ISHACK AI BOT

Alpine Linux: CVE-2023-29409: Uncontrolled Resource Consumption Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/02/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Solution(s) alpine-linux-upgrade-go References https://attackerkb.com/topics/cve-2023-29409 CVE - 2023-29409 https://security.alpinelinux.org/vuln/CVE-2023-29409

Rocky Linux: CVE-2023-4016: procps-ng (RLSA-2023-7187) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/02/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Solution(s) rocky-upgrade-procps-ng rocky-upgrade-procps-ng-debuginfo rocky-upgrade-procps-ng-debugsource rocky-upgrade-procps-ng-devel References https://attackerkb.com/topics/cve-2023-4016 CVE - 2023-4016 https://errata.rockylinux.org/RLSA-2023:7187

Amazon Linux AMI: CVE-2023-29409: Security patch for containerd ((Multiple Advisories)) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/02/2023 Created 10/11/2023 Added 10/07/2023 Modified 01/28/2025 Description Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Solution(s) amazon-linux-upgrade-containerd amazon-linux-upgrade-golang References ALAS-2023-1849 CVE-2023-29409

OS X update for TCC (CVE-2022-26699) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/02/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to cause a denial-of-service to Endpoint Security clients. Solution(s) apple-osx-upgrade-13 References https://attackerkb.com/topics/cve-2022-26699 CVE - 2022-26699 https://support.apple.com/kb/HT213488

Alma Linux: CVE-2023-4016: Low: procps-ng security update (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/02/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Solution(s) alma-upgrade-procps-ng alma-upgrade-procps-ng-devel alma-upgrade-procps-ng-i18n References https://attackerkb.com/topics/cve-2023-4016 CVE - 2023-4016 https://errata.almalinux.org/8/ALSA-2023-7187.html https://errata.almalinux.org/9/ALSA-2023-6705.html

OS X update for VPN (CVE-2022-42828) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/02/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. Solution(s) apple-osx-upgrade-13 References https://attackerkb.com/topics/cve-2022-42828 CVE - 2022-42828 https://support.apple.com/kb/HT213488

Red Hat: CVE-2023-29409: slow verification of certificate chains containing large RSA keys (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/02/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-delve redhat-upgrade-delve-debuginfo redhat-upgrade-delve-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-go-toolset redhat-upgrade-golang redhat-upgrade-golang-bin redhat-upgrade-golang-docs redhat-upgrade-golang-misc redhat-upgrade-golang-race redhat-upgrade-golang-src redhat-upgrade-golang-tests redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-debuginfo redhat-upgrade-skopeo-debugsource redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2023-29409 RHSA-2023:5721 RHSA-2023:5738 RHSA-2023:7762 RHSA-2023:7763 RHSA-2023:7764 RHSA-2023:7765 RHSA-2023:7766 RHSA-2024:0121 RHSA-2024:2988 View more

OS X update for WebKit (CVE-2023-28198) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/02/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-28198 CVE - 2023-28198 https://support.apple.com/kb/HT213670

F5 Networks: CVE-2023-38138: K000133474: BIG-IP Configuration utility vulnerability CVE-2023-38138 Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 08/02/2023 Created 12/08/2023 Added 12/07/2023 Modified 01/28/2025 Description A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-38138 CVE - 2023-38138 https://my.f5.com/manage/s/article/K000133474

Ivanti EPMM/MobileIron Core: CVE-2023-35082: Authentication Bypass Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/02/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/19/2024 Description Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass. This is considered to be a patch bypass for CVE-2023-35078. Update: As of 7th August Ivanti has found that this vulnerability impacts all versions of Ivanti Endpoint Manager Mobile (EPMM) 11.10, 11.9 and 11.8 and MobileIron Core 11.7 and below. Solution(s) ivantiepmm-cve-2023-35082 References https://attackerkb.com/topics/cve-2023-35082 CVE - 2023-35082 https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/

SUSE: CVE-2023-4016: SUSE Linux Security Advisory Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/02/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Solution(s) suse-upgrade-libprocps3 suse-upgrade-libprocps7 suse-upgrade-procps suse-upgrade-procps-devel References https://attackerkb.com/topics/cve-2023-4016 CVE - 2023-4016

OS X update for WebKit PDF (CVE-2023-32358) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/02/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. Solution(s) apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-32358 CVE - 2023-32358 https://support.apple.com/kb/HT213670

VMware Photon OS: CVE-2023-29409 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/02/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-29409 CVE - 2023-29409

Ubuntu: USN-6268-1 (CVE-2023-37328): GStreamer Base Plugins vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/02/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20994. Solution(s) ubuntu-upgrade-gstreamer1-0-plugins-base References https://attackerkb.com/topics/cve-2023-37328 CVE - 2023-37328 USN-6268-1

Ubuntu: USN-6477-1 (CVE-2023-4016): procps-ng vulnerability Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/02/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Solution(s) ubuntu-pro-upgrade-procps References https://attackerkb.com/topics/cve-2023-4016 CVE - 2023-4016 USN-6477-1

Ubuntu: (Multiple Advisories) (CVE-2023-37327): GStreamer Base Plugins vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/02/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description GStreamer FLAC File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of FLAC audio files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20775. Solution(s) ubuntu-upgrade-gstreamer1-0-plugins-base ubuntu-upgrade-gstreamer1-0-plugins-good References https://attackerkb.com/topics/cve-2023-37327 CVE - 2023-37327 USN-6268-1 USN-6269-1

CentOS Linux: CVE-2023-29409: Important: go-toolset and golang security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/02/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Solution(s) centos-upgrade-aardvark-dns centos-upgrade-buildah centos-upgrade-buildah-debuginfo centos-upgrade-buildah-debugsource centos-upgrade-buildah-tests centos-upgrade-buildah-tests-debuginfo centos-upgrade-cockpit-podman centos-upgrade-conmon centos-upgrade-conmon-debuginfo centos-upgrade-conmon-debugsource centos-upgrade-container-selinux centos-upgrade-containernetworking-plugins centos-upgrade-containernetworking-plugins-debuginfo centos-upgrade-containernetworking-plugins-debugsource centos-upgrade-containers-common centos-upgrade-crit centos-upgrade-criu centos-upgrade-criu-debuginfo centos-upgrade-criu-debugsource centos-upgrade-criu-devel centos-upgrade-criu-libs centos-upgrade-criu-libs-debuginfo centos-upgrade-crun centos-upgrade-crun-debuginfo centos-upgrade-crun-debugsource centos-upgrade-fuse-overlayfs centos-upgrade-fuse-overlayfs-debuginfo centos-upgrade-fuse-overlayfs-debugsource centos-upgrade-go-toolset centos-upgrade-golang centos-upgrade-golang-bin centos-upgrade-golang-docs centos-upgrade-golang-misc centos-upgrade-golang-race centos-upgrade-golang-src centos-upgrade-golang-tests centos-upgrade-libslirp centos-upgrade-libslirp-debuginfo centos-upgrade-libslirp-debugsource centos-upgrade-libslirp-devel centos-upgrade-netavark centos-upgrade-oci-seccomp-bpf-hook centos-upgrade-oci-seccomp-bpf-hook-debuginfo centos-upgrade-oci-seccomp-bpf-hook-debugsource centos-upgrade-podman centos-upgrade-podman-catatonit centos-upgrade-podman-catatonit-debuginfo centos-upgrade-podman-debuginfo centos-upgrade-podman-debugsource centos-upgrade-podman-docker centos-upgrade-podman-gvproxy centos-upgrade-podman-gvproxy-debuginfo centos-upgrade-podman-plugins centos-upgrade-podman-plugins-debuginfo centos-upgrade-podman-remote centos-upgrade-podman-remote-debuginfo centos-upgrade-podman-tests centos-upgrade-python3-criu centos-upgrade-python3-podman centos-upgrade-runc centos-upgrade-runc-debuginfo centos-upgrade-runc-debugsource centos-upgrade-skopeo centos-upgrade-skopeo-debuginfo centos-upgrade-skopeo-debugsource centos-upgrade-skopeo-tests centos-upgrade-slirp4netns centos-upgrade-slirp4netns-debuginfo centos-upgrade-slirp4netns-debugsource centos-upgrade-toolbox centos-upgrade-toolbox-debuginfo centos-upgrade-toolbox-debugsource centos-upgrade-toolbox-tests centos-upgrade-udica References CVE-2023-29409

CentOS Linux: CVE-2023-4016: Low: procps-ng security and bug fix update (Multiple Advisories) Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/02/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Solution(s) centos-upgrade-procps-ng centos-upgrade-procps-ng-debuginfo centos-upgrade-procps-ng-debugsource centos-upgrade-procps-ng-i18n References CVE-2023-4016

Amazon Linux 2023: CVE-2023-3978: Medium priority package update for nerdctl (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 08/02/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. A flaw was found in the Golang HTML package where it is vulnerable to Cross-site scripting caused by the improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim&apos;s web browser within the security context of the hosting website once the URL is clicked. The flaw allows an attacker to steal the victim&apos;s cookie-based authentication credentials. Solution(s) amazon-linux-2023-upgrade-amazon-ssm-agent amazon-linux-2023-upgrade-amazon-ssm-agent-debuginfo amazon-linux-2023-upgrade-amazon-ssm-agent-debugsource amazon-linux-2023-upgrade-ecs-init amazon-linux-2023-upgrade-nerdctl References https://attackerkb.com/topics/cve-2023-3978 CVE - 2023-3978 https://alas.aws.amazon.com/AL2023/ALAS-2023-366.html https://alas.aws.amazon.com/AL2023/ALAS-2023-373.html https://alas.aws.amazon.com/AL2023/ALAS-2024-476.html

Huawei EulerOS: CVE-2023-4016: procps-ng security update Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:P) Published 08/02/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. Solution(s) huawei-euleros-2_0_sp5-upgrade-procps-ng References https://attackerkb.com/topics/cve-2023-4016 CVE - 2023-4016 EulerOS-SA-2024-1159

F5 Networks: CVE-2023-38419: K000133472: BIG-IP and BIG-IQ iControl SOAP vulnerability CVE-2023-38419 Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:P) Published 08/02/2023 Created 12/08/2023 Added 12/07/2023 Modified 01/28/2025 Description An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-38419 CVE - 2023-38419 https://my.f5.com/manage/s/article/K000133472

F5 Networks: CVE-2023-38423: K000134535: BIG-IP Configuration utility vulnerability CVE-2023-38423 Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 08/02/2023 Created 12/07/2023 Added 12/06/2023 Modified 01/28/2025 Description A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-38423 CVE - 2023-38423 https://my.f5.com/manage/s/article/K000134535

F5 Networks: CVE-2023-38418: K000134746: BIG-IP Edge Client for macOS vulnerability CVE-2023-38418 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/02/2023 Created 01/10/2024 Added 01/09/2024 Modified 01/28/2025 Description The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-38418 CVE - 2023-38418 https://my.f5.com/manage/s/article/K000134746

F5 Networks: CVE-2023-36858: K000132563: BIG-IP Edge Client for Windows and macOS vulnerability CVE-2023-36858 Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 08/02/2023 Created 01/12/2024 Added 01/11/2024 Modified 01/28/2025 Description An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-36858 CVE - 2023-36858 https://my.f5.com/manage/s/article/K000132563

Huawei EulerOS: CVE-2023-29409: golang security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/02/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. Solution(s) huawei-euleros-2_0_sp5-upgrade-golang huawei-euleros-2_0_sp5-upgrade-golang-bin huawei-euleros-2_0_sp5-upgrade-golang-src References https://attackerkb.com/topics/cve-2023-29409 CVE - 2023-29409 EulerOS-SA-2024-1140