December Linux Patch Wednesday. There are 316 vulnerabilities in total. Compared to November LPW – much better. 🙂 119 are in Linux Kernel.
Two vulnerabilities with signs of exploitation in the wild. Both in Safari:
🔻 RCE – Safari (CVE-2024-44308)
🔻 XSS – Safari (CVE-2024-44309)
These vulnerabilities are fixed not in Safari, but in packages of the WebKit browser engine.
There are no signs of exploitation in the wild for 19 vulnerabilities yet, but there are public exploits. The following can be highlighted:
🔸 RCE – Moodle (CVE-2024-43425). First fix in the Linux vendor repository appeared on 2024-11-21 (RedOS)
🔸 Command Injection – Grafana (CVE-2024-9264)
🔸 Command Injection – virtualenv (CVE-2024-53899)
🔸 SQLi – Zabbix (CVE-2024-42327)
🔸 Data Leakage – Apache Tomcat (CVE-2024-52317)
🗒 Vulristics December Linux Patch Wednesday Report
🎉🆕 I released Vulristics 1.0.9 with improved detection of vulnerable software based on CVE description.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.