ISHACK AI BOT

CentOS Linux: CVE-2023-39322: Moderate: skopeo security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/08/2023 Created 12/14/2023 Added 12/13/2023 Modified 01/28/2025 Description QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size. Solution(s) centos-upgrade-aardvark-dns centos-upgrade-buildah centos-upgrade-buildah-debuginfo centos-upgrade-buildah-debugsource centos-upgrade-buildah-tests centos-upgrade-buildah-tests-debuginfo centos-upgrade-cockpit-podman centos-upgrade-conmon centos-upgrade-conmon-debuginfo centos-upgrade-conmon-debugsource centos-upgrade-container-selinux centos-upgrade-containernetworking-plugins centos-upgrade-containernetworking-plugins-debuginfo centos-upgrade-containernetworking-plugins-debugsource centos-upgrade-containers-common centos-upgrade-crit centos-upgrade-criu centos-upgrade-criu-debuginfo centos-upgrade-criu-debugsource centos-upgrade-criu-devel centos-upgrade-criu-libs centos-upgrade-criu-libs-debuginfo centos-upgrade-crun centos-upgrade-crun-debuginfo centos-upgrade-crun-debugsource centos-upgrade-fuse-overlayfs centos-upgrade-fuse-overlayfs-debuginfo centos-upgrade-fuse-overlayfs-debugsource centos-upgrade-libslirp centos-upgrade-libslirp-debuginfo centos-upgrade-libslirp-debugsource centos-upgrade-libslirp-devel centos-upgrade-netavark centos-upgrade-oci-seccomp-bpf-hook centos-upgrade-oci-seccomp-bpf-hook-debuginfo centos-upgrade-oci-seccomp-bpf-hook-debugsource centos-upgrade-podman centos-upgrade-podman-catatonit centos-upgrade-podman-catatonit-debuginfo centos-upgrade-podman-debuginfo centos-upgrade-podman-debugsource centos-upgrade-podman-docker centos-upgrade-podman-gvproxy centos-upgrade-podman-gvproxy-debuginfo centos-upgrade-podman-plugins centos-upgrade-podman-plugins-debuginfo centos-upgrade-podman-remote centos-upgrade-podman-remote-debuginfo centos-upgrade-podman-tests centos-upgrade-python3-criu centos-upgrade-python3-podman centos-upgrade-runc centos-upgrade-runc-debuginfo centos-upgrade-runc-debugsource centos-upgrade-skopeo centos-upgrade-skopeo-debuginfo centos-upgrade-skopeo-debugsource centos-upgrade-skopeo-tests centos-upgrade-slirp4netns centos-upgrade-slirp4netns-debuginfo centos-upgrade-slirp4netns-debugsource centos-upgrade-toolbox centos-upgrade-toolbox-debuginfo centos-upgrade-toolbox-debugsource centos-upgrade-toolbox-tests centos-upgrade-udica References CVE-2023-39322

Huawei EulerOS: CVE-2023-39319: golang security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 09/08/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. Solution(s) huawei-euleros-2_0_sp11-upgrade-golang huawei-euleros-2_0_sp11-upgrade-golang-devel huawei-euleros-2_0_sp11-upgrade-golang-help References https://attackerkb.com/topics/cve-2023-39319 CVE - 2023-39319 EulerOS-SA-2023-3270

VMware Photon OS: CVE-2023-39319 Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 09/08/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-39319 CVE - 2023-39319

VMware Photon OS: CVE-2023-4807 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/08/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4807 CVE - 2023-4807

Alma Linux: CVE-2023-39322: Moderate: container-tools:4.0 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 09/08/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-fuse-overlayfs alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2023-39322 CVE - 2023-39322 https://errata.almalinux.org/8/ALSA-2024-0121.html https://errata.almalinux.org/9/ALSA-2023-7762.html https://errata.almalinux.org/9/ALSA-2023-7763.html https://errata.almalinux.org/9/ALSA-2023-7764.html https://errata.almalinux.org/9/ALSA-2023-7765.html https://errata.almalinux.org/9/ALSA-2023-7766.html View more

Ubuntu: (Multiple Advisories) (CVE-2023-39318): Go vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 09/08/2023 Created 01/13/2024 Added 01/12/2024 Modified 01/30/2025 Description The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. Solution(s) ubuntu-pro-upgrade-golang-1-17 ubuntu-pro-upgrade-golang-1-17-go ubuntu-pro-upgrade-golang-1-17-src ubuntu-pro-upgrade-golang-1-18 ubuntu-pro-upgrade-golang-1-18-go ubuntu-pro-upgrade-golang-1-18-src ubuntu-pro-upgrade-golang-1-20 ubuntu-pro-upgrade-golang-1-20-go ubuntu-pro-upgrade-golang-1-20-src ubuntu-pro-upgrade-golang-1-21 ubuntu-pro-upgrade-golang-1-21-go ubuntu-pro-upgrade-golang-1-21-src References https://attackerkb.com/topics/cve-2023-39318 CVE - 2023-39318 USN-6574-1 USN-7061-1 USN-7109-1

Huawei EulerOS: CVE-2023-39319: golang security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 09/08/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. Solution(s) huawei-euleros-2_0_sp9-upgrade-golang huawei-euleros-2_0_sp9-upgrade-golang-devel huawei-euleros-2_0_sp9-upgrade-golang-help References https://attackerkb.com/topics/cve-2023-39319 CVE - 2023-39319 EulerOS-SA-2023-3331

Huawei EulerOS: CVE-2023-39318: golang security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 09/08/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. Solution(s) huawei-euleros-2_0_sp9-upgrade-golang huawei-euleros-2_0_sp9-upgrade-golang-devel huawei-euleros-2_0_sp9-upgrade-golang-help References https://attackerkb.com/topics/cve-2023-39318 CVE - 2023-39318 EulerOS-SA-2023-3331

Red Hat: CVE-2023-39318: golang: html/template:improper handling of HTML-like comments within script contexts (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 09/08/2023 Created 12/14/2023 Added 12/13/2023 Modified 01/30/2025 Description The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-debuginfo redhat-upgrade-skopeo-debugsource redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2023-39318 RHSA-2023:7762 RHSA-2023:7764 RHSA-2023:7765 RHSA-2023:7766 RHSA-2024:0121 RHSA-2024:2160 RHSA-2024:2988 View more

OS X update for WebKit (CVE-2023-40397) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/07/2023 Created 09/07/2023 Added 09/07/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution. Solution(s) apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-40397 CVE - 2023-40397 https://support.apple.com/kb/HT213843

JSCAPE MFT Server: CVE-2023-4528: Remote Code Execution Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/07/2023 Created 09/07/2023 Added 09/07/2023 Modified 10/16/2023 Description JSCAPE MFT Server is vulnerable to Remote Code Execution in the JSCAPE command line utilites tool. Solution(s) jscape-mft-server-cve-2023-4528 References https://attackerkb.com/topics/cve-2023-4528 CVE - 2023-4528

OS X update for AMD (CVE-2023-38616) Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 09/07/2023 Created 09/07/2023 Added 09/07/2023 Modified 01/28/2025 Description A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-38616 CVE - 2023-38616 https://support.apple.com/kb/HT213843

OS X update for CFNetwork (CVE-2023-40392) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/07/2023 Created 09/07/2023 Added 09/07/2023 Modified 01/28/2025 Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information. Solution(s) apple-osx-upgrade-11_7_9 apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-40392 CVE - 2023-40392 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845

Oracle Linux: CVE-2023-6228: ELSA-2024-5079:libtiff security update (MODERATE) (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:P) Published 09/07/2023 Created 05/22/2024 Added 05/07/2024 Modified 12/01/2024 Description An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-6228 CVE - 2023-6228 ELSA-2024-5079 ELSA-2024-2289

OS X update for Weather (CVE-2023-38605) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/07/2023 Created 09/07/2023 Added 09/07/2023 Modified 01/28/2025 Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. Solution(s) apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-38605 CVE - 2023-38605 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844

Google Chrome Vulnerability: CVE-2023-4764 Incorrect security UI in BFCache Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 09/06/2023 Created 09/06/2023 Added 09/06/2023 Modified 01/28/2025 Description Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4764 CVE - 2023-4764 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html

OS X update for Calendar (CVE-2023-28188) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Associated Domains (CVE-2023-32428) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2023-4244: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 09/06/2023 Created 12/14/2023 Added 12/13/2023 Modified 01/28/2025 Description A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Due to a race condition between nf_tables netlink control plane transaction and nft_set element garbage collection, it is possible to underflow the reference counter causing a use-after-free vulnerability. We recommend upgrading past commit 3e91b0ebd994635df2346353322ac51ce84ce6d8. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-4244 CVE - 2023-4244

OS X update for Carbon Core (CVE-2023-28188) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Camera (CVE-2023-28195) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2023-4623: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/06/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4623 CVE - 2023-4623 EulerOS-SA-2023-3217

OS X update for NSURLSession (CVE-2023-32432) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Calendar (CVE-2023-32362) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2023-4208: Security patch for kernel, kernel-livepatch-4.14.320-243.544, kernel-livepatch-5.10.186-179.751 (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/06/2023 Created 10/04/2023 Added 10/04/2023 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-320-243-544 amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-320-243-544-debuginfo amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-322-244-536 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-186-179-751 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-186-179-751-debuginfo amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-192-182-736 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-128-80-144 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-4208 AL2/ALAS-2023-2268 AL2/ALASKERNEL-5.10-2023-039 AL2/ALASKERNEL-5.15-2023-026 AL2/ALASKERNEL-5.4-2023-054 AL2/ALASLIVEPATCH-2023-154 AL2/ALASLIVEPATCH-2023-155 CVE - 2023-4208 View more