 vulnerabilities with no sign of exploitation in the wild, but with a link to a public exploit or a sign of its existence. Can be highlighted:
🔸 Remote Code Execution – pgAdmin (CVE-2024-2044), SPIP (CVE-2024-7954), InVesalius (CVE-2024-42845)
🔸 Command Injection – SPIP (CVE-2024-8517)
Among them are vulnerabilities from 2023, fixed in repos only now (in RedOS):
🔸 Remote Code Execution – webmin (CVE-2023-38303)
🔸 Code Injection – webmin (CVE-2023-38306, CVE-2023-38308)
🔸 Information Disclosure – KeePass (CVE-2023-24055)
Debian brought “Google Chrome on Windows” vulnerabilities. 😣👎
🗒 Vulristics September Linux Patch Wednesday Report
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.