ISHACK AI BOT

SUSE: CVE-2023-38104: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/07/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MDPR chunks. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-21444. Solution(s) suse-upgrade-gstreamer-plugins-ugly suse-upgrade-gstreamer-plugins-ugly-32bit suse-upgrade-gstreamer-plugins-ugly-doc suse-upgrade-gstreamer-plugins-ugly-lang References https://attackerkb.com/topics/cve-2023-38104 CVE - 2023-38104

SUSE: CVE-2023-36054: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2023 Created 08/17/2023 Added 08/17/2023 Modified 01/28/2025 Description lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. Solution(s) suse-upgrade-krb5 suse-upgrade-krb5-32bit suse-upgrade-krb5-client suse-upgrade-krb5-devel suse-upgrade-krb5-devel-32bit suse-upgrade-krb5-doc suse-upgrade-krb5-plugin-kdb-ldap suse-upgrade-krb5-plugin-preauth-otp suse-upgrade-krb5-plugin-preauth-pkinit suse-upgrade-krb5-plugin-preauth-spake suse-upgrade-krb5-server References https://attackerkb.com/topics/cve-2023-36054 CVE - 2023-36054

Amazon Linux AMI 2: CVE-2023-4147: Security patch for kernel, kernel-livepatch-5.10.186-179.751 (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/07/2023 Created 09/07/2023 Added 09/07/2023 Modified 01/28/2025 Description A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-186-179-751 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-186-179-751-debuginfo amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-192-182-736 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-128-80-144 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-4147 AL2/ALASKERNEL-5.10-2023-039 AL2/ALASKERNEL-5.15-2023-026 AL2/ALASLIVEPATCH-2023-155 CVE - 2023-4147

Red Hat: CVE-2023-4147: kernel: netfilter: nf_tables_newrule when adding a rule with NFTA_RULE_CHAIN_ID leads to use-after-free (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/07/2023 Created 09/13/2023 Added 09/13/2023 Modified 01/28/2025 Description A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-4147 RHSA-2023:5069 RHSA-2023:5091 RHSA-2023:5093 RHSA-2023:7382 RHSA-2023:7389 RHSA-2023:7411 View more

Red Hat: CVE-2023-36054: Denial of service through freeing uninitialized pointer (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. Solution(s) redhat-upgrade-krb5-debuginfo redhat-upgrade-krb5-debugsource redhat-upgrade-krb5-devel redhat-upgrade-krb5-libs redhat-upgrade-krb5-libs-debuginfo redhat-upgrade-krb5-pkinit redhat-upgrade-krb5-pkinit-debuginfo redhat-upgrade-krb5-server redhat-upgrade-krb5-server-debuginfo redhat-upgrade-krb5-server-ldap redhat-upgrade-krb5-server-ldap-debuginfo redhat-upgrade-krb5-workstation redhat-upgrade-krb5-workstation-debuginfo redhat-upgrade-libkadm5 redhat-upgrade-libkadm5-debuginfo References CVE-2023-36054 RHSA-2023:6699

Gentoo Linux: CVE-2023-36054: MIT krb5: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/07/2023 Created 05/06/2024 Added 05/06/2024 Modified 01/28/2025 Description lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count. Solution(s) gentoo-linux-upgrade-app-crypt-mit-krb5 References https://attackerkb.com/topics/cve-2023-36054 CVE - 2023-36054 202405-11

Oracle Linux: CVE-2023-40360: ELSA-2024-12605: virt:kvm_utils2 security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 08/06/2023 Created 10/24/2024 Added 10/16/2024 Modified 12/17/2024 Description QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled. A flaw was found in the virtual nvme device in QEMU. The nvme_directive_receive() function does not check if an endurance group has been configured (set) prior to testing if flexible data placement is enabled, potentially leading to a NULL pointer dereference issue. Solution(s) oracle-linux-upgrade-hivex oracle-linux-upgrade-hivex-devel oracle-linux-upgrade-libguestfs oracle-linux-upgrade-libguestfs-appliance oracle-linux-upgrade-libguestfs-bash-completion oracle-linux-upgrade-libguestfs-devel oracle-linux-upgrade-libguestfs-gfs2 oracle-linux-upgrade-libguestfs-gobject oracle-linux-upgrade-libguestfs-gobject-devel oracle-linux-upgrade-libguestfs-inspect-icons oracle-linux-upgrade-libguestfs-java oracle-linux-upgrade-libguestfs-java-devel oracle-linux-upgrade-libguestfs-javadoc oracle-linux-upgrade-libguestfs-man-pages-ja oracle-linux-upgrade-libguestfs-man-pages-uk oracle-linux-upgrade-libguestfs-rescue oracle-linux-upgrade-libguestfs-rsync oracle-linux-upgrade-libguestfs-tools oracle-linux-upgrade-libguestfs-tools-c oracle-linux-upgrade-libguestfs-winsupport oracle-linux-upgrade-libguestfs-xfs oracle-linux-upgrade-libiscsi oracle-linux-upgrade-libiscsi-devel oracle-linux-upgrade-libiscsi-utils oracle-linux-upgrade-libnbd oracle-linux-upgrade-libnbd-bash-completion oracle-linux-upgrade-libnbd-devel oracle-linux-upgrade-libtpms oracle-linux-upgrade-libtpms-devel oracle-linux-upgrade-libvirt oracle-linux-upgrade-libvirt-client oracle-linux-upgrade-libvirt-daemon oracle-linux-upgrade-libvirt-daemon-config-network oracle-linux-upgrade-libvirt-daemon-config-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-interface oracle-linux-upgrade-libvirt-daemon-driver-network oracle-linux-upgrade-libvirt-daemon-driver-nodedev oracle-linux-upgrade-libvirt-daemon-driver-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-qemu oracle-linux-upgrade-libvirt-daemon-driver-secret oracle-linux-upgrade-libvirt-daemon-driver-storage oracle-linux-upgrade-libvirt-daemon-driver-storage-core oracle-linux-upgrade-libvirt-daemon-driver-storage-disk oracle-linux-upgrade-libvirt-daemon-driver-storage-gluster oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi-direct oracle-linux-upgrade-libvirt-daemon-driver-storage-logical oracle-linux-upgrade-libvirt-daemon-driver-storage-mpath oracle-linux-upgrade-libvirt-daemon-driver-storage-rbd oracle-linux-upgrade-libvirt-daemon-driver-storage-scsi oracle-linux-upgrade-libvirt-daemon-kvm oracle-linux-upgrade-libvirt-dbus oracle-linux-upgrade-libvirt-devel oracle-linux-upgrade-libvirt-docs oracle-linux-upgrade-libvirt-libs oracle-linux-upgrade-libvirt-lock-sanlock oracle-linux-upgrade-libvirt-nss oracle-linux-upgrade-libvirt-wireshark oracle-linux-upgrade-lua-guestfs oracle-linux-upgrade-nbdfuse oracle-linux-upgrade-nbdkit oracle-linux-upgrade-nbdkit-bash-completion oracle-linux-upgrade-nbdkit-basic-filters oracle-linux-upgrade-nbdkit-basic-plugins oracle-linux-upgrade-nbdkit-curl-plugin oracle-linux-upgrade-nbdkit-devel oracle-linux-upgrade-nbdkit-example-plugins oracle-linux-upgrade-nbdkit-gzip-filter oracle-linux-upgrade-nbdkit-gzip-plugin oracle-linux-upgrade-nbdkit-linuxdisk-plugin oracle-linux-upgrade-nbdkit-nbd-plugin oracle-linux-upgrade-nbdkit-python-plugin oracle-linux-upgrade-nbdkit-server oracle-linux-upgrade-nbdkit-ssh-plugin oracle-linux-upgrade-nbdkit-tar-filter oracle-linux-upgrade-nbdkit-tar-plugin oracle-linux-upgrade-nbdkit-tmpdisk-plugin oracle-linux-upgrade-nbdkit-vddk-plugin oracle-linux-upgrade-nbdkit-xz-filter oracle-linux-upgrade-netcf oracle-linux-upgrade-netcf-devel oracle-linux-upgrade-netcf-libs oracle-linux-upgrade-perl-hivex oracle-linux-upgrade-perl-sys-guestfs oracle-linux-upgrade-perl-sys-virt oracle-linux-upgrade-python3-hivex oracle-linux-upgrade-python3-libguestfs oracle-linux-upgrade-python3-libnbd oracle-linux-upgrade-python3-libvirt oracle-linux-upgrade-qemu-guest-agent oracle-linux-upgrade-qemu-img oracle-linux-upgrade-qemu-kvm oracle-linux-upgrade-qemu-kvm-block-curl oracle-linux-upgrade-qemu-kvm-block-gluster oracle-linux-upgrade-qemu-kvm-block-iscsi oracle-linux-upgrade-qemu-kvm-block-rbd oracle-linux-upgrade-qemu-kvm-block-ssh oracle-linux-upgrade-qemu-kvm-common oracle-linux-upgrade-qemu-kvm-core oracle-linux-upgrade-qemu-virtiofsd oracle-linux-upgrade-ruby-hivex oracle-linux-upgrade-ruby-libguestfs oracle-linux-upgrade-seabios oracle-linux-upgrade-seabios-bin oracle-linux-upgrade-seavgabios-bin oracle-linux-upgrade-sgabios oracle-linux-upgrade-sgabios-bin oracle-linux-upgrade-supermin oracle-linux-upgrade-supermin-devel oracle-linux-upgrade-swtpm oracle-linux-upgrade-swtpm-devel oracle-linux-upgrade-swtpm-libs oracle-linux-upgrade-swtpm-tools oracle-linux-upgrade-swtpm-tools-pkcs11 oracle-linux-upgrade-virt-dib oracle-linux-upgrade-virt-v2v oracle-linux-upgrade-virt-v2v-bash-completion oracle-linux-upgrade-virt-v2v-man-pages-ja oracle-linux-upgrade-virt-v2v-man-pages-uk References https://attackerkb.com/topics/cve-2023-40360 CVE - 2023-40360 ELSA-2024-12605

CentOS Linux: CVE-2023-38497: Important: rust security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 08/04/2023 Created 08/29/2023 Added 08/29/2023 Modified 01/28/2025 Description Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. Solution(s) centos-upgrade-cargo centos-upgrade-cargo-debuginfo centos-upgrade-clippy centos-upgrade-clippy-debuginfo centos-upgrade-rust centos-upgrade-rust-analysis centos-upgrade-rust-analyzer centos-upgrade-rust-analyzer-debuginfo centos-upgrade-rust-debugger-common centos-upgrade-rust-debuginfo centos-upgrade-rust-debugsource centos-upgrade-rust-doc centos-upgrade-rust-gdb centos-upgrade-rust-lldb centos-upgrade-rust-src centos-upgrade-rust-std-static centos-upgrade-rust-std-static-wasm32-unknown-unknown centos-upgrade-rust-std-static-wasm32-wasi centos-upgrade-rust-toolset centos-upgrade-rustfmt centos-upgrade-rustfmt-debuginfo References CVE-2023-38497

Oracle Linux: CVE-2023-4155: ELSA-2023-7077:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:M/C:N/I:N/A:C) Published 08/04/2023 Created 11/18/2023 Added 11/16/2023 Modified 01/07/2025 Description A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`). Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-4155 CVE - 2023-4155 ELSA-2023-7077 ELSA-2023-6583

VMware Photon OS: CVE-2023-38697 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 08/04/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn't contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-38697 CVE - 2023-38697

SUSE: CVE-2023-38497: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 08/04/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. Solution(s) suse-upgrade-cargo1-71 suse-upgrade-rust1-71 References https://attackerkb.com/topics/cve-2023-38497 CVE - 2023-38497

Alma Linux: CVE-2023-38497: Important: rust-toolset:rhel8 security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 08/04/2023 Created 08/16/2023 Added 08/16/2023 Modified 01/30/2025 Description Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. Solution(s) alma-upgrade-cargo alma-upgrade-clippy alma-upgrade-rust alma-upgrade-rust-analysis alma-upgrade-rust-analyzer alma-upgrade-rust-debugger-common alma-upgrade-rust-doc alma-upgrade-rust-gdb alma-upgrade-rust-lldb alma-upgrade-rust-src alma-upgrade-rust-std-static alma-upgrade-rust-std-static-wasm32-unknown-unknown alma-upgrade-rust-std-static-wasm32-wasi alma-upgrade-rust-toolset alma-upgrade-rustfmt References https://attackerkb.com/topics/cve-2023-38497 CVE - 2023-38497 https://errata.almalinux.org/8/ALSA-2023-4635.html https://errata.almalinux.org/9/ALSA-2023-4634.html

VMware Horizon Connection Server: CVE-2023-34038 Horizon Server information disclosure vulnerability (VMSA-2023-0017) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 08/04/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. Solution(s) vmware-horizon-connection-server-upgrade-2111_2_0 vmware-horizon-connection-server-upgrade-2209_1_0 vmware-horizon-connection-server-upgrade-2212_1_0 vmware-horizon-connection-server-upgrade-2306_0_0 References https://attackerkb.com/topics/cve-2023-34038 CVE - 2023-34038 http://www.vmware.com/security/advisories/VMSA-2023-0017.html

Debian: CVE-2022-4955: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 08/04/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2022-4955 CVE - 2022-4955 DSA-5293-1

Alpine Linux: CVE-2023-38497: Vulnerability in Multiple Components Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 08/04/2023 Created 04/09/2024 Added 03/26/2024 Modified 10/02/2024 Description Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. Solution(s) alpine-linux-upgrade-rust References https://attackerkb.com/topics/cve-2023-38497 CVE - 2023-38497 https://security.alpinelinux.org/vuln/CVE-2023-38497

Amazon Linux AMI 2: CVE-2023-38497: Security patch for rust (ALAS-2023-2223) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 08/04/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/30/2025 Description Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. Solution(s) amazon-linux-ami-2-upgrade-cargo amazon-linux-ami-2-upgrade-clippy amazon-linux-ami-2-upgrade-rust amazon-linux-ami-2-upgrade-rust-analysis amazon-linux-ami-2-upgrade-rust-analyzer amazon-linux-ami-2-upgrade-rust-debugger-common amazon-linux-ami-2-upgrade-rust-debuginfo amazon-linux-ami-2-upgrade-rust-doc amazon-linux-ami-2-upgrade-rust-gdb amazon-linux-ami-2-upgrade-rust-src amazon-linux-ami-2-upgrade-rust-std-static amazon-linux-ami-2-upgrade-rust-toolset amazon-linux-ami-2-upgrade-rustfmt References https://attackerkb.com/topics/cve-2023-38497 AL2/ALAS-2023-2223 CVE - 2023-38497

Gentoo Linux: CVE-2023-38497: Rust: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 08/04/2023 Created 09/24/2024 Added 09/23/2024 Modified 01/30/2025 Description Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. Solution(s) gentoo-linux-upgrade-dev-lang-rust gentoo-linux-upgrade-dev-lang-rust-bin References https://attackerkb.com/topics/cve-2023-38497 CVE - 2023-38497 202409-07

Rocky Linux: CVE-2023-38497: rust-toolset-rhel8 (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 08/04/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. Solution(s) rocky-upgrade-cargo rocky-upgrade-cargo-debuginfo rocky-upgrade-clippy rocky-upgrade-clippy-debuginfo rocky-upgrade-rust rocky-upgrade-rust-analysis rocky-upgrade-rust-analyzer rocky-upgrade-rust-analyzer-debuginfo rocky-upgrade-rust-debuginfo rocky-upgrade-rust-debugsource rocky-upgrade-rust-doc rocky-upgrade-rust-std-static rocky-upgrade-rust-std-static-wasm32-unknown-unknown rocky-upgrade-rust-std-static-wasm32-wasi rocky-upgrade-rust-toolset rocky-upgrade-rustfmt rocky-upgrade-rustfmt-debuginfo References https://attackerkb.com/topics/cve-2023-38497 CVE - 2023-38497 https://errata.rockylinux.org/RLSA-2023:4634 https://errata.rockylinux.org/RLSA-2023:4635

LG Simple Editor Command Injection (CVE-2023-40504) Disclosed 08/04/2023 Created 08/14/2024 Description Unauthenticated Command Injection in LG Simple Editor <= v3.21.0. The vulnerability can be exploited by a remote attacker to inject arbitrary operating system commands which will get executed in the context of NT AUTHORITY\SYSTEM. Author(s) rgod Michael Heinzl Platform Windows Architectures cmd Development Source Code History

Ubuntu: USN-6567-1 (CVE-2023-4135): QEMU vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 08/04/2023 Created 01/10/2024 Added 01/09/2024 Modified 01/28/2025 Description A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed. Solution(s) ubuntu-upgrade-qemu-system ubuntu-upgrade-qemu-system-arm ubuntu-upgrade-qemu-system-mips ubuntu-upgrade-qemu-system-misc ubuntu-upgrade-qemu-system-ppc ubuntu-upgrade-qemu-system-s390x ubuntu-upgrade-qemu-system-sparc ubuntu-upgrade-qemu-system-x86 ubuntu-upgrade-qemu-system-x86-xen ubuntu-upgrade-qemu-system-xen References https://attackerkb.com/topics/cve-2023-4135 CVE - 2023-4135 USN-6567-1

Debian: CVE-2022-41401: openrefine -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 08/04/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. Solution(s) debian-upgrade-openrefine References https://attackerkb.com/topics/cve-2022-41401 CVE - 2022-41401

VMware Horizon Connection Server: CVE-2023-34037 Horizon Server HTTP request smuggling vulnerability (VMSA-2023-0017) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 08/04/2023 Created 03/14/2024 Added 03/13/2024 Modified 01/28/2025 Description VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests. Solution(s) vmware-horizon-connection-server-upgrade-2111_2_0 vmware-horizon-connection-server-upgrade-2209_1_0 vmware-horizon-connection-server-upgrade-2212_1_0 vmware-horizon-connection-server-upgrade-2306_0_0 References https://attackerkb.com/topics/cve-2023-34037 CVE - 2023-34037 http://www.vmware.com/security/advisories/VMSA-2023-0017.html

Red Hat: CVE-2023-38497: cargo does not respect the umask when extracting dependencies (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 08/04/2023 Created 08/29/2023 Added 08/29/2023 Modified 01/30/2025 Description Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. Solution(s) redhat-upgrade-cargo redhat-upgrade-cargo-debuginfo redhat-upgrade-cargo-doc redhat-upgrade-clippy redhat-upgrade-clippy-debuginfo redhat-upgrade-rls redhat-upgrade-rls-debuginfo redhat-upgrade-rust redhat-upgrade-rust-analysis redhat-upgrade-rust-analyzer redhat-upgrade-rust-analyzer-debuginfo redhat-upgrade-rust-debugger-common redhat-upgrade-rust-debuginfo redhat-upgrade-rust-debugsource redhat-upgrade-rust-doc redhat-upgrade-rust-gdb redhat-upgrade-rust-lldb redhat-upgrade-rust-src redhat-upgrade-rust-std-static redhat-upgrade-rust-std-static-wasm32-unknown-unknown redhat-upgrade-rust-std-static-wasm32-wasi redhat-upgrade-rust-toolset redhat-upgrade-rustfmt redhat-upgrade-rustfmt-debuginfo References CVE-2023-38497 RHSA-2023:4634 RHSA-2023:4635 RHSA-2024:3418 RHSA-2024:3428

Huawei EulerOS: CVE-2023-3180: qemu security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. Solution(s) huawei-euleros-2_0_sp9-upgrade-qemu-img References https://attackerkb.com/topics/cve-2023-3180 CVE - 2023-3180 EulerOS-SA-2023-2906

SUSE: CVE-2023-4070: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 08/03/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium suse-upgrade-opera References https://attackerkb.com/topics/cve-2023-4070 CVE - 2023-4070