ISHACK AI BOT

Juniper Junos OS: 2023-10 Security Bulletin: Junos OS: SRX Series: The PFE will crash on receiving malformed SSL traffic when ATP is enabled (JSA73174) (CVE-2023-36843) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/28/2025 Description An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). Upon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device. This issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via ‘security-metadata-streaming policy’). This issue affects Juniper Networks Junos OS: *All versions prior to 20.4R3-S8, 20.4R3-S9; *21.1 version 21.1R1 and later versions; *21.2 versions prior to 21.2R3-S6; *21.3 versions prior to 21.3R3-S5; *21.4 versions prior to 21.4R3-S5; *22.1 versions prior to 22.1R3-S4; *22.2 versions prior to 22.2R3-S2; *22.3 versions prior to 22.3R2-S2, 22.3R3; *22.4 versions prior to 22.4R2-S1, 22.4R3; Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2023-36843 CVE - 2023-36843 JSA73174

Juniper Junos OS: 2023-10 Security Bulletin: Junos OS: MX Series: In a PTP scenario a prolonged routing protocol churn can trigger an FPC reboot (JSA73165) (CVE-2023-44199) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/28/2025 Description An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart. This issue affects Juniper Networks Junos OS on MX Series: *All versions prior to 20.4R3-S4; *21.1 version 21.1R1 and later versions; *21.2 versions prior to 21.2R3-S2; *21.3 versions prior to 21.3R3-S5; *21.4 versions prior to 21.4R3; *22.1 versions prior to 22.1R3; *22.2 versions prior to 22.2R1-S1, 22.2R2. Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2023-44199 CVE - 2023-44199 JSA73165

Google Chrome Vulnerability: CVE-2023-5218 Use after free in Site Isolation Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-5218 CVE - 2023-5218 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html

Alpine Linux: CVE-2023-5535: Use After Free Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description Use After Free in GitHub repository vim/vim prior to v9.0.2010. Solution(s) alpine-linux-upgrade-vim References https://attackerkb.com/topics/cve-2023-5535 CVE - 2023-5535 https://security.alpinelinux.org/vuln/CVE-2023-5535

VMware Photon OS: CVE-2023-5481 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/11/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5481 CVE - 2023-5481

Ubuntu: (Multiple Advisories) (CVE-2023-38546): curl vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/11/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/30/2025 Description This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. Solution(s) ubuntu-pro-upgrade-curl ubuntu-pro-upgrade-libcurl3 ubuntu-pro-upgrade-libcurl3-gnutls ubuntu-pro-upgrade-libcurl3-nss ubuntu-pro-upgrade-libcurl4 References https://attackerkb.com/topics/cve-2023-38546 CVE - 2023-38546 USN-6429-1 USN-6429-2 USN-6429-3

Huawei EulerOS: CVE-2023-5535: vim security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Use After Free in GitHub repository vim/vim prior to v9.0.2010. Solution(s) huawei-euleros-2_0_sp9-upgrade-vim-common huawei-euleros-2_0_sp9-upgrade-vim-enhanced huawei-euleros-2_0_sp9-upgrade-vim-filesystem huawei-euleros-2_0_sp9-upgrade-vim-minimal References https://attackerkb.com/topics/cve-2023-5535 CVE - 2023-5535 EulerOS-SA-2023-3352

Amazon Linux AMI: CVE-2023-39325: Security patch for containerd ((Multiple Advisories)) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 10/24/2023 Added 10/19/2023 Modified 01/28/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) amazon-linux-upgrade-containerd amazon-linux-upgrade-golang References ALAS-2023-1888 CVE-2023-39325

VMware Photon OS: CVE-2023-5535 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Use After Free in GitHub repository vim/vim prior to v9.0.2010. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5535 CVE - 2023-5535

Red Hat: CVE-2023-39325: rapid stream resets can cause excessive work (CVE-2023-44487) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) redhat-upgrade-delve redhat-upgrade-delve-debuginfo redhat-upgrade-delve-debugsource redhat-upgrade-go-toolset redhat-upgrade-golang redhat-upgrade-golang-bin redhat-upgrade-golang-docs redhat-upgrade-golang-misc redhat-upgrade-golang-race redhat-upgrade-golang-src redhat-upgrade-golang-tests redhat-upgrade-grafana redhat-upgrade-grafana-debuginfo redhat-upgrade-grafana-debugsource redhat-upgrade-rhc-worker-script redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests References CVE-2023-39325 RHSA-2023:5721 RHSA-2023:5738 RHSA-2023:5835 RHSA-2023:5863 RHSA-2023:5864 RHSA-2023:5866 RHSA-2023:5867 RHSA-2023:6057 RHSA-2023:6077 View more

Huawei EulerOS: CVE-2023-39325: golang security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) huawei-euleros-2_0_sp9-upgrade-golang huawei-euleros-2_0_sp9-upgrade-golang-devel huawei-euleros-2_0_sp9-upgrade-golang-help References https://attackerkb.com/topics/cve-2023-39325 CVE - 2023-39325 EulerOS-SA-2023-3331

Juniper Junos OS: 2023-10 Security Bulletin: Junos OS: MX Series: Receipt of malformed TCP traffic will cause a Denial of Service (JSA73172) (CVE-2023-36841) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/28/2025 Description An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover. This issue affects interfaces with PPPoE configured and tcp-mss enabled. This issue affects Juniper Networks Junos OS *All versions prior to 20.4R3-S7; *21.1 version 21.1R1 and later versions; *21.2 versions prior to 21.2R3-S6; *21.3 versions prior to 21.3R3-S5; *21.4 versions prior to 21.4R3-S3; *22.1 versions prior to 22.1R3-S4; *22.2 versions prior to 22.2R3; *22.3 versions prior to 22.3R2-S2; *22.4 versions prior to 22.4R2; Solution(s) juniper-junos-os-upgrade-latest References https://attackerkb.com/topics/cve-2023-36841 CVE - 2023-36841 JSA73172

Debian: CVE-2023-5477: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/11/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/28/2025 Description Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5477 CVE - 2023-5477 DSA-5526-1

Debian: CVE-2023-44981: zookeeper -- security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:N) Published 10/11/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/30/2025 Description Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like '[email protected]', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration. Solution(s) debian-upgrade-zookeeper References https://attackerkb.com/topics/cve-2023-44981 CVE - 2023-44981 DLA-3624-1

Debian: CVE-2023-5485: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/11/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/28/2025 Description Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5485 CVE - 2023-5485 DSA-5526-1

Debian: CVE-2023-5218: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/28/2025 Description Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-5218 CVE - 2023-5218 DSA-5526-1

SUSE: CVE-2023-5218: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-5218 CVE - 2023-5218

Oracle Linux: CVE-2023-38545: ELSA-2023-5763:curl security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 10/11/2023 Created 10/24/2023 Added 10/19/2023 Modified 12/01/2024 Description This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to "let the host resolve the name" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior. Solution(s) oracle-linux-upgrade-curl oracle-linux-upgrade-curl-minimal oracle-linux-upgrade-libcurl oracle-linux-upgrade-libcurl-devel oracle-linux-upgrade-libcurl-minimal References https://attackerkb.com/topics/cve-2023-38545 CVE - 2023-38545 ELSA-2023-5763 ELSA-2023-6745

Oracle Linux: CVE-2023-38546: ELSA-2023-5763:curl security update (IMPORTANT) (Multiple Advisories) Severity 3 CVSS (AV:N/AC:H/Au:N/C:N/I:P/A:N) Published 10/11/2023 Created 10/24/2023 Added 10/19/2023 Modified 12/01/2024 Description This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met. Solution(s) oracle-linux-upgrade-curl oracle-linux-upgrade-curl-minimal oracle-linux-upgrade-libcurl oracle-linux-upgrade-libcurl-devel oracle-linux-upgrade-libcurl-minimal References https://attackerkb.com/topics/cve-2023-38546 CVE - 2023-38546 ELSA-2023-5763 ELSA-2024-1601 ELSA-2023-6745

Oracle Linux: CVE-2023-37536: ELSA-2024-8795:xerces-c security update (IMPORTANT) (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 10/11/2023 Created 11/23/2024 Added 11/21/2024 Modified 11/22/2024 Description An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. An integer overflow exists in xerces-c++. This flaw allows an attacker using a specially crafted HTTP request payload to trigger an out-of-bounds read, resulting in a loss of confidentiality, integrity, and availability. Solution(s) oracle-linux-upgrade-xerces-c oracle-linux-upgrade-xerces-c-devel oracle-linux-upgrade-xerces-c-doc References https://attackerkb.com/topics/cve-2023-37536 CVE - 2023-37536 ELSA-2024-8795

Alpine Linux: CVE-2023-39325: Allocation of Resources Without Limits or Throttling Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) alpine-linux-upgrade-go References https://attackerkb.com/topics/cve-2023-39325 CVE - 2023-39325 https://security.alpinelinux.org/vuln/CVE-2023-39325

VMware Photon OS: CVE-2023-5486 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/11/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5486 CVE - 2023-5486

Gentoo Linux: CVE-2023-32001: curl: Multiple Vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/11/2023 Created 10/12/2023 Added 10/12/2023 Modified 11/08/2023 Description Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for. Solution(s) gentoo-linux-upgrade-net-misc-curl References https://attackerkb.com/topics/cve-2023-32001 CVE - 2023-32001 202310-12

Ubuntu: (Multiple Advisories) (CVE-2023-39325): Go vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/11/2023 Created 01/13/2024 Added 01/12/2024 Modified 01/28/2025 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. Solution(s) ubuntu-pro-upgrade-golang-1-17 ubuntu-pro-upgrade-golang-1-17-go ubuntu-pro-upgrade-golang-1-17-src ubuntu-pro-upgrade-golang-1-18 ubuntu-pro-upgrade-golang-1-18-go ubuntu-pro-upgrade-golang-1-18-src ubuntu-pro-upgrade-golang-1-20 ubuntu-pro-upgrade-golang-1-20-go ubuntu-pro-upgrade-golang-1-20-src ubuntu-pro-upgrade-golang-1-21 ubuntu-pro-upgrade-golang-1-21-go ubuntu-pro-upgrade-golang-1-21-src References https://attackerkb.com/topics/cve-2023-39325 CVE - 2023-39325 USN-6574-1 USN-7061-1 USN-7109-1

Google Chrome Vulnerability: CVE-2023-5483 Inappropriate implementation in Intents Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/11/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-5483 CVE - 2023-5483 https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_10.html https://crbug.com/1425355