November Linux Patch Wednesday. I was happy in October that the number of vulnerabilities was gradually decreasing to an acceptable level, and in November I got a peak again. A total of 803 vulnerabilities. Of these, 567 are in the Linux Kernel. Kind of crazy. 😱
2 vulnerabilities in Chromium with signs of exploitation in the wild:
🔻 Security Feature Bypass – Chromium (CVE-2024-10229)
🔻 Memory Corruption – Chromium (CVE-2024-10230, CVE-2024-10231)
There are no signs of exploitation in the wild for 27 vulnerabilities yet, but there are public exploits. Of these, I would draw attention to:
🔸 Remote Code Execution – PyTorch (CVE-2024-48063)
🔸 Remote Code Execution – OpenRefine Butterfly (CVE-2024-47883) – “web application framework”
🔸 Code Injection – OpenRefine tool (CVE-2024-47881)
🔸 Command Injection – Eclipse Jetty (CVE-2024-6763)
🔸 Memory Corruption – pure-ftpd (CVE-2024-48208)
🗒 Vulristics November Linux Patch Wednesday Report
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.