ISHACK AI BOT

Apple Safari security update for CVE-2023-41993 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/22/2023 Created 09/22/2023 Added 09/22/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Solution(s) apple-safari-upgrade-17 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-41993 CVE - 2023-41993 http://support.apple.com/kb/HT213941

Red Hat: CVE-2022-3874: Important: Satellite 6.13.5 Async Security Update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 09/22/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system. Solution(s) redhat-upgrade-foreman-cli redhat-upgrade-python39-pulp_manifest redhat-upgrade-rubygem-amazing_print redhat-upgrade-rubygem-apipie-bindings redhat-upgrade-rubygem-clamp redhat-upgrade-rubygem-domain_name redhat-upgrade-rubygem-fast_gettext redhat-upgrade-rubygem-ffi redhat-upgrade-rubygem-ffi-debuginfo redhat-upgrade-rubygem-ffi-debugsource redhat-upgrade-rubygem-foreman_maintain redhat-upgrade-rubygem-gssapi redhat-upgrade-rubygem-hammer_cli redhat-upgrade-rubygem-hammer_cli_foreman redhat-upgrade-rubygem-hammer_cli_foreman_admin redhat-upgrade-rubygem-hammer_cli_foreman_ansible redhat-upgrade-rubygem-hammer_cli_foreman_azure_rm redhat-upgrade-rubygem-hammer_cli_foreman_bootdisk redhat-upgrade-rubygem-hammer_cli_foreman_discovery redhat-upgrade-rubygem-hammer_cli_foreman_google redhat-upgrade-rubygem-hammer_cli_foreman_openscap redhat-upgrade-rubygem-hammer_cli_foreman_remote_execution redhat-upgrade-rubygem-hammer_cli_foreman_tasks redhat-upgrade-rubygem-hammer_cli_foreman_templates redhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configure redhat-upgrade-rubygem-hammer_cli_foreman_webhooks redhat-upgrade-rubygem-hammer_cli_katello redhat-upgrade-rubygem-hashie redhat-upgrade-rubygem-highline redhat-upgrade-rubygem-http-accept redhat-upgrade-rubygem-http-cookie redhat-upgrade-rubygem-jwt redhat-upgrade-rubygem-little-plugger redhat-upgrade-rubygem-locale redhat-upgrade-rubygem-logging redhat-upgrade-rubygem-mime-types redhat-upgrade-rubygem-mime-types-data redhat-upgrade-rubygem-multi_json redhat-upgrade-rubygem-netrc redhat-upgrade-rubygem-oauth redhat-upgrade-rubygem-oauth-tty redhat-upgrade-rubygem-powerbar redhat-upgrade-rubygem-rest-client redhat-upgrade-rubygem-snaky_hash redhat-upgrade-rubygem-unf redhat-upgrade-rubygem-unf_ext redhat-upgrade-rubygem-unf_ext-debuginfo redhat-upgrade-rubygem-unf_ext-debugsource redhat-upgrade-rubygem-unicode redhat-upgrade-rubygem-unicode-debuginfo redhat-upgrade-rubygem-unicode-debugsource redhat-upgrade-rubygem-unicode-display_width redhat-upgrade-rubygem-version_gem redhat-upgrade-satellite redhat-upgrade-satellite-branding redhat-upgrade-satellite-cli redhat-upgrade-satellite-clone redhat-upgrade-satellite-maintain References CVE-2022-3874

Alpine Linux: CVE-2023-34319: Out-of-bounds Write Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/22/2023 Created 03/22/2024 Added 03/21/2024 Modified 01/28/2025 Description The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece.Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together.Such an unusual packet would therefore trigger a buffer overrun in the driver. Solution(s) alpine-linux-upgrade-xen References https://attackerkb.com/topics/cve-2023-34319 CVE - 2023-34319 https://security.alpinelinux.org/vuln/CVE-2023-34319

FreeBSD: VID-732282A5-5A10-11EE-BCA0-001999F8D30B (CVE-2023-42821): Mailpit affected by vulnerability in included go markdown module Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/22/2023 Created 09/25/2023 Added 09/23/2023 Modified 01/28/2025 Description The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue. Solution(s) freebsd-upgrade-package-mailpit References CVE-2023-42821

VMware Photon OS: CVE-2023-34319 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/22/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece.Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together.Such an unusual packet would therefore trigger a buffer overrun in the driver. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-34319 CVE - 2023-34319

Debian: CVE-2023-41993: webkit2gtk, wpewebkit -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/16/2023 Added 10/16/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2023-41993 CVE - 2023-41993 DSA-5527-1

Debian: CVE-2023-4504: cups, libppd -- security update Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. Solution(s) debian-upgrade-cups debian-upgrade-libppd References https://attackerkb.com/topics/cve-2023-4504 CVE - 2023-4504 DLA-3594-1

OS X update for Calendar (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for BOM (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for bootp (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Screen Sharing (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Oracle Linux: CVE-2023-5215: ELSA-2024-2204:libnbd security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:A/AC:H/Au:N/C:N/I:N/A:C) Published 09/21/2023 Created 05/22/2024 Added 05/08/2024 Modified 12/01/2024 Description A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly. Solution(s) oracle-linux-upgrade-libnbd oracle-linux-upgrade-libnbd-bash-completion oracle-linux-upgrade-libnbd-devel oracle-linux-upgrade-nbdfuse oracle-linux-upgrade-ocaml-libnbd oracle-linux-upgrade-ocaml-libnbd-devel oracle-linux-upgrade-python3-libnbd References https://attackerkb.com/topics/cve-2023-5215 CVE - 2023-5215 ELSA-2024-2204

Amazon Linux AMI 2: CVE-2023-41993: Security patch for webkitgtk4 (ALAS-2024-2427) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 01/24/2024 Added 01/23/2024 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. Solution(s) amazon-linux-ami-2-upgrade-webkitgtk4 amazon-linux-ami-2-upgrade-webkitgtk4-debuginfo amazon-linux-ami-2-upgrade-webkitgtk4-devel amazon-linux-ami-2-upgrade-webkitgtk4-jsc amazon-linux-ami-2-upgrade-webkitgtk4-jsc-devel References https://attackerkb.com/topics/cve-2023-41993 AL2/ALAS-2024-2427 CVE - 2023-41993

OS X update for TCC (CVE-2023-41993) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 09/21/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alma Linux: CVE-2023-41419: Important: python-gevent security update (ALSA-2024-8834) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/25/2023 Created 11/08/2024 Added 11/07/2024 Modified 01/28/2025 Description An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. Solution(s) alma-upgrade-python3-gevent References https://attackerkb.com/topics/cve-2023-41419 CVE - 2023-41419 https://errata.almalinux.org/8/ALSA-2024-8834.html

SUSE: CVE-2023-41419: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/25/2023 Created 10/18/2023 Added 10/18/2023 Modified 01/28/2025 Description An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. Solution(s) suse-upgrade-python-gevent-doc suse-upgrade-python2-gevent suse-upgrade-python3-gevent References https://attackerkb.com/topics/cve-2023-41419 CVE - 2023-41419

SUSE: CVE-2023-42753: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/25/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-42753 CVE - 2023-42753

MFSA2023-40 Thunderbird: Security Vulnerability fixed in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2 (CVE-2023-5129) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/25/2023 Created 09/28/2023 Added 09/28/2023 Modified 03/08/2024 Description Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863. Solution(s) mozilla-thunderbird-upgrade-102_15_1 mozilla-thunderbird-upgrade-115_2_2 References https://attackerkb.com/topics/cve-2023-5129 CVE - 2023-5129 http://www.mozilla.org/security/announce/2023/mfsa2023-40.html

Amazon Linux AMI: CVE-2023-42753: Security patch for kernel (ALAS-2023-1838) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/25/2023 Created 10/18/2023 Added 10/17/2023 Modified 01/28/2025 Description An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1838 CVE-2023-42753

Debian: CVE-2023-1625: heat -- security update Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 09/24/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. Solution(s) debian-upgrade-heat References https://attackerkb.com/topics/cve-2023-1625 CVE - 2023-1625

SUSE: CVE-2023-42811: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/22/2023 Created 10/13/2023 Added 10/13/2023 Modified 01/28/2025 Description aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue. Solution(s) suse-upgrade-rage-encryption suse-upgrade-rage-encryption-bash-completion References https://attackerkb.com/topics/cve-2023-42811 CVE - 2023-42811

Ubuntu: USN-6654-1 (CVE-2023-43770): Roundcube Webmail vulnerability Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 09/22/2023 Created 02/28/2024 Added 02/27/2024 Modified 01/28/2025 Description Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. Solution(s) ubuntu-pro-upgrade-roundcube ubuntu-pro-upgrade-roundcube-core References https://attackerkb.com/topics/cve-2023-43770 CVE - 2023-43770 USN-6654-1

CentOS Linux: CVE-2022-3874: Important: Satellite 6.13.5 Async Security Update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 09/22/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system. Solution(s) centos-upgrade-foreman-cli centos-upgrade-python39-pulp_manifest centos-upgrade-rubygem-amazing_print centos-upgrade-rubygem-apipie-bindings centos-upgrade-rubygem-clamp centos-upgrade-rubygem-domain_name centos-upgrade-rubygem-fast_gettext centos-upgrade-rubygem-ffi centos-upgrade-rubygem-ffi-debuginfo centos-upgrade-rubygem-ffi-debugsource centos-upgrade-rubygem-foreman_maintain centos-upgrade-rubygem-gssapi centos-upgrade-rubygem-hammer_cli centos-upgrade-rubygem-hammer_cli_foreman centos-upgrade-rubygem-hammer_cli_foreman_admin centos-upgrade-rubygem-hammer_cli_foreman_ansible centos-upgrade-rubygem-hammer_cli_foreman_azure_rm centos-upgrade-rubygem-hammer_cli_foreman_bootdisk centos-upgrade-rubygem-hammer_cli_foreman_discovery centos-upgrade-rubygem-hammer_cli_foreman_google centos-upgrade-rubygem-hammer_cli_foreman_openscap centos-upgrade-rubygem-hammer_cli_foreman_remote_execution centos-upgrade-rubygem-hammer_cli_foreman_tasks centos-upgrade-rubygem-hammer_cli_foreman_templates centos-upgrade-rubygem-hammer_cli_foreman_virt_who_configure centos-upgrade-rubygem-hammer_cli_foreman_webhooks centos-upgrade-rubygem-hammer_cli_katello centos-upgrade-rubygem-hashie centos-upgrade-rubygem-highline centos-upgrade-rubygem-http-accept centos-upgrade-rubygem-http-cookie centos-upgrade-rubygem-jwt centos-upgrade-rubygem-little-plugger centos-upgrade-rubygem-locale centos-upgrade-rubygem-logging centos-upgrade-rubygem-mime-types centos-upgrade-rubygem-mime-types-data centos-upgrade-rubygem-multi_json centos-upgrade-rubygem-netrc centos-upgrade-rubygem-oauth centos-upgrade-rubygem-oauth-tty centos-upgrade-rubygem-powerbar centos-upgrade-rubygem-rest-client centos-upgrade-rubygem-snaky_hash centos-upgrade-rubygem-unf centos-upgrade-rubygem-unf_ext centos-upgrade-rubygem-unf_ext-debuginfo centos-upgrade-rubygem-unf_ext-debugsource centos-upgrade-rubygem-unicode centos-upgrade-rubygem-unicode-debuginfo centos-upgrade-rubygem-unicode-debugsource centos-upgrade-rubygem-unicode-display_width centos-upgrade-rubygem-version_gem centos-upgrade-satellite centos-upgrade-satellite-branding centos-upgrade-satellite-cli centos-upgrade-satellite-clone centos-upgrade-satellite-maintain References CVE-2022-3874

FreeBSD: VID-BD92F1AB-690C-11EE-9ED0-001FC69CD6DC (CVE-2023-43785): 11/libX11 multiple vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 09/22/2023 Created 10/13/2023 Added 10/12/2023 Modified 01/28/2025 Description A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. Solution(s) freebsd-upgrade-package-libx11 References CVE-2023-43785

Amazon Linux 2023: CVE-2023-42753: Important priority package update for kernel Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 09/22/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-55-75-123 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-42753 CVE - 2023-42753 https://alas.aws.amazon.com/AL2023/ALAS-2023-356.html