ISHACK AI BOT

Oracle Linux: CVE-2023-45143: ELSA-2023-5849: 18 security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:N/AC:H/Au:M/C:P/I:P/A:P) Published 10/12/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/08/2025 Description Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds. A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection. Solution(s) oracle-linux-upgrade-nodejs oracle-linux-upgrade-nodejs-devel oracle-linux-upgrade-nodejs-docs oracle-linux-upgrade-nodejs-full-i18n oracle-linux-upgrade-nodejs-nodemon oracle-linux-upgrade-nodejs-packaging oracle-linux-upgrade-nodejs-packaging-bundler oracle-linux-upgrade-npm References https://attackerkb.com/topics/cve-2023-45143 CVE - 2023-45143 ELSA-2023-5849 ELSA-2023-5869 ELSA-2023-7205

Amazon Linux AMI 2: CVE-2023-45142: Security patch for amazon-cloudwatch-agent, cri-tools (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/12/2023 Created 01/24/2024 Added 01/23/2024 Modified 01/30/2025 Description OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it. Solution(s) amazon-linux-ami-2-upgrade-amazon-cloudwatch-agent amazon-linux-ami-2-upgrade-cri-tools amazon-linux-ami-2-upgrade-cri-tools-debuginfo References https://attackerkb.com/topics/cve-2023-45142 AL2/ALAS-2024-2424 AL2/ALAS-2024-2446 CVE - 2023-45142

Amazon Linux AMI 2: CVE-2023-43789: Security patch for libXpm (ALAS-2023-2295) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 10/12/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/28/2025 Description A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. Solution(s) amazon-linux-ami-2-upgrade-libxpm amazon-linux-ami-2-upgrade-libxpm-debuginfo amazon-linux-ami-2-upgrade-libxpm-devel References https://attackerkb.com/topics/cve-2023-43789 AL2/ALAS-2023-2295 CVE - 2023-43789

SUSE: CVE-2023-40661: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 10/12/2023 Created 10/13/2023 Added 10/13/2023 Modified 01/28/2025 Description Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment. Solution(s) suse-upgrade-opensc suse-upgrade-opensc-32bit References https://attackerkb.com/topics/cve-2023-40661 CVE - 2023-40661

SUSE: CVE-2023-34327: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/12/2023 Created 10/13/2023 Added 10/13/2023 Modified 01/28/2025 Description [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely. Solution(s) suse-upgrade-xen suse-upgrade-xen-devel suse-upgrade-xen-doc-html suse-upgrade-xen-libs suse-upgrade-xen-libs-32bit suse-upgrade-xen-tools suse-upgrade-xen-tools-domu suse-upgrade-xen-tools-xendomains-wait-disk References https://attackerkb.com/topics/cve-2023-34327 CVE - 2023-34327

Alma Linux: CVE-2023-45143: Important: nodejs:18 security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:S/C:P/I:N/A:N) Published 10/12/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/30/2025 Description Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds. Solution(s) alma-upgrade-nodejs alma-upgrade-nodejs-devel alma-upgrade-nodejs-docs alma-upgrade-nodejs-full-i18n alma-upgrade-nodejs-nodemon alma-upgrade-nodejs-packaging alma-upgrade-nodejs-packaging-bundler alma-upgrade-npm References https://attackerkb.com/topics/cve-2023-45143 CVE - 2023-45143 https://errata.almalinux.org/8/ALSA-2023-5869.html https://errata.almalinux.org/8/ALSA-2023-7205.html https://errata.almalinux.org/9/ALSA-2023-5849.html

Amazon Linux 2023: CVE-2023-5388: Medium priority package update for nss Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 10/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens before any padding operations, it affects all padding modes: PKCS#1 v1.5, OAEP, and RSASVP. Both API level calls and TLS server operation are affected. Solution(s) amazon-linux-2023-upgrade-nspr amazon-linux-2023-upgrade-nspr-debuginfo amazon-linux-2023-upgrade-nspr-devel amazon-linux-2023-upgrade-nss amazon-linux-2023-upgrade-nss-debuginfo amazon-linux-2023-upgrade-nss-debugsource amazon-linux-2023-upgrade-nss-devel amazon-linux-2023-upgrade-nss-pkcs11-devel amazon-linux-2023-upgrade-nss-softokn amazon-linux-2023-upgrade-nss-softokn-debuginfo amazon-linux-2023-upgrade-nss-softokn-devel amazon-linux-2023-upgrade-nss-softokn-freebl amazon-linux-2023-upgrade-nss-softokn-freebl-debuginfo amazon-linux-2023-upgrade-nss-softokn-freebl-devel amazon-linux-2023-upgrade-nss-sysinit amazon-linux-2023-upgrade-nss-sysinit-debuginfo amazon-linux-2023-upgrade-nss-tools amazon-linux-2023-upgrade-nss-tools-debuginfo amazon-linux-2023-upgrade-nss-util amazon-linux-2023-upgrade-nss-util-debuginfo amazon-linux-2023-upgrade-nss-util-devel References https://attackerkb.com/topics/cve-2023-5388 CVE - 2023-5388 https://alas.aws.amazon.com/AL2023/ALAS-2024-492.html

Debian: CVE-2023-38545: curl -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/12/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/30/2025 Description This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. Solution(s) debian-upgrade-curl References https://attackerkb.com/topics/cve-2023-38545 CVE - 2023-38545 DSA-5523-1

Amazon Linux 2023: CVE-2023-45143: Important priority package update for nodejs Severity 4 CVSS (AV:N/AC:H/Au:M/C:P/I:P/A:P) Published 10/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds. A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection. Solution(s) amazon-linux-2023-upgrade-nodejs amazon-linux-2023-upgrade-nodejs-debuginfo amazon-linux-2023-upgrade-nodejs-debugsource amazon-linux-2023-upgrade-nodejs-devel amazon-linux-2023-upgrade-nodejs-docs amazon-linux-2023-upgrade-nodejs-full-i18n amazon-linux-2023-upgrade-nodejs-libs amazon-linux-2023-upgrade-nodejs-libs-debuginfo amazon-linux-2023-upgrade-nodejs-npm amazon-linux-2023-upgrade-v8-10-2-devel References https://attackerkb.com/topics/cve-2023-45143 CVE - 2023-45143 https://alas.aws.amazon.com/AL2023/ALAS-2023-412.html

Rocky Linux: CVE-2023-45143: nodejs-20 (RLSA-2023-7205) Severity 4 CVSS (AV:N/AC:M/Au:S/C:P/I:N/A:N) Published 10/12/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2023-45143: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:S/C:P/I:N/A:N) Published 10/12/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/28/2025 Description Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds. Solution(s) suse-upgrade-corepack16 suse-upgrade-corepack18 suse-upgrade-nodejs16 suse-upgrade-nodejs16-devel suse-upgrade-nodejs16-docs suse-upgrade-nodejs18 suse-upgrade-nodejs18-devel suse-upgrade-nodejs18-docs suse-upgrade-npm16 suse-upgrade-npm18 References https://attackerkb.com/topics/cve-2023-45143 CVE - 2023-45143

Debian: CVE-2023-45143: node-undici -- security update Severity 4 CVSS (AV:N/AC:M/Au:S/C:P/I:N/A:N) Published 10/12/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds. Solution(s) debian-upgrade-node-undici References https://attackerkb.com/topics/cve-2023-45143 CVE - 2023-45143

Debian: CVE-2023-45362: mediawiki -- security update Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 10/12/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/30/2025 Description An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak. Solution(s) debian-upgrade-mediawiki References https://attackerkb.com/topics/cve-2023-45362 CVE - 2023-45362 DSA-5520-1

Debian: CVE-2023-45133: node-babel7 -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/12/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/30/2025 Description Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/[email protected]` and `@babel/[email protected]`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3. Solution(s) debian-upgrade-node-babel7 References https://attackerkb.com/topics/cve-2023-45133 CVE - 2023-45133 DLA-3618-1 DSA-5528-1

CentOS Linux: CVE-2023-45143: Important: nodejs:18 security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:S/C:P/I:N/A:N) Published 10/12/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds. Solution(s) centos-upgrade-nodejs centos-upgrade-nodejs-debuginfo centos-upgrade-nodejs-debugsource centos-upgrade-nodejs-devel centos-upgrade-nodejs-docs centos-upgrade-nodejs-full-i18n centos-upgrade-nodejs-nodemon centos-upgrade-nodejs-packaging centos-upgrade-nodejs-packaging-bundler centos-upgrade-npm References CVE-2023-45143

Debian: CVE-2023-32723: zabbix -- security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 10/12/2023 Created 01/30/2024 Added 01/29/2024 Modified 01/28/2025 Description Request to LDAP is sent before user permissions are checked. Solution(s) debian-upgrade-zabbix References https://attackerkb.com/topics/cve-2023-32723 CVE - 2023-32723 DLA-3717-1

SUSE: CVE-2023-34325: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/12/2023 Created 10/13/2023 Added 10/13/2023 Modified 01/28/2025 Description [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code.libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the same user as the toolstack (root in a priviledged domain). At least one issue has been reported to the Xen Security Team that allows an attacker to trigger a stack buffer overflow in libfsimage.After further analisys the Xen Security Team is no longer confident in the suitability of libfsimage when run against guest controlled input with super user priviledges. In order to not affect current deployments that rely on pygrub patches are provided in the resolution section of the advisory that allow running pygrub in deprivileged mode. CVE-2023-4949 refers to the original issue in the upstream grub project ("An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.")CVE-2023-34325 refers specifically to the vulnerabilities in Xen's copy of libfsimage, which is decended from a very old version of grub. Solution(s) suse-upgrade-xen suse-upgrade-xen-devel suse-upgrade-xen-doc-html suse-upgrade-xen-libs suse-upgrade-xen-libs-32bit suse-upgrade-xen-tools suse-upgrade-xen-tools-domu suse-upgrade-xen-tools-xendomains-wait-disk References https://attackerkb.com/topics/cve-2023-34325 CVE - 2023-34325

CentOS Linux: CVE-2023-43040: Moderate: Red Hat Ceph Storage 6.1 security, enhancement, and bug fix update (CESA-2023:5693) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/12/2023 Created 11/01/2023 Added 11/01/2023 Modified 11/02/2023 Description A flaw was found in rgw. This flaw allows an unprivileged user to write to any bucket(s) accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket accessible by the specified access key as long as the bucket in the POST policy matches the bucket in the said POST form part. Solution(s) centos-upgrade-ceph-base centos-upgrade-ceph-base-debuginfo centos-upgrade-ceph-common centos-upgrade-ceph-common-debuginfo centos-upgrade-ceph-debuginfo centos-upgrade-ceph-debugsource centos-upgrade-ceph-exporter-debuginfo centos-upgrade-ceph-fuse centos-upgrade-ceph-fuse-debuginfo centos-upgrade-ceph-immutable-object-cache centos-upgrade-ceph-immutable-object-cache-debuginfo centos-upgrade-ceph-mds-debuginfo centos-upgrade-ceph-mgr-debuginfo centos-upgrade-ceph-mib centos-upgrade-ceph-mon-debuginfo centos-upgrade-ceph-osd-debuginfo centos-upgrade-ceph-radosgw-debuginfo centos-upgrade-ceph-resource-agents centos-upgrade-ceph-selinux centos-upgrade-ceph-test-debuginfo centos-upgrade-cephadm centos-upgrade-cephadm-ansible centos-upgrade-cephfs-mirror-debuginfo centos-upgrade-cephfs-top centos-upgrade-libcephfs-devel centos-upgrade-libcephfs2 centos-upgrade-libcephfs2-debuginfo centos-upgrade-libcephsqlite-debuginfo centos-upgrade-librados-devel centos-upgrade-librados-devel-debuginfo centos-upgrade-libradospp-devel centos-upgrade-libradosstriper1 centos-upgrade-libradosstriper1-debuginfo centos-upgrade-librbd-devel centos-upgrade-librgw-devel centos-upgrade-librgw2 centos-upgrade-librgw2-debuginfo centos-upgrade-python3-ceph-argparse centos-upgrade-python3-ceph-common centos-upgrade-python3-cephfs centos-upgrade-python3-cephfs-debuginfo centos-upgrade-python3-rados centos-upgrade-python3-rados-debuginfo centos-upgrade-python3-rbd centos-upgrade-python3-rbd-debuginfo centos-upgrade-python3-rgw centos-upgrade-python3-rgw-debuginfo centos-upgrade-rbd-fuse-debuginfo centos-upgrade-rbd-mirror-debuginfo centos-upgrade-rbd-nbd centos-upgrade-rbd-nbd-debuginfo References CESA-2023:5693 CVE-2023-43040

Apache Tomcat: Important: Denial of Service (CVE-2023-44487) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Solution(s) apache-tomcat-upgrade-10_1_14 apache-tomcat-upgrade-8_5_94 apache-tomcat-upgrade-9_0_81 References https://attackerkb.com/topics/cve-2023-44487 CVE - 2023-44487 http://tomcat.apache.org/security-10.html http://tomcat.apache.org/security-8.html http://tomcat.apache.org/security-9.html

Huawei EulerOS: CVE-2023-39325: docker-engine security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) huawei-euleros-2_0_sp11-upgrade-docker-engine huawei-euleros-2_0_sp11-upgrade-docker-engine-selinux References https://attackerkb.com/topics/cve-2023-39325 CVE - 2023-39325 EulerOS-SA-2024-1797

Huawei EulerOS: CVE-2023-5535: vim security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Use After Free in GitHub repository vim/vim prior to v9.0.2010. Solution(s) huawei-euleros-2_0_sp11-upgrade-vim-common huawei-euleros-2_0_sp11-upgrade-vim-enhanced huawei-euleros-2_0_sp11-upgrade-vim-filesystem huawei-euleros-2_0_sp11-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-5535 CVE - 2023-5535 EulerOS-SA-2023-3288

CentOS Linux: CVE-2023-39325: Important: rhc-worker-script enhancement and security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) centos-upgrade-foreman-cli centos-upgrade-foreman_ygg_worker centos-upgrade-puppet-agent centos-upgrade-rhc-worker-script centos-upgrade-satellite-cli centos-upgrade-yggdrasil References CVE-2023-39325

Huawei EulerOS: CVE-2023-39325: golang security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) huawei-euleros-2_0_sp8-upgrade-golang huawei-euleros-2_0_sp8-upgrade-golang-bin huawei-euleros-2_0_sp8-upgrade-golang-src References https://attackerkb.com/topics/cve-2023-39325 CVE - 2023-39325 EulerOS-SA-2024-1269

VMware Photon OS: CVE-2023-5485 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/11/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5485 CVE - 2023-5485

VMware Photon OS: CVE-2023-5476 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5476 CVE - 2023-5476