ISHACK AI BOT

VMware Photon OS: CVE-2023-5484 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/11/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5484 CVE - 2023-5484

VMware Photon OS: CVE-2023-5473 Severity 7 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:P) Published 10/11/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5473 CVE - 2023-5473

Huawei EulerOS: CVE-2023-5535: vim security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Use After Free in GitHub repository vim/vim prior to v9.0.2010. Solution(s) huawei-euleros-2_0_sp10-upgrade-vim-common huawei-euleros-2_0_sp10-upgrade-vim-enhanced huawei-euleros-2_0_sp10-upgrade-vim-filesystem huawei-euleros-2_0_sp10-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-5535 CVE - 2023-5535 EulerOS-SA-2024-1099

Apache Tomcat: Important: Request smuggling (CVE-2023-45648) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/11/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. Solution(s) apache-tomcat-upgrade-10_1_14 apache-tomcat-upgrade-8_5_94 apache-tomcat-upgrade-9_0_81 References https://attackerkb.com/topics/cve-2023-45648 CVE - 2023-45648 http://tomcat.apache.org/security-10.html http://tomcat.apache.org/security-8.html http://tomcat.apache.org/security-9.html

Huawei EulerOS: CVE-2023-39325: docker-engine security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) huawei-euleros-2_0_sp10-upgrade-docker-engine huawei-euleros-2_0_sp10-upgrade-docker-engine-selinux References https://attackerkb.com/topics/cve-2023-39325 CVE - 2023-39325 EulerOS-SA-2024-1585

Apache Tomcat: Important: Information Disclosure (CVE-2023-42795) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 10/11/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. Solution(s) apache-tomcat-upgrade-10_1_14 apache-tomcat-upgrade-8_5_94 apache-tomcat-upgrade-9_0_81 References https://attackerkb.com/topics/cve-2023-42795 CVE - 2023-42795 http://tomcat.apache.org/security-10.html http://tomcat.apache.org/security-8.html http://tomcat.apache.org/security-9.html

Alpine Linux: CVE-2023-5484: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) alpine-linux-upgrade-qt6-qtwebengine References https://attackerkb.com/topics/cve-2023-5484 CVE - 2023-5484 https://security.alpinelinux.org/vuln/CVE-2023-5484

Alpine Linux: CVE-2023-5218: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) alpine-linux-upgrade-qt5-qtwebengine alpine-linux-upgrade-qt6-qtwebengine References https://attackerkb.com/topics/cve-2023-5218 CVE - 2023-5218 https://security.alpinelinux.org/vuln/CVE-2023-5218

Debian: CVE-2023-5474: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/28/2025 Description Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5474 CVE - 2023-5474 DSA-5526-1

Debian: CVE-2023-5479: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/11/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/28/2025 Description Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5479 CVE - 2023-5479 DSA-5526-1

Debian: CVE-2023-5481: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/11/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5481 CVE - 2023-5481 DSA-5526-1

Debian: CVE-2023-5476: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/28/2025 Description Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5476 CVE - 2023-5476 DSA-5526-1

Red Hat OpenShift: CVE-2023-39325: golang: net/http, x/net/http2: rapid stream resets can cause excessive work () Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 10/18/2023 Added 10/18/2023 Modified 02/14/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) linuxrpm-upgrade-containernetworking-plugins linuxrpm-upgrade-microshift linuxrpm-upgrade-openshift linuxrpm-upgrade-openshift-clients linuxrpm-upgrade-openshift4-wincw-windows-machine-config-rhel8-operator linuxrpm-upgrade-openshift4-wincw-windows-machine-config-rhel9-operator References https://attackerkb.com/topics/cve-2023-39325 CVE - 2023-39325 RHSA-2023:5005 RHSA-2023:5006 RHSA-2023:5007 RHSA-2023:5009 RHSA-2023:5530 RHSA-2023:5541 RHSA-2023:5542 RHSA-2023:5672 RHSA-2023:5675 RHSA-2023:5677 RHSA-2023:5679 RHSA-2023:5697 RHSA-2023:5717 RHSA-2023:5719 RHSA-2023:5721 RHSA-2023:5738 RHSA-2023:5805 RHSA-2023:5809 RHSA-2023:5810 RHSA-2023:5835 RHSA-2023:5851 RHSA-2023:5863 RHSA-2023:5864 RHSA-2023:5865 RHSA-2023:5866 RHSA-2023:5867 RHSA-2023:5895 RHSA-2023:5931 RHSA-2023:5933 RHSA-2023:5935 RHSA-2023:5947 RHSA-2023:5950 RHSA-2023:5951 RHSA-2023:5952 RHSA-2023:5964 RHSA-2023:5965 RHSA-2023:5967 RHSA-2023:5969 RHSA-2023:5970 RHSA-2023:5971 RHSA-2023:5974 RHSA-2023:5976 RHSA-2023:5979 RHSA-2023:5980 RHSA-2023:5982 RHSA-2023:6031 RHSA-2023:6039 RHSA-2023:6040 RHSA-2023:6041 RHSA-2023:6042 RHSA-2023:6044 RHSA-2023:6048 RHSA-2023:6057 RHSA-2023:6059 RHSA-2023:6061 RHSA-2023:6071 RHSA-2023:6077 RHSA-2023:6084 RHSA-2023:6085 RHSA-2023:6115 RHSA-2023:6116 RHSA-2023:6118 RHSA-2023:6119 RHSA-2023:6121 RHSA-2023:6122 RHSA-2023:6125 RHSA-2023:6126 RHSA-2023:6129 RHSA-2023:6130 RHSA-2023:6143 RHSA-2023:6145 RHSA-2023:6148 RHSA-2023:6154 RHSA-2023:6156 RHSA-2023:6161 RHSA-2023:6165 RHSA-2023:6171 RHSA-2023:6172 RHSA-2023:6179 RHSA-2023:6200 RHSA-2023:6202 RHSA-2023:6217 RHSA-2023:6220 RHSA-2023:6233 RHSA-2023:6235 RHSA-2023:6240 RHSA-2023:6243 RHSA-2023:6248 RHSA-2023:6251 RHSA-2023:6256 RHSA-2023:6257 RHSA-2023:6269 RHSA-2023:6271 RHSA-2023:6272 RHSA-2023:6275 RHSA-2023:6276 RHSA-2023:6279 RHSA-2023:6280 RHSA-2023:6296 RHSA-2023:6298 RHSA-2023:6305 RHSA-2023:6779 RHSA-2023:6781 RHSA-2023:6782 RHSA-2023:6783 RHSA-2023:6784 RHSA-2023:6785 RHSA-2023:6786 RHSA-2023:6787 RHSA-2023:6788 RHSA-2023:6817 RHSA-2023:6818 RHSA-2023:6828 RHSA-2023:6832 RHSA-2023:6836 RHSA-2023:6837 RHSA-2023:6839 RHSA-2023:6840 RHSA-2023:6841 RHSA-2023:6842 RHSA-2023:6845 RHSA-2023:6846 RHSA-2023:6893 RHSA-2023:6894 RHSA-2023:7198 RHSA-2023:7200 RHSA-2023:7201 RHSA-2023:7215 RHSA-2023:7288 RHSA-2023:7315 RHSA-2023:7322 RHSA-2023:7323 RHSA-2023:7342 RHSA-2023:7344 RHSA-2023:7345 RHSA-2023:7469 RHSA-2023:7470 RHSA-2023:7474 RHSA-2023:7475 RHSA-2023:7478 RHSA-2023:7479 RHSA-2023:7515 RHSA-2023:7521 RHSA-2023:7522 RHSA-2023:7555 RHSA-2023:7599 RHSA-2023:7602 RHSA-2023:7604 RHSA-2023:7607 RHSA-2023:7608 RHSA-2023:7662 RHSA-2023:7682 RHSA-2023:7687 RHSA-2023:7690 RHSA-2023:7691 RHSA-2023:7699 RHSA-2023:7703 RHSA-2023:7704 RHSA-2023:7710 RHSA-2023:7741 RHSA-2023:7823 RHSA-2023:7827 RHSA-2023:7831 RHSA-2024:0050 RHSA-2024:0059 RHSA-2024:0193 RHSA-2024:0198 RHSA-2024:0269 RHSA-2024:0273 RHSA-2024:0290 RHSA-2024:0302 RHSA-2024:0306 RHSA-2024:0484 RHSA-2024:0485 RHSA-2024:0642 RHSA-2024:0660 RHSA-2024:0664 RHSA-2024:0682 RHSA-2024:0741 RHSA-2024:0766 RHSA-2024:0777 RHSA-2024:0833 RHSA-2024:0837 RHSA-2024:0941 RHSA-2024:0946 RHSA-2024:0954 RHSA-2024:10142 RHSA-2024:1037 RHSA-2024:1052 RHSA-2024:10523 RHSA-2024:10813 RHSA-2024:1449 RHSA-2024:1454 RHSA-2024:1458 RHSA-2024:1464 RHSA-2024:1572 RHSA-2024:1765 RHSA-2024:1770 RHSA-2024:3927 RHSA-2024:4118 RHSA-2024:4631 RHSA-2024:6755 RHSA-2025:0014 RHSA-2025:0832 RHSA-2025:1116 View more

Debian: CVE-2023-5487: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/11/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/28/2025 Description Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5487 CVE - 2023-5487 DSA-5526-1

Debian: CVE-2023-5483: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/11/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/28/2025 Description Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5483 CVE - 2023-5483 DSA-5526-1

Debian: CVE-2023-5484: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/11/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/28/2025 Description Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5484 CVE - 2023-5484 DSA-5526-1

Gentoo Linux: CVE-2023-39325: Go: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) gentoo-linux-upgrade-dev-lang-go References https://attackerkb.com/topics/cve-2023-39325 CVE - 2023-39325 202311-09

Gentoo Linux: CVE-2023-38546: curl: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/11/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/30/2025 Description This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. Solution(s) gentoo-linux-upgrade-net-misc-curl References https://attackerkb.com/topics/cve-2023-38546 CVE - 2023-38546 202310-12

Rocky Linux: CVE-2023-39325: Satellite-6.14 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) rocky-upgrade-delve rocky-upgrade-delve-debuginfo rocky-upgrade-delve-debugsource rocky-upgrade-go-toolset rocky-upgrade-golang rocky-upgrade-golang-bin rocky-upgrade-golang-race rocky-upgrade-grafana rocky-upgrade-grafana-debuginfo rocky-upgrade-libdb-cxx rocky-upgrade-libdb-cxx-debuginfo rocky-upgrade-libdb-debuginfo rocky-upgrade-libdb-debugsource rocky-upgrade-libdb-sql-debuginfo rocky-upgrade-libdb-sql-devel-debuginfo rocky-upgrade-libdb-utils-debuginfo References https://attackerkb.com/topics/cve-2023-39325 CVE - 2023-39325 https://errata.rockylinux.org/RLSA-2023:5721 https://errata.rockylinux.org/RLSA-2023:5738 https://errata.rockylinux.org/RLSA-2023:5863 https://errata.rockylinux.org/RLSA-2023:6077 https://errata.rockylinux.org/RLSA-2023:6818

SUSE: CVE-2023-5474: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-5474 CVE - 2023-5474

SUSE: CVE-2023-5487: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/11/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-5487 CVE - 2023-5487

SUSE: CVE-2023-5479: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/11/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-5479 CVE - 2023-5479

Ubuntu: USN-6559-1 (CVE-2023-44981): ZooKeeper vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 10/11/2023 Created 01/19/2024 Added 01/18/2024 Modified 01/30/2025 Description Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like '[email protected]', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration. Solution(s) ubuntu-pro-upgrade-libzookeeper-java References https://attackerkb.com/topics/cve-2023-44981 CVE - 2023-44981 USN-6559-1

Ubuntu: USN-6590-1 (CVE-2023-37536): Xerces-C++ vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 10/11/2023 Created 01/20/2024 Added 01/19/2024 Modified 01/28/2025 Description An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. Solution(s) ubuntu-pro-upgrade-libxerces-c-samples ubuntu-pro-upgrade-libxerces-c3-1 ubuntu-pro-upgrade-libxerces-c3-2 References https://attackerkb.com/topics/cve-2023-37536 CVE - 2023-37536 USN-6590-1

Ubuntu: USN-6429-1 (CVE-2023-38545): curl vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/30/2025 Description This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. Solution(s) ubuntu-upgrade-curl ubuntu-upgrade-libcurl3-gnutls ubuntu-upgrade-libcurl3-nss ubuntu-upgrade-libcurl4 References https://attackerkb.com/topics/cve-2023-38545 CVE - 2023-38545 USN-6429-1