ISHACK AI BOT

Alma Linux: CVE-2023-3341: Important: bind9.16 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 10/11/2023 Added 10/10/2023 Modified 02/13/2025 Description The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. Solution(s) alma-upgrade-bind alma-upgrade-bind-chroot alma-upgrade-bind-devel alma-upgrade-bind-dnssec-doc alma-upgrade-bind-dnssec-utils alma-upgrade-bind-doc alma-upgrade-bind-export-devel alma-upgrade-bind-export-libs alma-upgrade-bind-libs alma-upgrade-bind-libs-lite alma-upgrade-bind-license alma-upgrade-bind-lite-devel alma-upgrade-bind-pkcs11 alma-upgrade-bind-pkcs11-devel alma-upgrade-bind-pkcs11-libs alma-upgrade-bind-pkcs11-utils alma-upgrade-bind-sdb alma-upgrade-bind-sdb-chroot alma-upgrade-bind-utils alma-upgrade-bind9.16 alma-upgrade-bind9.16-chroot alma-upgrade-bind9.16-devel alma-upgrade-bind9.16-dnssec-utils alma-upgrade-bind9.16-doc alma-upgrade-bind9.16-libs alma-upgrade-bind9.16-license alma-upgrade-bind9.16-utils alma-upgrade-python3-bind alma-upgrade-python3-bind9.16 References https://attackerkb.com/topics/cve-2023-3341 CVE - 2023-3341 https://errata.almalinux.org/8/ALSA-2023-5460.html https://errata.almalinux.org/8/ALSA-2023-5474.html https://errata.almalinux.org/9/ALSA-2023-5689.html

Alma Linux: CVE-2023-2163: Important: kernel security and bug fix update (ALSA-2023-7549) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/20/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/28/2025 Description Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-devel alma-upgrade-kernel-doc alma-upgrade-kernel-modules alma-upgrade-kernel-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-2163 CVE - 2023-2163 https://errata.almalinux.org/8/ALSA-2023-7549.html

Alpine Linux: CVE-2023-43618: Missing Encryption of Sensitive Data Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 09/20/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message. Solution(s) alpine-linux-upgrade-croc References https://attackerkb.com/topics/cve-2023-43618 CVE - 2023-43618 https://security.alpinelinux.org/vuln/CVE-2023-43618

SUSE: CVE-2023-25587: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 09/20/2023 Created 09/21/2023 Added 09/21/2023 Modified 11/08/2023 Description Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Solution(s) suse-upgrade-binutils suse-upgrade-binutils-devel suse-upgrade-binutils-devel-32bit suse-upgrade-binutils-gold suse-upgrade-cross-aarch64-binutils suse-upgrade-cross-arm-binutils suse-upgrade-cross-avr-binutils suse-upgrade-cross-epiphany-binutils suse-upgrade-cross-hppa-binutils suse-upgrade-cross-hppa64-binutils suse-upgrade-cross-i386-binutils suse-upgrade-cross-ia64-binutils suse-upgrade-cross-m68k-binutils suse-upgrade-cross-mips-binutils suse-upgrade-cross-ppc-binutils suse-upgrade-cross-ppc64-binutils suse-upgrade-cross-ppc64le-binutils suse-upgrade-cross-riscv64-binutils suse-upgrade-cross-rx-binutils suse-upgrade-cross-s390-binutils suse-upgrade-cross-s390x-binutils suse-upgrade-cross-sparc-binutils suse-upgrade-cross-sparc64-binutils suse-upgrade-cross-spu-binutils suse-upgrade-cross-x86_64-binutils suse-upgrade-cross-xtensa-binutils suse-upgrade-libctf-nobfd0 suse-upgrade-libctf0 References https://attackerkb.com/topics/cve-2023-25587 CVE - 2023-25587

Oracle Linux: CVE-2023-3341: ELSA-2023-5474:bind security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 10/11/2023 Added 10/07/2023 Modified 12/05/2024 Description The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly. Solution(s) oracle-linux-upgrade-bind oracle-linux-upgrade-bind-chroot oracle-linux-upgrade-bind-devel oracle-linux-upgrade-bind-export-devel oracle-linux-upgrade-bind-export-libs oracle-linux-upgrade-bind-libs oracle-linux-upgrade-bind-libs-lite oracle-linux-upgrade-bind-license oracle-linux-upgrade-bind-lite-devel oracle-linux-upgrade-bind-pkcs11 oracle-linux-upgrade-bind-pkcs11-devel oracle-linux-upgrade-bind-pkcs11-libs oracle-linux-upgrade-bind-pkcs11-utils oracle-linux-upgrade-bind-sdb oracle-linux-upgrade-bind-sdb-chroot oracle-linux-upgrade-bind-utils oracle-linux-upgrade-python3-bind References https://attackerkb.com/topics/cve-2023-3341 CVE - 2023-3341 ELSA-2023-5474 ELSA-2023-5460 ELSA-2023-5689 ELSA-2023-5691

Rocky Linux: CVE-2023-2163: kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/20/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. Solution(s) rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-debuginfo-common-x86_64 rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-extra References https://attackerkb.com/topics/cve-2023-2163 CVE - 2023-2163 https://errata.rockylinux.org/RLSA-2023:7548 https://errata.rockylinux.org/RLSA-2023:7549

Alma Linux: CVE-2019-19450: Important: python-reportlab security update (ALSA-2023-5790) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/20/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/30/2025 Description paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. Solution(s) alma-upgrade-python3-reportlab References https://attackerkb.com/topics/cve-2019-19450 CVE - 2019-19450 https://errata.almalinux.org/8/ALSA-2023-5790.html

SUSE: CVE-2019-19450: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/20/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. Solution(s) suse-upgrade-python-reportlab suse-upgrade-python3-reportlab References https://attackerkb.com/topics/cve-2019-19450 CVE - 2019-19450

Amazon Linux 2023: CVE-2023-3341: Important priority package update for bind Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel&apos;s configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. A flaw was found in the Bind package. The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size. Depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly. Solution(s) amazon-linux-2023-upgrade-bind amazon-linux-2023-upgrade-bind-chroot amazon-linux-2023-upgrade-bind-debuginfo amazon-linux-2023-upgrade-bind-debugsource amazon-linux-2023-upgrade-bind-devel amazon-linux-2023-upgrade-bind-dlz-filesystem amazon-linux-2023-upgrade-bind-dlz-filesystem-debuginfo amazon-linux-2023-upgrade-bind-dlz-ldap amazon-linux-2023-upgrade-bind-dlz-ldap-debuginfo amazon-linux-2023-upgrade-bind-dlz-mysql amazon-linux-2023-upgrade-bind-dlz-mysql-debuginfo amazon-linux-2023-upgrade-bind-dlz-sqlite3 amazon-linux-2023-upgrade-bind-dlz-sqlite3-debuginfo amazon-linux-2023-upgrade-bind-dnssec-doc amazon-linux-2023-upgrade-bind-dnssec-utils amazon-linux-2023-upgrade-bind-dnssec-utils-debuginfo amazon-linux-2023-upgrade-bind-doc amazon-linux-2023-upgrade-bind-libs amazon-linux-2023-upgrade-bind-libs-debuginfo amazon-linux-2023-upgrade-bind-license amazon-linux-2023-upgrade-bind-pkcs11 amazon-linux-2023-upgrade-bind-pkcs11-debuginfo amazon-linux-2023-upgrade-bind-pkcs11-devel amazon-linux-2023-upgrade-bind-pkcs11-libs amazon-linux-2023-upgrade-bind-pkcs11-libs-debuginfo amazon-linux-2023-upgrade-bind-pkcs11-utils amazon-linux-2023-upgrade-bind-pkcs11-utils-debuginfo amazon-linux-2023-upgrade-bind-utils amazon-linux-2023-upgrade-bind-utils-debuginfo amazon-linux-2023-upgrade-python3-bind References https://attackerkb.com/topics/cve-2023-3341 CVE - 2023-3341 https://alas.aws.amazon.com/AL2023/ALAS-2023-372.html

IBM AIX: bind_advisory25 (CVE-2023-3341): Vulnerability in bind affects AIX Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/30/2025 Description The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. Solution(s) ibm-aix-bind_advisory25 References https://attackerkb.com/topics/cve-2023-3341 CVE - 2023-3341 https://aix.software.ibm.com/aix/efixes/security/bind_advisory25.asc

Red Hat: CVE-2023-40476: gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 05/01/2024 Added 05/01/2024 Modified 12/18/2024 Description GStreamer H265 Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of H265 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21768. Solution(s) redhat-upgrade-gstreamer1-plugins-bad-free redhat-upgrade-gstreamer1-plugins-bad-free-debuginfo redhat-upgrade-gstreamer1-plugins-bad-free-debugsource redhat-upgrade-gstreamer1-plugins-bad-free-devel References CVE-2023-40476 RHSA-2024:2287 RHSA-2024:3060

Progress MOVEit Transfer: CVE-2023-42656: MOVEit Transfer Reflected XSS Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 09/20/2023 Created 12/14/2024 Added 12/13/2024 Modified 01/30/2025 Description A reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer"s web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victim"s browser. Solution(s) progress-moveit-transfer-cve-2023-42656-solution References https://attackerkb.com/topics/cve-2023-42656 CVE - 2023-42656 https://community.progress.com/s/article/ka74Q000000Cg8oQAC

Alpine Linux: CVE-2023-4236: Reachable Assertion Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. Solution(s) alpine-linux-upgrade-bind References https://attackerkb.com/topics/cve-2023-4236 CVE - 2023-4236 https://security.alpinelinux.org/vuln/CVE-2023-4236

Amazon Linux AMI 2: CVE-2023-3341: Security patch for bind (ALAS-2023-2273) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/30/2025 Description The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. Solution(s) amazon-linux-ami-2-upgrade-bind amazon-linux-ami-2-upgrade-bind-chroot amazon-linux-ami-2-upgrade-bind-debuginfo amazon-linux-ami-2-upgrade-bind-devel amazon-linux-ami-2-upgrade-bind-export-devel amazon-linux-ami-2-upgrade-bind-export-libs amazon-linux-ami-2-upgrade-bind-libs amazon-linux-ami-2-upgrade-bind-libs-lite amazon-linux-ami-2-upgrade-bind-license amazon-linux-ami-2-upgrade-bind-lite-devel amazon-linux-ami-2-upgrade-bind-pkcs11 amazon-linux-ami-2-upgrade-bind-pkcs11-devel amazon-linux-ami-2-upgrade-bind-pkcs11-libs amazon-linux-ami-2-upgrade-bind-pkcs11-utils amazon-linux-ami-2-upgrade-bind-sdb amazon-linux-ami-2-upgrade-bind-sdb-chroot amazon-linux-ami-2-upgrade-bind-utils References https://attackerkb.com/topics/cve-2023-3341 AL2/ALAS-2023-2273 CVE - 2023-3341

Red Hat: CVE-2023-3341: stack exhaustion in control channel code may lead to DoS (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/30/2025 Description The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. Solution(s) redhat-upgrade-bind redhat-upgrade-bind-chroot redhat-upgrade-bind-debuginfo redhat-upgrade-bind-debugsource redhat-upgrade-bind-devel redhat-upgrade-bind-dnssec-doc redhat-upgrade-bind-dnssec-utils redhat-upgrade-bind-dnssec-utils-debuginfo redhat-upgrade-bind-doc redhat-upgrade-bind-export-devel redhat-upgrade-bind-export-libs redhat-upgrade-bind-export-libs-debuginfo redhat-upgrade-bind-libs redhat-upgrade-bind-libs-debuginfo redhat-upgrade-bind-libs-lite redhat-upgrade-bind-libs-lite-debuginfo redhat-upgrade-bind-license redhat-upgrade-bind-lite-devel redhat-upgrade-bind-pkcs11 redhat-upgrade-bind-pkcs11-debuginfo redhat-upgrade-bind-pkcs11-devel redhat-upgrade-bind-pkcs11-libs redhat-upgrade-bind-pkcs11-libs-debuginfo redhat-upgrade-bind-pkcs11-utils redhat-upgrade-bind-pkcs11-utils-debuginfo redhat-upgrade-bind-sdb redhat-upgrade-bind-sdb-chroot redhat-upgrade-bind-sdb-debuginfo redhat-upgrade-bind-utils redhat-upgrade-bind-utils-debuginfo redhat-upgrade-bind9-16 redhat-upgrade-bind9-16-chroot redhat-upgrade-bind9-16-debuginfo redhat-upgrade-bind9-16-debugsource redhat-upgrade-bind9-16-devel redhat-upgrade-bind9-16-dnssec-utils redhat-upgrade-bind9-16-dnssec-utils-debuginfo redhat-upgrade-bind9-16-doc redhat-upgrade-bind9-16-libs redhat-upgrade-bind9-16-libs-debuginfo redhat-upgrade-bind9-16-license redhat-upgrade-bind9-16-utils redhat-upgrade-bind9-16-utils-debuginfo redhat-upgrade-python3-bind redhat-upgrade-python3-bind9-16 References CVE-2023-3341 RHSA-2023:5460 RHSA-2023:5473 RHSA-2023:5474 RHSA-2023:5689 RHSA-2023:5690 RHSA-2023:5691 RHSA-2023:5771 View more

Ubuntu: USN-6552-1 (CVE-2023-42464): Netatalk vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/20/2023 Created 12/14/2023 Added 12/13/2023 Modified 01/28/2025 Description A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967. Solution(s) ubuntu-upgrade-netatalk References https://attackerkb.com/topics/cve-2023-42464 CVE - 2023-42464 DSA-5503 USN-6552-1

Red Hat: CVE-2023-0462: Important: Satellite 6.13.5 Async Security Update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 09/20/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload. Solution(s) redhat-upgrade-foreman-cli redhat-upgrade-rubygem-foreman_maintain redhat-upgrade-satellite redhat-upgrade-satellite-branding redhat-upgrade-satellite-cli References CVE-2023-0462

Ubuntu: (Multiple Advisories) (CVE-2023-4504): CUPS vulnerability Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 09/20/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. Solution(s) ubuntu-pro-upgrade-cups ubuntu-pro-upgrade-libppd2 References https://attackerkb.com/topics/cve-2023-4504 CVE - 2023-4504 USN-6391-1 USN-6391-2 USN-6392-1

Ubuntu: USN-6390-1 (CVE-2023-4236): Bind vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/20/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. Solution(s) ubuntu-upgrade-bind9 References https://attackerkb.com/topics/cve-2023-4236 CVE - 2023-4236 USN-6390-1

Oracle Linux: CVE-2023-42752: ELSA-2023-13043: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 09/19/2023 Created 12/20/2023 Added 12/14/2023 Modified 01/23/2025 Description An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-42752 CVE - 2023-42752 ELSA-2023-13043 ELSA-2024-12110

JetBrains TeamCity: CVE-2023-42793: Authentication Bypass (authenticated) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/19/2023 Created 09/28/2023 Added 09/27/2023 Modified 10/14/2024 Description Deprecated Solution(s)

Atlassian Bitbucket (CVE-2023-22513): RCE (Remote Code Execution) in Bitbucket Data Center and Server Severity 7 CVSS (AV:N/AC:H/Au:S/C:C/I:C/A:C) Published 09/19/2023 Created 11/21/2024 Added 11/14/2024 Modified 11/14/2024 Description This High severity RCE (Remote Code Execution) vulnerability *was introduced in version 8.0.0* of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 * Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 * Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 * Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 * Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 * Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 * Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. *Versions before 8.0.0 (e.g., 7.x series) are unaffected by this vulnerability.* See the release notes ([https://confluence.atlassian.com/bitbucketserver/release-notes]). You can download the latest version of Bitbucket Data Center and Server from the download center ([https://www.atlassian.com/software/bitbucket/download-archives]). This vulnerability was discovered by a private user and reported via our Bug Bounty program Solution(s) atlassian-bitbucket-upgrade-latest References https://attackerkb.com/topics/cve-2023-22513 CVE - 2023-22513 https://jira.atlassian.com/browse/BSERV-14419

JetBrains TeamCity: CVE-2023-42793: Authentication bypass leading to RCE on TeamCity Server was possible. Reported by Stefan Schiller from Sonar (TW-83545) (remote) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/19/2023 Created 10/22/2024 Added 10/15/2024 Modified 10/22/2024 Description In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2023-42793 CVE - 2023-42793 http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793 https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/ https://www.jetbrains.com/privacy-security/issues-fixed/ https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/ https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/ View more

JetBrains TeamCity: CVE-2023-42793: Authentication bypass leading to RCE on TeamCity Server was possible. Reported by Stefan Schiller from Sonar (TW-83545) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/19/2023 Created 09/25/2023 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2023-42793 CVE - 2023-42793 https://www.jetbrains.com/privacy-security/issues-fixed/ https://blog.jetbrains.com/teamcity/2023/09/cve-2023-42793-vulnerability-post-mortem/ http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793 https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/ https://www.rapid7.com/blog/post/2023/09/25/etr-cve-2023-42793-critical-authentication-bypass-in-jetbrains-teamcity-ci-cd-servers/ https://www.sonarsource.com/blog/teamcity-vulnerability/ View more

JetBrains TeamCity: CVE-2023-43566: Stored XSS was possible during nodes configuration (TW-83216) Severity 5 CVSS (AV:N/AC:L/Au:M/C:P/I:P/A:N) Published 09/19/2023 Created 10/22/2024 Added 10/15/2024 Modified 02/03/2025 Description In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration Solution(s) jetbrains-teamcity-upgrade-latest References https://attackerkb.com/topics/cve-2023-43566 CVE - 2023-43566 https://www.jetbrains.com/privacy-security/issues-fixed/