January Linux Patch Wednesday. Out of 424 total vulnerabilities, 271 are in the Linux Kernel. None show signs of exploitation in the wild, but 9 have public exploits.
🔸 RCE - Apache Tomcat (CVE-2024-56337). Based on the description, the vulnerability affects "case-insensitive file systems" like Windows or MacOS. However, Debian lists it as affecting tomcat9 and tomcat10. Either this is about rare case-insensitive Linux installations or there is an error in the description. 🤷♂️
🔸 RCE - Chromium (CVE-2025-0291). According to the FSTEC BDU, a public exploit exists.
🔸 RCE - 7-Zip (CVE-2024-11477). What's in the public is not an exploit, but a write-up.
🔸 Memory Corruption - Theora (CVE-2024-56431). It's not clear yet how to exploit this. 🤷♂️
🔸 Memory Corruption - Telegram (CVE-2021-31320, CVE-2021-31319, CVE-2021-31315, CVE-2021-31318, CVE-2021-31322). Ubuntu fixed these vulnerabilities in the rlottie library package.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю подписаться на мой канал @avleonovrus "Управление Уязвимостями и прочее" в MAX или в Telegram.