ISHACK AI BOT

Gentoo Linux: CVE-2023-36741: Microsoft Edge: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/26/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Solution(s) gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-36741 CVE - 2023-36741 202402-05

Microsoft Edge Chromium: CVE-2023-36741 Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 08/26/2023 Created 08/28/2023 Added 08/28/2023 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-36741 CVE - 2023-36741 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36741

CentOS Linux: CVE-2023-38201: Moderate: keylime security update (CESA-2023:5080) Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:C/A:N) Published 08/25/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database. Solution(s) centos-upgrade-keylime centos-upgrade-keylime-base centos-upgrade-keylime-registrar centos-upgrade-keylime-selinux centos-upgrade-keylime-tenant centos-upgrade-keylime-verifier centos-upgrade-python3-keylime References CVE-2023-38201

CentOS Linux: CVE-2023-40217: Important: python3 security update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 08/25/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) Solution(s) centos-upgrade-python centos-upgrade-python-debug centos-upgrade-python-debuginfo centos-upgrade-python-devel centos-upgrade-python-libs centos-upgrade-python-test centos-upgrade-python-tools centos-upgrade-python3 centos-upgrade-python3-debug centos-upgrade-python3-debuginfo centos-upgrade-python3-devel centos-upgrade-python3-idle centos-upgrade-python3-libs centos-upgrade-python3-test centos-upgrade-python3-tkinter centos-upgrade-tkinter References CVE-2023-40217

Amazon Linux 2023: CVE-2023-2906: Medium priority package update for wireshark Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/25/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. A vulnerability was found in Wireshark. This security issue occurs due to a failure to validate the length an attacker-crafted CP2179 packet provides. This flaw leaves Wireshark susceptible to a divide-by-zero problem, allowing a denial of service attack. Solution(s) amazon-linux-2023-upgrade-wireshark-cli amazon-linux-2023-upgrade-wireshark-cli-debuginfo amazon-linux-2023-upgrade-wireshark-debugsource amazon-linux-2023-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-2906 CVE - 2023-2906 https://alas.aws.amazon.com/AL2023/ALAS-2023-348.html

Amazon Linux 2023: CVE-2023-40217: Important priority package update for python3.11 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/25/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible. Solution(s) amazon-linux-2023-upgrade-python3 amazon-linux-2023-upgrade-python3-11 amazon-linux-2023-upgrade-python3-11-debug amazon-linux-2023-upgrade-python3-11-debuginfo amazon-linux-2023-upgrade-python3-11-debugsource amazon-linux-2023-upgrade-python3-11-devel amazon-linux-2023-upgrade-python3-11-idle amazon-linux-2023-upgrade-python3-11-libs amazon-linux-2023-upgrade-python3-11-test amazon-linux-2023-upgrade-python3-11-tkinter amazon-linux-2023-upgrade-python3-9-debuginfo amazon-linux-2023-upgrade-python3-9-debugsource amazon-linux-2023-upgrade-python3-debug amazon-linux-2023-upgrade-python3-devel amazon-linux-2023-upgrade-python3-idle amazon-linux-2023-upgrade-python3-libs amazon-linux-2023-upgrade-python3-test amazon-linux-2023-upgrade-python3-tkinter amazon-linux-2023-upgrade-python-unversioned-command References https://attackerkb.com/topics/cve-2023-40217 CVE - 2023-40217 https://alas.aws.amazon.com/AL2023/ALAS-2023-317.html https://alas.aws.amazon.com/AL2023/ALAS-2023-319.html

Amazon Linux 2023: CVE-2023-39742: Medium priority package update for giflib Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/25/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. Solution(s) amazon-linux-2023-upgrade-giflib amazon-linux-2023-upgrade-giflib-debuginfo amazon-linux-2023-upgrade-giflib-debugsource amazon-linux-2023-upgrade-giflib-devel amazon-linux-2023-upgrade-giflib-utils amazon-linux-2023-upgrade-giflib-utils-debuginfo References https://attackerkb.com/topics/cve-2023-39742 CVE - 2023-39742 https://alas.aws.amazon.com/AL2023/ALAS-2023-386.html

Huawei EulerOS: CVE-2023-40217: python3 security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 08/25/2023 Created 07/17/2024 Added 07/17/2024 Modified 01/30/2025 Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) Solution(s) huawei-euleros-2_0_sp9-upgrade-python3 huawei-euleros-2_0_sp9-upgrade-python3-unversioned-command References https://attackerkb.com/topics/cve-2023-40217 CVE - 2023-40217 EulerOS-SA-2024-1970

Amazon Linux AMI: CVE-2023-40217: Security patch for python27 ((Multiple Advisories)) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 08/25/2023 Created 09/13/2023 Added 09/11/2023 Modified 01/28/2025 Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) Solution(s) amazon-linux-upgrade-python27 amazon-linux-upgrade-python38 References ALAS-2023-1876 CVE-2023-40217

Amazon Linux AMI: CVE-2023-41080: Security patch for tomcat8 (ALAS-2023-1861) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/25/2023 Created 10/27/2023 Added 10/25/2023 Modified 01/28/2025 Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. Solution(s) amazon-linux-upgrade-tomcat8 References ALAS-2023-1861 CVE-2023-41080

VMware Photon OS: CVE-2023-2906 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/25/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-2906 CVE - 2023-2906

SUSE: CVE-2023-39742: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/25/2023 Created 07/27/2024 Added 07/26/2024 Modified 01/28/2025 Description giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. Solution(s) suse-upgrade-giflib-devel suse-upgrade-giflib-progs suse-upgrade-libgif6 suse-upgrade-libgif6-32bit References https://attackerkb.com/topics/cve-2023-39742 CVE - 2023-39742

Alpine Linux: CVE-2023-40217: Vulnerability in Multiple Components Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 08/25/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) Solution(s) alpine-linux-upgrade-python3 References https://attackerkb.com/topics/cve-2023-40217 CVE - 2023-40217 https://security.alpinelinux.org/vuln/CVE-2023-40217

Huawei EulerOS: CVE-2023-40217: python security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 08/25/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/30/2025 Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) Solution(s) huawei-euleros-2_0_sp5-upgrade-python huawei-euleros-2_0_sp5-upgrade-python-devel huawei-euleros-2_0_sp5-upgrade-python-libs huawei-euleros-2_0_sp5-upgrade-tkinter References https://attackerkb.com/topics/cve-2023-40217 CVE - 2023-40217 EulerOS-SA-2024-1160

Ubuntu: (Multiple Advisories) (CVE-2023-40217): Python vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 08/25/2023 Created 11/25/2023 Added 11/24/2023 Modified 02/03/2025 Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) Solution(s) ubuntu-pro-upgrade-python2-7 ubuntu-pro-upgrade-python3-10 ubuntu-pro-upgrade-python3-10-minimal ubuntu-pro-upgrade-python3-11 ubuntu-pro-upgrade-python3-11-minimal ubuntu-pro-upgrade-python3-12 ubuntu-pro-upgrade-python3-12-minimal ubuntu-pro-upgrade-python3-5 ubuntu-pro-upgrade-python3-5-minimal ubuntu-pro-upgrade-python3-6 ubuntu-pro-upgrade-python3-6-minimal ubuntu-pro-upgrade-python3-7 ubuntu-pro-upgrade-python3-7-minimal ubuntu-pro-upgrade-python3-8 ubuntu-pro-upgrade-python3-8-minimal ubuntu-pro-upgrade-python3-9 ubuntu-pro-upgrade-python3-9-minimal References https://attackerkb.com/topics/cve-2023-40217 CVE - 2023-40217 USN-6513-1 USN-6513-2 USN-6891-1 USN-7180-1

Huawei EulerOS: CVE-2023-40217: python3 security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 08/25/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) Solution(s) huawei-euleros-2_0_sp10-upgrade-python3 huawei-euleros-2_0_sp10-upgrade-python3-fgo huawei-euleros-2_0_sp10-upgrade-python3-unversioned-command References https://attackerkb.com/topics/cve-2023-40217 CVE - 2023-40217 EulerOS-SA-2023-3227

Red Hat: CVE-2023-38201: challenge-response protocol bypass during agent registration (Multiple Advisories) Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:C/A:N) Published 08/25/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database. Solution(s) redhat-upgrade-keylime redhat-upgrade-keylime-base redhat-upgrade-keylime-registrar redhat-upgrade-keylime-selinux redhat-upgrade-keylime-tenant redhat-upgrade-keylime-verifier redhat-upgrade-python3-keylime References CVE-2023-38201 RHSA-2023:5080

Red Hat: CVE-2023-38710: libreswan: Invalid IKEv2 REKEY proposal causes restart (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/25/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/30/2025 Description An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20. Solution(s) redhat-upgrade-libreswan redhat-upgrade-libreswan-debuginfo redhat-upgrade-libreswan-debugsource References CVE-2023-38710 RHSA-2023:6549 RHSA-2023:7052 RHSA-2025:0309

SUSE: CVE-2023-41080: SUSE Linux Security Advisory Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/25/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. Solution(s) suse-upgrade-tomcat suse-upgrade-tomcat-admin-webapps suse-upgrade-tomcat-docs-webapp suse-upgrade-tomcat-el-3_0-api suse-upgrade-tomcat-embed suse-upgrade-tomcat-javadoc suse-upgrade-tomcat-jsp-2_3-api suse-upgrade-tomcat-jsvc suse-upgrade-tomcat-lib suse-upgrade-tomcat-servlet-4_0-api suse-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-41080 CVE - 2023-41080

VMware Photon OS: CVE-2023-40217 Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 08/25/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-40217 CVE - 2023-40217

Huawei EulerOS: CVE-2023-39742: giflib security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/25/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. Solution(s) huawei-euleros-2_0_sp8-upgrade-giflib References https://attackerkb.com/topics/cve-2023-39742 CVE - 2023-39742 EulerOS-SA-2024-1267

Amazon Linux 2023: CVE-2023-4513: Medium priority package update for wireshark Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/24/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file A denial of service vulnerability was found in Wireshark due to a memory leak in the Bluetooth SDP dissector. This issue may allow a remote attacker to induce a crash in Wireshark by injecting a malformed packet onto the wire or persuading someone to read a corrupted packet trace file. Solution(s) amazon-linux-2023-upgrade-wireshark-cli amazon-linux-2023-upgrade-wireshark-cli-debuginfo amazon-linux-2023-upgrade-wireshark-debugsource amazon-linux-2023-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-4513 CVE - 2023-4513 https://alas.aws.amazon.com/AL2023/ALAS-2023-348.html

Amazon Linux 2023: CVE-2023-45871: Important priority package update for kernel Severity 7 CVSS (AV:A/AC:H/Au:N/C:C/I:C/A:C) Published 08/24/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. A flaw was found in igb_configure_rx_ring in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel. An overflow of the contents from a packet that is too large will overflow into the kernel's ring buffer, leading to a system integrity issue. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-55-75-123 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-45871 CVE - 2023-45871 https://alas.aws.amazon.com/AL2023/ALAS-2023-356.html

Wireshark : CVE-2023-4511 : BT SDP dissector infinite loop Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 08/24/2023 Created 09/25/2024 Added 09/24/2024 Modified 01/28/2025 Description BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file Solution(s) wireshark-upgrade-3_6_16 wireshark-upgrade-4_0_8 References https://attackerkb.com/topics/cve-2023-4511 CVE - 2023-4511 https://www.wireshark.org/security/wnpa-sec-2023-24.html

Red Hat: CVE-2023-32559: Permissions policies can be bypassed via process.binding (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:S/C:C/I:C/A:C) Published 08/24/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/30/2025 Description A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. Solution(s) redhat-upgrade-nodejs redhat-upgrade-nodejs-debuginfo redhat-upgrade-nodejs-debugsource redhat-upgrade-nodejs-devel redhat-upgrade-nodejs-docs redhat-upgrade-nodejs-full-i18n redhat-upgrade-nodejs-libs redhat-upgrade-nodejs-libs-debuginfo redhat-upgrade-nodejs-nodemon redhat-upgrade-nodejs-packaging redhat-upgrade-nodejs-packaging-bundler redhat-upgrade-npm References CVE-2023-32559 RHSA-2023:5360 RHSA-2023:5361 RHSA-2023:5362 RHSA-2023:5363 RHSA-2023:5532 RHSA-2023:5533 View more