ISHACK AI BOT

OS X update for Foundation (CVE-2023-28187) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2023-40397: Security patch for webkitgtk4 (ALAS-2023-2270) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/06/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution. Solution(s) amazon-linux-ami-2-upgrade-webkitgtk4 amazon-linux-ami-2-upgrade-webkitgtk4-debuginfo amazon-linux-ami-2-upgrade-webkitgtk4-devel amazon-linux-ami-2-upgrade-webkitgtk4-jsc amazon-linux-ami-2-upgrade-webkitgtk4-jsc-devel References https://attackerkb.com/topics/cve-2023-40397 AL2/ALAS-2023-2270 CVE - 2023-40397

OS X update for FontParser (CVE-2023-28187) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for GeoServices (CVE-2023-32428) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Mail (CVE-2023-32370) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Mail (CVE-2023-27950) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for WebKit (CVE-2023-32370) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 09/06/2023 Created 09/06/2023 Added 09/06/2023 Modified 01/28/2025 Description A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-32370 CVE - 2023-32370 https://support.apple.com/kb/HT213670

OS X update for Mail (CVE-2023-32362) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for MallocStackLogging (CVE-2023-32428) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 09/06/2023 Created 09/06/2023 Added 09/06/2023 Modified 01/28/2025 Description This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges. Solution(s) apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32428 CVE - 2023-32428 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759

FreeBSD: VID-BEB36F39-4D74-11EE-985E-BFF341E78D94 (CVE-2023-39320): go -- multiple vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 09/06/2023 Created 09/11/2023 Added 09/08/2023 Modified 01/28/2025 Description The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software. Solution(s) freebsd-upgrade-package-go120 freebsd-upgrade-package-go121 References CVE-2023-39320

OS X update for PDFKit (CVE-2023-32432) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2023-4622: kernel security update Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 09/06/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4622 CVE - 2023-4622 EulerOS-SA-2023-3275

OS X update for IOAcceleratorFamily (CVE-2023-28188) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Foundation (CVE-2023-32362) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2023-4622: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 09/06/2023 Created 10/11/2023 Added 10/11/2023 Modified 01/28/2025 Description A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-4622 CVE - 2023-4622

OS X update for Foundation (CVE-2023-32370) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

SUSE: CVE-2023-41053: SUSE Linux Security Advisory Severity 2 CVSS (AV:L/AC:L/Au:S/C:P/I:N/A:N) Published 09/06/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-redis7 References https://attackerkb.com/topics/cve-2023-41053 CVE - 2023-41053

OS X update for FaceTime (CVE-2023-32370) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for LaunchServices (CVE-2023-32432) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Kernel (CVE-2023-28187) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 09/06/2023 Created 09/06/2023 Added 09/06/2023 Modified 01/28/2025 Description This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3. A user may be able to cause a denial-of-service. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-28187 CVE - 2023-28187 https://support.apple.com/kb/HT213670

CentOS Linux: CVE-2023-4206: Important: kpatch-patch security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/06/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt centos-upgrade-kpatch-patch-3_10_0-1160_102_1 centos-upgrade-kpatch-patch-3_10_0-1160_102_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_90_1 centos-upgrade-kpatch-patch-3_10_0-1160_90_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_92_1 centos-upgrade-kpatch-patch-3_10_0-1160_92_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_95_1 centos-upgrade-kpatch-patch-3_10_0-1160_95_1-debuginfo centos-upgrade-kpatch-patch-3_10_0-1160_99_1 centos-upgrade-kpatch-patch-3_10_0-1160_99_1-debuginfo References CVE-2023-4206

OS X update for CoreServices (CVE-2023-28195) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Find My (CVE-2023-28188) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Identity Services (CVE-2023-28188) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 09/06/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alma Linux: CVE-2023-4206: Important: kernel security, bug fix, and enhancement update (ALSA-2023-7077) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 09/06/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_route component can be exploited to achieve local privilege escalation. When route4_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-devel alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4206 CVE - 2023-4206 https://errata.almalinux.org/8/ALSA-2023-7077.html