ISHACK AI BOT

Microsoft Edge Chromium: CVE-2023-4078 Inappropriate implementation in Extensions Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4078 CVE - 2023-4078 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4078

Microsoft Edge Chromium: CVE-2023-4076 Use after free in WebRTC Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4076 CVE - 2023-4076 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4076

Microsoft Edge Chromium: CVE-2023-4069 Type Confusion in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-4069 CVE - 2023-4069 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4069

Ubuntu: (Multiple Advisories) (CVE-2023-4132): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 10/06/2023 Added 10/06/2023 Modified 01/28/2025 Description A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1129-oracle ubuntu-upgrade-linux-image-4-15-0-1150-kvm ubuntu-upgrade-linux-image-4-15-0-1160-gcp ubuntu-upgrade-linux-image-4-15-0-1166-aws ubuntu-upgrade-linux-image-4-15-0-1175-azure ubuntu-upgrade-linux-image-4-15-0-223-generic ubuntu-upgrade-linux-image-4-15-0-223-lowlatency ubuntu-upgrade-linux-image-5-15-0-1030-gkeop ubuntu-upgrade-linux-image-5-15-0-1037-nvidia ubuntu-upgrade-linux-image-5-15-0-1037-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1040-ibm ubuntu-upgrade-linux-image-5-15-0-1040-raspi ubuntu-upgrade-linux-image-5-15-0-1043-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1044-gcp ubuntu-upgrade-linux-image-5-15-0-1044-gke ubuntu-upgrade-linux-image-5-15-0-1044-kvm ubuntu-upgrade-linux-image-5-15-0-1045-oracle ubuntu-upgrade-linux-image-5-15-0-1047-aws ubuntu-upgrade-linux-image-5-15-0-1049-azure ubuntu-upgrade-linux-image-5-15-0-1049-azure-fde ubuntu-upgrade-linux-image-5-15-0-86-generic ubuntu-upgrade-linux-image-5-15-0-86-generic-64k ubuntu-upgrade-linux-image-5-15-0-86-generic-lpae ubuntu-upgrade-linux-image-5-15-0-86-lowlatency ubuntu-upgrade-linux-image-5-15-0-86-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1025-iot ubuntu-upgrade-linux-image-5-4-0-1033-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1060-ibm ubuntu-upgrade-linux-image-5-4-0-1074-bluefield ubuntu-upgrade-linux-image-5-4-0-1080-gkeop ubuntu-upgrade-linux-image-5-4-0-1097-raspi ubuntu-upgrade-linux-image-5-4-0-1102-kvm ubuntu-upgrade-linux-image-5-4-0-1112-oracle ubuntu-upgrade-linux-image-5-4-0-1113-aws ubuntu-upgrade-linux-image-5-4-0-1117-gcp ubuntu-upgrade-linux-image-5-4-0-1119-azure ubuntu-upgrade-linux-image-5-4-0-166-generic ubuntu-upgrade-linux-image-5-4-0-166-generic-lpae ubuntu-upgrade-linux-image-5-4-0-166-lowlatency ubuntu-upgrade-linux-image-6-2-0-1008-starfive ubuntu-upgrade-linux-image-6-2-0-1009-starfive ubuntu-upgrade-linux-image-6-2-0-1011-nvidia ubuntu-upgrade-linux-image-6-2-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-2-0-1015-aws ubuntu-upgrade-linux-image-6-2-0-1015-oracle ubuntu-upgrade-linux-image-6-2-0-1016-azure ubuntu-upgrade-linux-image-6-2-0-1016-azure-fde ubuntu-upgrade-linux-image-6-2-0-1016-kvm ubuntu-upgrade-linux-image-6-2-0-1016-lowlatency ubuntu-upgrade-linux-image-6-2-0-1016-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1016-raspi ubuntu-upgrade-linux-image-6-2-0-1018-gcp ubuntu-upgrade-linux-image-6-2-0-36-generic ubuntu-upgrade-linux-image-6-2-0-36-generic-64k ubuntu-upgrade-linux-image-6-2-0-36-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-2 ubuntu-upgrade-linux-image-nvidia-64k-6-2 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-4132 CVE - 2023-4132 USN-6416-1 USN-6416-2 USN-6416-3 USN-6445-1 USN-6445-2 USN-6462-1 USN-6462-2 USN-6464-1 USN-6466-1 USN-6520-1 USN-6701-1 USN-6701-2 USN-6701-3 USN-6701-4 View more

Ubuntu: (CVE-2023-4133): linux vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-6-2 ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lowlatency ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-riscv ubuntu-upgrade-linux-starfive References https://attackerkb.com/topics/cve-2023-4133 CVE - 2023-4133 https://access.redhat.com/security/cve/CVE-2023-4133 https://bugzilla.redhat.com/show_bug.cgi?id=2221702 https://git.kernel.org/linus/e50b9b9e8610d47b7c22529443e45a16b1ea3a15 https://www.cve.org/CVERecord?id=CVE-2023-4133

CentOS Linux: CVE-2023-0118: Important: Satellite 6.11.5.6 async security update (CESA-2023:5980) Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 08/03/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. Solution(s) centos-upgrade-foreman-cli centos-upgrade-satellite centos-upgrade-satellite-branding centos-upgrade-satellite-cli References CVE-2023-0118

CentOS Linux: CVE-2023-4132: Important: kernel-rt security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-4132

Amazon Linux 2023: CVE-2023-3824: Important priority package update for php8.2 (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:C) Published 08/03/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phar_dir_read() function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing the attacker to corrupt memory or cause a denial of service condition. Solution(s) amazon-linux-2023-upgrade-php8-1 amazon-linux-2023-upgrade-php8-1-bcmath amazon-linux-2023-upgrade-php8-1-bcmath-debuginfo amazon-linux-2023-upgrade-php8-1-cli amazon-linux-2023-upgrade-php8-1-cli-debuginfo amazon-linux-2023-upgrade-php8-1-common amazon-linux-2023-upgrade-php8-1-common-debuginfo amazon-linux-2023-upgrade-php8-1-dba amazon-linux-2023-upgrade-php8-1-dba-debuginfo amazon-linux-2023-upgrade-php8-1-dbg amazon-linux-2023-upgrade-php8-1-dbg-debuginfo amazon-linux-2023-upgrade-php8-1-debuginfo amazon-linux-2023-upgrade-php8-1-debugsource amazon-linux-2023-upgrade-php8-1-devel amazon-linux-2023-upgrade-php8-1-embedded amazon-linux-2023-upgrade-php8-1-embedded-debuginfo amazon-linux-2023-upgrade-php8-1-enchant amazon-linux-2023-upgrade-php8-1-enchant-debuginfo amazon-linux-2023-upgrade-php8-1-ffi amazon-linux-2023-upgrade-php8-1-ffi-debuginfo amazon-linux-2023-upgrade-php8-1-fpm amazon-linux-2023-upgrade-php8-1-fpm-debuginfo amazon-linux-2023-upgrade-php8-1-gd amazon-linux-2023-upgrade-php8-1-gd-debuginfo amazon-linux-2023-upgrade-php8-1-gmp amazon-linux-2023-upgrade-php8-1-gmp-debuginfo amazon-linux-2023-upgrade-php8-1-intl amazon-linux-2023-upgrade-php8-1-intl-debuginfo amazon-linux-2023-upgrade-php8-1-ldap amazon-linux-2023-upgrade-php8-1-ldap-debuginfo amazon-linux-2023-upgrade-php8-1-mbstring amazon-linux-2023-upgrade-php8-1-mbstring-debuginfo amazon-linux-2023-upgrade-php8-1-mysqlnd amazon-linux-2023-upgrade-php8-1-mysqlnd-debuginfo amazon-linux-2023-upgrade-php8-1-odbc amazon-linux-2023-upgrade-php8-1-odbc-debuginfo amazon-linux-2023-upgrade-php8-1-opcache amazon-linux-2023-upgrade-php8-1-opcache-debuginfo amazon-linux-2023-upgrade-php8-1-pdo amazon-linux-2023-upgrade-php8-1-pdo-debuginfo amazon-linux-2023-upgrade-php8-1-pgsql amazon-linux-2023-upgrade-php8-1-pgsql-debuginfo amazon-linux-2023-upgrade-php8-1-process amazon-linux-2023-upgrade-php8-1-process-debuginfo amazon-linux-2023-upgrade-php8-1-pspell amazon-linux-2023-upgrade-php8-1-pspell-debuginfo amazon-linux-2023-upgrade-php8-1-snmp amazon-linux-2023-upgrade-php8-1-snmp-debuginfo amazon-linux-2023-upgrade-php8-1-soap amazon-linux-2023-upgrade-php8-1-soap-debuginfo amazon-linux-2023-upgrade-php8-1-tidy amazon-linux-2023-upgrade-php8-1-tidy-debuginfo amazon-linux-2023-upgrade-php8-1-xml amazon-linux-2023-upgrade-php8-1-xml-debuginfo amazon-linux-2023-upgrade-php8-2 amazon-linux-2023-upgrade-php8-2-bcmath amazon-linux-2023-upgrade-php8-2-bcmath-debuginfo amazon-linux-2023-upgrade-php8-2-cli amazon-linux-2023-upgrade-php8-2-cli-debuginfo amazon-linux-2023-upgrade-php8-2-common amazon-linux-2023-upgrade-php8-2-common-debuginfo amazon-linux-2023-upgrade-php8-2-dba amazon-linux-2023-upgrade-php8-2-dba-debuginfo amazon-linux-2023-upgrade-php8-2-dbg amazon-linux-2023-upgrade-php8-2-dbg-debuginfo amazon-linux-2023-upgrade-php8-2-debuginfo amazon-linux-2023-upgrade-php8-2-debugsource amazon-linux-2023-upgrade-php8-2-devel amazon-linux-2023-upgrade-php8-2-embedded amazon-linux-2023-upgrade-php8-2-embedded-debuginfo amazon-linux-2023-upgrade-php8-2-enchant amazon-linux-2023-upgrade-php8-2-enchant-debuginfo amazon-linux-2023-upgrade-php8-2-ffi amazon-linux-2023-upgrade-php8-2-ffi-debuginfo amazon-linux-2023-upgrade-php8-2-fpm amazon-linux-2023-upgrade-php8-2-fpm-debuginfo amazon-linux-2023-upgrade-php8-2-gd amazon-linux-2023-upgrade-php8-2-gd-debuginfo amazon-linux-2023-upgrade-php8-2-gmp amazon-linux-2023-upgrade-php8-2-gmp-debuginfo amazon-linux-2023-upgrade-php8-2-intl amazon-linux-2023-upgrade-php8-2-intl-debuginfo amazon-linux-2023-upgrade-php8-2-ldap amazon-linux-2023-upgrade-php8-2-ldap-debuginfo amazon-linux-2023-upgrade-php8-2-mbstring amazon-linux-2023-upgrade-php8-2-mbstring-debuginfo amazon-linux-2023-upgrade-php8-2-mysqlnd amazon-linux-2023-upgrade-php8-2-mysqlnd-debuginfo amazon-linux-2023-upgrade-php8-2-odbc amazon-linux-2023-upgrade-php8-2-odbc-debuginfo amazon-linux-2023-upgrade-php8-2-opcache amazon-linux-2023-upgrade-php8-2-opcache-debuginfo amazon-linux-2023-upgrade-php8-2-pdo amazon-linux-2023-upgrade-php8-2-pdo-debuginfo amazon-linux-2023-upgrade-php8-2-pgsql amazon-linux-2023-upgrade-php8-2-pgsql-debuginfo amazon-linux-2023-upgrade-php8-2-process amazon-linux-2023-upgrade-php8-2-process-debuginfo amazon-linux-2023-upgrade-php8-2-pspell amazon-linux-2023-upgrade-php8-2-pspell-debuginfo amazon-linux-2023-upgrade-php8-2-snmp amazon-linux-2023-upgrade-php8-2-snmp-debuginfo amazon-linux-2023-upgrade-php8-2-soap amazon-linux-2023-upgrade-php8-2-soap-debuginfo amazon-linux-2023-upgrade-php8-2-tidy amazon-linux-2023-upgrade-php8-2-tidy-debuginfo amazon-linux-2023-upgrade-php8-2-xml amazon-linux-2023-upgrade-php8-2-xml-debuginfo References https://attackerkb.com/topics/cve-2023-3824 CVE - 2023-3824 https://alas.aws.amazon.com/AL2023/ALAS-2023-324.html https://alas.aws.amazon.com/AL2023/ALAS-2023-325.html

VMware Photon OS: CVE-2023-4073 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4073 CVE - 2023-4073

Huawei EulerOS: CVE-2023-4133: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4133 CVE - 2023-4133 EulerOS-SA-2023-3033

Huawei EulerOS: CVE-2023-4132: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-4132 CVE - 2023-4132 EulerOS-SA-2023-3033

FreeBSD: (Multiple Advisories) (CVE-2023-4074): electron25 -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/09/2023 Added 08/05/2023 Modified 01/28/2025 Description Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron25 freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4074

FreeBSD: (Multiple Advisories) (CVE-2023-4072): electron25 -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 08/09/2023 Added 08/05/2023 Modified 01/28/2025 Description Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron25 freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4072

Alma Linux: CVE-2023-4133: Moderate: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 06/01/2024 Added 05/31/2024 Modified 01/28/2025 Description A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-libperf alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla alma-upgrade-rv References https://attackerkb.com/topics/cve-2023-4133 CVE - 2023-4133 https://errata.almalinux.org/8/ALSA-2024-2950.html https://errata.almalinux.org/8/ALSA-2024-3138.html https://errata.almalinux.org/9/ALSA-2024-2394.html

Oracle Linux: CVE-2023-3180: ELSA-2023-12834:qemu security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 08/03/2023 Created 09/25/2023 Added 09/23/2023 Modified 01/08/2025 Description A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. Solution(s) oracle-linux-upgrade-hivex oracle-linux-upgrade-hivex-devel oracle-linux-upgrade-ivshmem-tools oracle-linux-upgrade-libguestfs oracle-linux-upgrade-libguestfs-appliance oracle-linux-upgrade-libguestfs-bash-completion oracle-linux-upgrade-libguestfs-benchmarking oracle-linux-upgrade-libguestfs-devel oracle-linux-upgrade-libguestfs-gfs2 oracle-linux-upgrade-libguestfs-gobject oracle-linux-upgrade-libguestfs-gobject-devel oracle-linux-upgrade-libguestfs-inspect-icons oracle-linux-upgrade-libguestfs-java oracle-linux-upgrade-libguestfs-java-devel oracle-linux-upgrade-libguestfs-javadoc oracle-linux-upgrade-libguestfs-man-pages-ja oracle-linux-upgrade-libguestfs-man-pages-uk oracle-linux-upgrade-libguestfs-rescue oracle-linux-upgrade-libguestfs-rsync oracle-linux-upgrade-libguestfs-tools oracle-linux-upgrade-libguestfs-tools-c oracle-linux-upgrade-libguestfs-winsupport oracle-linux-upgrade-libguestfs-xfs oracle-linux-upgrade-libiscsi oracle-linux-upgrade-libiscsi-devel oracle-linux-upgrade-libiscsi-utils oracle-linux-upgrade-libnbd oracle-linux-upgrade-libnbd-bash-completion oracle-linux-upgrade-libnbd-devel oracle-linux-upgrade-libtpms oracle-linux-upgrade-libtpms-devel oracle-linux-upgrade-libvirt oracle-linux-upgrade-libvirt-admin oracle-linux-upgrade-libvirt-bash-completion oracle-linux-upgrade-libvirt-client oracle-linux-upgrade-libvirt-client-qemu oracle-linux-upgrade-libvirt-daemon oracle-linux-upgrade-libvirt-daemon-config-network oracle-linux-upgrade-libvirt-daemon-config-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-interface oracle-linux-upgrade-libvirt-daemon-driver-network oracle-linux-upgrade-libvirt-daemon-driver-nodedev oracle-linux-upgrade-libvirt-daemon-driver-nwfilter oracle-linux-upgrade-libvirt-daemon-driver-qemu oracle-linux-upgrade-libvirt-daemon-driver-secret oracle-linux-upgrade-libvirt-daemon-driver-storage oracle-linux-upgrade-libvirt-daemon-driver-storage-core oracle-linux-upgrade-libvirt-daemon-driver-storage-disk oracle-linux-upgrade-libvirt-daemon-driver-storage-gluster oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi oracle-linux-upgrade-libvirt-daemon-driver-storage-iscsi-direct oracle-linux-upgrade-libvirt-daemon-driver-storage-logical oracle-linux-upgrade-libvirt-daemon-driver-storage-mpath oracle-linux-upgrade-libvirt-daemon-driver-storage-rbd oracle-linux-upgrade-libvirt-daemon-driver-storage-scsi oracle-linux-upgrade-libvirt-daemon-kvm oracle-linux-upgrade-libvirt-dbus oracle-linux-upgrade-libvirt-devel oracle-linux-upgrade-libvirt-docs oracle-linux-upgrade-libvirt-libs oracle-linux-upgrade-libvirt-lock-sanlock oracle-linux-upgrade-libvirt-nss oracle-linux-upgrade-libvirt-wireshark oracle-linux-upgrade-lua-guestfs oracle-linux-upgrade-nbdfuse oracle-linux-upgrade-nbdkit oracle-linux-upgrade-nbdkit-bash-completion oracle-linux-upgrade-nbdkit-basic-filters oracle-linux-upgrade-nbdkit-basic-plugins oracle-linux-upgrade-nbdkit-curl-plugin oracle-linux-upgrade-nbdkit-devel oracle-linux-upgrade-nbdkit-example-plugins oracle-linux-upgrade-nbdkit-gzip-filter oracle-linux-upgrade-nbdkit-gzip-plugin oracle-linux-upgrade-nbdkit-linuxdisk-plugin oracle-linux-upgrade-nbdkit-nbd-plugin oracle-linux-upgrade-nbdkit-python-plugin oracle-linux-upgrade-nbdkit-server oracle-linux-upgrade-nbdkit-ssh-plugin oracle-linux-upgrade-nbdkit-tar-filter oracle-linux-upgrade-nbdkit-tar-plugin oracle-linux-upgrade-nbdkit-tmpdisk-plugin oracle-linux-upgrade-nbdkit-vddk-plugin oracle-linux-upgrade-nbdkit-xz-filter oracle-linux-upgrade-netcf oracle-linux-upgrade-netcf-devel oracle-linux-upgrade-netcf-libs oracle-linux-upgrade-perl-hivex oracle-linux-upgrade-perl-sys-guestfs oracle-linux-upgrade-perl-sys-virt oracle-linux-upgrade-python3-hivex oracle-linux-upgrade-python3-libguestfs oracle-linux-upgrade-python3-libnbd oracle-linux-upgrade-python3-libvirt oracle-linux-upgrade-qemu oracle-linux-upgrade-qemu-block-gluster oracle-linux-upgrade-qemu-block-iscsi oracle-linux-upgrade-qemu-block-rbd oracle-linux-upgrade-qemu-common oracle-linux-upgrade-qemu-guest-agent oracle-linux-upgrade-qemu-img oracle-linux-upgrade-qemu-kvm oracle-linux-upgrade-qemu-kvm-block-curl oracle-linux-upgrade-qemu-kvm-block-gluster oracle-linux-upgrade-qemu-kvm-block-iscsi oracle-linux-upgrade-qemu-kvm-block-rbd oracle-linux-upgrade-qemu-kvm-block-ssh oracle-linux-upgrade-qemu-kvm-common oracle-linux-upgrade-qemu-kvm-core oracle-linux-upgrade-qemu-system-aarch64 oracle-linux-upgrade-qemu-system-aarch64-core oracle-linux-upgrade-qemu-system-x86 oracle-linux-upgrade-qemu-system-x86-core oracle-linux-upgrade-qemu-virtiofsd oracle-linux-upgrade-ruby-hivex oracle-linux-upgrade-ruby-libguestfs oracle-linux-upgrade-seabios oracle-linux-upgrade-seabios-bin oracle-linux-upgrade-seavgabios-bin oracle-linux-upgrade-sgabios oracle-linux-upgrade-sgabios-bin oracle-linux-upgrade-supermin oracle-linux-upgrade-supermin-devel oracle-linux-upgrade-swtpm oracle-linux-upgrade-swtpm-devel oracle-linux-upgrade-swtpm-libs oracle-linux-upgrade-swtpm-tools oracle-linux-upgrade-swtpm-tools-pkcs11 oracle-linux-upgrade-virt-dib oracle-linux-upgrade-virt-v2v oracle-linux-upgrade-virt-v2v-bash-completion oracle-linux-upgrade-virt-v2v-man-pages-ja oracle-linux-upgrade-virt-v2v-man-pages-uk References https://attackerkb.com/topics/cve-2023-3180 CVE - 2023-3180 ELSA-2023-12834 ELSA-2024-12152 ELSA-2023-12855 ELSA-2023-12835

SUSE: CVE-2023-3180: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 08/03/2023 Created 08/29/2023 Added 08/29/2023 Modified 01/28/2025 Description A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. Solution(s) suse-upgrade-qemu suse-upgrade-qemu-accel-qtest suse-upgrade-qemu-accel-tcg-x86 suse-upgrade-qemu-arm suse-upgrade-qemu-audio-alsa suse-upgrade-qemu-audio-dbus suse-upgrade-qemu-audio-jack suse-upgrade-qemu-audio-oss suse-upgrade-qemu-audio-pa suse-upgrade-qemu-audio-sdl suse-upgrade-qemu-audio-spice suse-upgrade-qemu-block-curl suse-upgrade-qemu-block-dmg suse-upgrade-qemu-block-gluster suse-upgrade-qemu-block-iscsi suse-upgrade-qemu-block-nfs suse-upgrade-qemu-block-rbd suse-upgrade-qemu-block-ssh suse-upgrade-qemu-chardev-baum suse-upgrade-qemu-chardev-spice suse-upgrade-qemu-extra suse-upgrade-qemu-guest-agent suse-upgrade-qemu-hw-display-qxl suse-upgrade-qemu-hw-display-virtio-gpu suse-upgrade-qemu-hw-display-virtio-gpu-pci suse-upgrade-qemu-hw-display-virtio-vga suse-upgrade-qemu-hw-s390x-virtio-gpu-ccw suse-upgrade-qemu-hw-usb-host suse-upgrade-qemu-hw-usb-redirect suse-upgrade-qemu-hw-usb-smartcard suse-upgrade-qemu-ipxe suse-upgrade-qemu-ivshmem-tools suse-upgrade-qemu-ksm suse-upgrade-qemu-kvm suse-upgrade-qemu-lang suse-upgrade-qemu-microvm suse-upgrade-qemu-ppc suse-upgrade-qemu-s390 suse-upgrade-qemu-s390x suse-upgrade-qemu-seabios suse-upgrade-qemu-sgabios suse-upgrade-qemu-skiboot suse-upgrade-qemu-slof suse-upgrade-qemu-tools suse-upgrade-qemu-ui-curses suse-upgrade-qemu-ui-dbus suse-upgrade-qemu-ui-gtk suse-upgrade-qemu-ui-opengl suse-upgrade-qemu-ui-sdl suse-upgrade-qemu-ui-spice-app suse-upgrade-qemu-ui-spice-core suse-upgrade-qemu-vgabios suse-upgrade-qemu-vhost-user-gpu suse-upgrade-qemu-x86 References https://attackerkb.com/topics/cve-2023-3180 CVE - 2023-3180

Gentoo Linux: CVE-2023-4076: QtWebEngine: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/03/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-dev-qt-qtwebengine gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4076 CVE - 2023-4076 202311-11 202312-07 202401-34

Amazon Linux 2023: CVE-2023-38497: Important priority package update for rust Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 08/03/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. A flaw was found in the rust-cargo package. Cargo, as bundled with the Rust compiler, did not respect the umask when extracting dependency tarballs and caching the extraction for future builds. If a dependency contained files with 0777 permissions, another local user could edit the cache of the extracted source code, potentially executing arbitrary code with the privileges of the user running Cargo during the next build. Solution(s) amazon-linux-2023-upgrade-cargo amazon-linux-2023-upgrade-cargo-debuginfo amazon-linux-2023-upgrade-clippy amazon-linux-2023-upgrade-clippy-debuginfo amazon-linux-2023-upgrade-rust amazon-linux-2023-upgrade-rust-analysis amazon-linux-2023-upgrade-rust-analyzer amazon-linux-2023-upgrade-rust-analyzer-debuginfo amazon-linux-2023-upgrade-rust-debugger-common amazon-linux-2023-upgrade-rust-debuginfo amazon-linux-2023-upgrade-rust-debugsource amazon-linux-2023-upgrade-rust-doc amazon-linux-2023-upgrade-rustfmt amazon-linux-2023-upgrade-rustfmt-debuginfo amazon-linux-2023-upgrade-rust-gdb amazon-linux-2023-upgrade-rust-lldb amazon-linux-2023-upgrade-rust-src amazon-linux-2023-upgrade-rust-std-static amazon-linux-2023-upgrade-rust-std-static-wasm32-unknown-unknown amazon-linux-2023-upgrade-rust-std-static-wasm32-wasi References https://attackerkb.com/topics/cve-2023-38497 CVE - 2023-38497 https://alas.aws.amazon.com/AL2023/ALAS-2023-323.html

Amazon Linux 2023: CVE-2023-4194: Important priority package update for kernel Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 08/03/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-49-69-116 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-4194 CVE - 2023-4194 https://alas.aws.amazon.com/AL2023/ALAS-2023-330.html

Red Hat OpenShift: CVE-2023-3978: golang.org/x/net/html: Cross site scripting Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/02/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. Solution(s) linuxrpm-upgrade-openshift-clients linuxrpm-upgrade-podman References https://attackerkb.com/topics/cve-2023-3978 CVE - 2023-3978 RHSA-2023:5006 RHSA-2023:5007 RHSA-2023:5009 RHSA-2023:5888 RHSA-2023:6031 RHSA-2023:6474 RHSA-2023:6832 RHSA-2023:6837 RHSA-2023:6938 RHSA-2023:6939 RHSA-2023:7197 RHSA-2023:7198 RHSA-2023:7216 RHSA-2023:7315 RHSA-2024:0485 RHSA-2024:0944 RHSA-2024:10523 RHSA-2024:1891 View more

Amazon Linux 2023: CVE-2023-29409: Medium priority package update for amazon-cloudwatch-agent (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/02/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition. Solution(s) amazon-linux-2023-upgrade-amazon-cloudwatch-agent amazon-linux-2023-upgrade-amazon-ecr-credential-helper amazon-linux-2023-upgrade-amazon-ssm-agent amazon-linux-2023-upgrade-amazon-ssm-agent-debuginfo amazon-linux-2023-upgrade-amazon-ssm-agent-debugsource amazon-linux-2023-upgrade-cni-plugins amazon-linux-2023-upgrade-cni-plugins-debuginfo amazon-linux-2023-upgrade-cni-plugins-debugsource amazon-linux-2023-upgrade-containerd amazon-linux-2023-upgrade-containerd-debuginfo amazon-linux-2023-upgrade-containerd-debugsource amazon-linux-2023-upgrade-containerd-stress amazon-linux-2023-upgrade-containerd-stress-debuginfo amazon-linux-2023-upgrade-docker amazon-linux-2023-upgrade-docker-debuginfo amazon-linux-2023-upgrade-docker-debugsource amazon-linux-2023-upgrade-golang amazon-linux-2023-upgrade-golang-bin amazon-linux-2023-upgrade-golang-docs amazon-linux-2023-upgrade-golang-misc amazon-linux-2023-upgrade-golang-shared amazon-linux-2023-upgrade-golang-src amazon-linux-2023-upgrade-golang-tests amazon-linux-2023-upgrade-nerdctl References https://attackerkb.com/topics/cve-2023-29409 CVE - 2023-29409 https://alas.aws.amazon.com/AL2023/ALAS-2023-307.html https://alas.aws.amazon.com/AL2023/ALAS-2023-308.html https://alas.aws.amazon.com/AL2023/ALAS-2023-309.html https://alas.aws.amazon.com/AL2023/ALAS-2023-310.html https://alas.aws.amazon.com/AL2023/ALAS-2023-338.html https://alas.aws.amazon.com/AL2023/ALAS-2023-345.html https://alas.aws.amazon.com/AL2023/ALAS-2023-346.html https://alas.aws.amazon.com/AL2023/ALAS-2023-373.html View more

SUSE: CVE-2023-29409: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/02/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Solution(s) suse-upgrade-go1-19 suse-upgrade-go1-19-doc suse-upgrade-go1-19-openssl suse-upgrade-go1-19-openssl-doc suse-upgrade-go1-19-openssl-race suse-upgrade-go1-19-race suse-upgrade-go1-20 suse-upgrade-go1-20-doc suse-upgrade-go1-20-openssl suse-upgrade-go1-20-openssl-doc suse-upgrade-go1-20-openssl-race suse-upgrade-go1-20-race suse-upgrade-golang-github-lusitaniae-apache_exporter suse-upgrade-golang-github-prometheus-alertmanager suse-upgrade-golang-github-prometheus-node_exporter suse-upgrade-golang-github-qubitproducts-exporter_exporter suse-upgrade-grafana suse-upgrade-prometheus-blackbox_exporter suse-upgrade-prometheus-postgres_exporter suse-upgrade-spacecmd suse-upgrade-supportutils-plugin-susemanager-client References https://attackerkb.com/topics/cve-2023-29409 CVE - 2023-29409

Red Hat OpenShift: CVE-2023-29409: golang: crypto/tls: slow verification of certificate chains containing large RSA keys Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/02/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Solution(s) linuxrpm-upgrade-microshift linuxrpm-upgrade-openshift linuxrpm-upgrade-openshift-clients linuxrpm-upgrade-podman linuxrpm-upgrade-runc References https://attackerkb.com/topics/cve-2023-29409 CVE - 2023-29409 RHSA-2023:5009 RHSA-2023:5530 RHSA-2023:5541 RHSA-2023:5721 RHSA-2023:5738 RHSA-2023:5805 RHSA-2023:5933 RHSA-2023:5935 RHSA-2023:5947 RHSA-2023:5964 RHSA-2023:5965 RHSA-2023:5969 RHSA-2023:5971 RHSA-2023:5974 RHSA-2023:5976 RHSA-2023:6031 RHSA-2023:6085 RHSA-2023:6115 RHSA-2023:6161 RHSA-2023:6279 RHSA-2023:6296 RHSA-2023:6298 RHSA-2023:6840 RHSA-2023:7762 RHSA-2023:7763 RHSA-2023:7764 RHSA-2023:7765 RHSA-2023:7766 RHSA-2024:0121 RHSA-2024:0292 RHSA-2024:0293 RHSA-2024:1027 RHSA-2024:1383 RHSA-2024:2988 View more

Amazon Linux 2023: CVE-2023-40305: Medium priority package update for indent Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 08/02/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file. A flaw was found in indent, a program for formatting C code. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash. Solution(s) amazon-linux-2023-upgrade-indent amazon-linux-2023-upgrade-indent-debuginfo amazon-linux-2023-upgrade-indent-debugsource References https://attackerkb.com/topics/cve-2023-40305 CVE - 2023-40305 https://alas.aws.amazon.com/AL2023/ALAS-2023-318.html

VMware Photon OS: CVE-2023-4016 Severity 1 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:P) Published 08/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4016 CVE - 2023-4016