ISHACK AI BOT

Alma Linux: CVE-2023-3817: Low: openssl security update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 12/22/2023 Added 12/21/2023 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) alma-upgrade-openssl alma-upgrade-openssl-devel alma-upgrade-openssl-libs alma-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817 https://errata.almalinux.org/8/ALSA-2023-7877.html https://errata.almalinux.org/9/ALSA-2024-2447.html

SUSE: CVE-2023-3817: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) suse-upgrade-libopenssl-1_0_0-devel suse-upgrade-libopenssl-1_0_0-devel-32bit suse-upgrade-libopenssl-1_1-devel suse-upgrade-libopenssl-1_1-devel-32bit suse-upgrade-libopenssl-3-devel suse-upgrade-libopenssl-3-devel-32bit suse-upgrade-libopenssl-devel suse-upgrade-libopenssl10 suse-upgrade-libopenssl1_0_0 suse-upgrade-libopenssl1_0_0-32bit suse-upgrade-libopenssl1_0_0-hmac suse-upgrade-libopenssl1_0_0-hmac-32bit suse-upgrade-libopenssl1_0_0-steam suse-upgrade-libopenssl1_0_0-steam-32bit suse-upgrade-libopenssl1_1 suse-upgrade-libopenssl1_1-32bit suse-upgrade-libopenssl1_1-hmac suse-upgrade-libopenssl1_1-hmac-32bit suse-upgrade-libopenssl3 suse-upgrade-libopenssl3-32bit suse-upgrade-openssl suse-upgrade-openssl-1_0_0 suse-upgrade-openssl-1_0_0-cavs suse-upgrade-openssl-1_0_0-doc suse-upgrade-openssl-1_1 suse-upgrade-openssl-1_1-doc suse-upgrade-openssl-3 suse-upgrade-openssl-3-doc suse-upgrade-openssl-doc References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817

SUSE: CVE-2023-34872: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/31/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. Solution(s) suse-upgrade-libpoppler-cpp0 suse-upgrade-libpoppler-cpp0-32bit suse-upgrade-libpoppler-devel suse-upgrade-libpoppler-glib-devel suse-upgrade-libpoppler-glib8 suse-upgrade-libpoppler-glib8-32bit suse-upgrade-libpoppler-qt5-1 suse-upgrade-libpoppler-qt5-1-32bit suse-upgrade-libpoppler-qt5-devel suse-upgrade-libpoppler-qt6-3 suse-upgrade-libpoppler-qt6-devel suse-upgrade-libpoppler117 suse-upgrade-libpoppler117-32bit suse-upgrade-libpoppler126 suse-upgrade-libpoppler126-32bit suse-upgrade-poppler-tools suse-upgrade-typelib-1_0-poppler-0_18 References https://attackerkb.com/topics/cve-2023-34872 CVE - 2023-34872

Debian: CVE-2023-4004: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/31/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/30/2025 Description A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-4004 CVE - 2023-4004 DSA-5480-1

IBM AIX: openssl_advisory39 (CVE-2023-3817): Vulnerability in openssl affects AIX Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 09/13/2023 Added 09/12/2023 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) ibm-aix-openssl_advisory39 References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817 https://aix.software.ibm.com/aix/efixes/security/openssl_advisory39.asc

Ubuntu: USN-6273-1 (CVE-2023-34872): poppler vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/31/2023 Created 08/04/2023 Added 08/04/2023 Modified 01/28/2025 Description A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. Solution(s) ubuntu-upgrade-libpoppler118 ubuntu-upgrade-libpoppler126 References https://attackerkb.com/topics/cve-2023-34872 CVE - 2023-34872 USN-6273-1

Ubuntu: (Multiple Advisories) (CVE-2023-4004): Linux kernel vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/31/2023 Created 08/31/2023 Added 08/31/2023 Modified 01/30/2025 Description A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1026-gkeop ubuntu-upgrade-linux-image-5-15-0-1031-nvidia ubuntu-upgrade-linux-image-5-15-0-1031-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1036-ibm ubuntu-upgrade-linux-image-5-15-0-1036-raspi ubuntu-upgrade-linux-image-5-15-0-1038-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1040-gcp ubuntu-upgrade-linux-image-5-15-0-1040-gke ubuntu-upgrade-linux-image-5-15-0-1040-kvm ubuntu-upgrade-linux-image-5-15-0-1041-oracle ubuntu-upgrade-linux-image-5-15-0-1043-aws ubuntu-upgrade-linux-image-5-15-0-1045-azure ubuntu-upgrade-linux-image-5-15-0-1045-azure-fde ubuntu-upgrade-linux-image-5-15-0-82-generic ubuntu-upgrade-linux-image-5-15-0-82-generic-64k ubuntu-upgrade-linux-image-5-15-0-82-generic-lpae ubuntu-upgrade-linux-image-5-15-0-82-lowlatency ubuntu-upgrade-linux-image-5-15-0-82-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1073-bluefield ubuntu-upgrade-linux-image-6-0-0-1021-oem ubuntu-upgrade-linux-image-6-1-0-1020-oem ubuntu-upgrade-linux-image-6-2-0-1003-starfive ubuntu-upgrade-linux-image-6-2-0-1008-ibm ubuntu-upgrade-linux-image-6-2-0-1010-aws ubuntu-upgrade-linux-image-6-2-0-1010-azure ubuntu-upgrade-linux-image-6-2-0-1010-oracle ubuntu-upgrade-linux-image-6-2-0-1011-kvm ubuntu-upgrade-linux-image-6-2-0-1011-lowlatency ubuntu-upgrade-linux-image-6-2-0-1011-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1011-raspi ubuntu-upgrade-linux-image-6-2-0-1012-gcp ubuntu-upgrade-linux-image-6-2-0-31-generic ubuntu-upgrade-linux-image-6-2-0-31-generic-64k ubuntu-upgrade-linux-image-6-2-0-31-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-4004 CVE - 2023-4004 USN-6315-1 USN-6316-1 USN-6318-1 USN-6321-1 USN-6325-1 USN-6328-1 USN-6330-1 USN-6332-1 USN-6348-1 USN-6385-1 USN-6442-1 View more

Debian: CVE-2023-3817: openssl -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 08/17/2023 Added 08/17/2023 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) debian-upgrade-openssl References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817 DLA-3530-1

RaspAP Unauthenticated Command Injection Disclosed 07/31/2023 Created 08/15/2023 Description RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. Successfully tested against RaspAP 2.8.0 and 2.8.7. Author(s) Ege BALCI <[email protected]> Ismael0x00 Platform Linux,Unix Architectures cmd, x86, x64 Development Source Code History

Maltrail Unauthenticated Command Injection Disclosed 07/31/2023 Created 08/17/2023 Description Maltrail is a malicious traffic detection system, utilizing publicly available blacklists containing malicious and/or generally suspicious trails. The Maltrail versions < 0.54 is suffering from a command injection vulnerability. The `subprocess.check_output` function in `mailtrail/core/http.py` contains a command injection vulnerability in the `params.get("username")` parameter. An attacker can exploit this vulnerability by injecting arbitrary OS commands into the username parameter. The injected commands will be executed with the privileges of the running process. This vulnerability can be exploited remotely without authentication. Successfully tested against Maltrail versions 0.52 and 0.53. Author(s) Ege BALCI <[email protected]> Chris Wild Platform Linux,Unix Architectures cmd, x86, x64 Development Source Code History

Amazon Linux AMI: CVE-2023-3817: Security patch for openssl (ALAS-2023-1843) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 10/11/2023 Added 10/07/2023 Modified 01/28/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) amazon-linux-upgrade-openssl References ALAS-2023-1843 CVE-2023-3817

Rocky Linux: CVE-2023-4004: kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/31/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-core rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-core rocky-upgrade-kernel-rt-modules-extra References https://attackerkb.com/topics/cve-2023-4004 CVE - 2023-4004 https://errata.rockylinux.org/RLSA-2023:5091 https://errata.rockylinux.org/RLSA-2023:5244

Rocky Linux: CVE-2023-3817: openssl (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 07/19/2024 Added 07/16/2024 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) rocky-upgrade-openssl rocky-upgrade-openssl-debuginfo rocky-upgrade-openssl-debugsource rocky-upgrade-openssl-devel rocky-upgrade-openssl-fips-provider rocky-upgrade-openssl-fips-provider-debuginfo rocky-upgrade-openssl-fips-provider-debugsource rocky-upgrade-openssl-libs rocky-upgrade-openssl-libs-debuginfo rocky-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817 https://access.redhat.com/errata/RHSA-2024:2447

Red Hat: CVE-2023-30590: DiffieHellman do not generate keys after setting a private key (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/31/2023 Created 08/02/2023 Added 08/01/2023 Modified 01/30/2025 Description The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad. Solution(s) redhat-upgrade-nodejs redhat-upgrade-nodejs-debuginfo redhat-upgrade-nodejs-debugsource redhat-upgrade-nodejs-devel redhat-upgrade-nodejs-docs redhat-upgrade-nodejs-full-i18n redhat-upgrade-nodejs-libs redhat-upgrade-nodejs-libs-debuginfo redhat-upgrade-nodejs-nodemon redhat-upgrade-nodejs-packaging redhat-upgrade-nodejs-packaging-bundler redhat-upgrade-npm References CVE-2023-30590 RHSA-2023:4330 RHSA-2023:4331 RHSA-2023:4536 RHSA-2023:4537 RHSA-2023:5361 RHSA-2023:5533 View more

Red Hat: CVE-2023-30581: mainModule.proto bypass experimental policy mechanism (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/31/2023 Created 08/02/2023 Added 08/01/2023 Modified 01/28/2025 Description The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js Solution(s) redhat-upgrade-nodejs redhat-upgrade-nodejs-debuginfo redhat-upgrade-nodejs-debugsource redhat-upgrade-nodejs-devel redhat-upgrade-nodejs-docs redhat-upgrade-nodejs-full-i18n redhat-upgrade-nodejs-libs redhat-upgrade-nodejs-libs-debuginfo redhat-upgrade-nodejs-nodemon redhat-upgrade-nodejs-packaging redhat-upgrade-nodejs-packaging-bundler redhat-upgrade-npm References CVE-2023-30581 RHSA-2023:4330 RHSA-2023:4331 RHSA-2023:4536 RHSA-2023:4537 RHSA-2023:5361 RHSA-2023:5533 View more

Huawei EulerOS: CVE-2023-3817: linux-sgx security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) huawei-euleros-2_0_sp11-upgrade-libsgx-ae-le huawei-euleros-2_0_sp11-upgrade-libsgx-aesm-launch-plugin huawei-euleros-2_0_sp11-upgrade-libsgx-enclave-common huawei-euleros-2_0_sp11-upgrade-libsgx-launch huawei-euleros-2_0_sp11-upgrade-libsgx-urts huawei-euleros-2_0_sp11-upgrade-sgx-aesm-service References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817 EulerOS-SA-2023-3047

CentOS Linux: CVE-2023-3817: Low: openssl security update (CESA-2023:7877) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 12/21/2023 Added 12/20/2023 Modified 01/28/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) centos-upgrade-openssl centos-upgrade-openssl-debuginfo centos-upgrade-openssl-debugsource centos-upgrade-openssl-devel centos-upgrade-openssl-libs centos-upgrade-openssl-libs-debuginfo centos-upgrade-openssl-perl References CVE-2023-3817

Huawei EulerOS: CVE-2023-3817: shim security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) huawei-euleros-2_0_sp10-upgrade-shim References https://attackerkb.com/topics/cve-2023-3817 CVE - 2023-3817 EulerOS-SA-2023-3232

VMware Photon OS: CVE-2023-4004 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/31/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-4004 CVE - 2023-4004

Red Hat: CVE-2023-30588: process interuption due to invalid Public Key information in x509 certificates (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/31/2023 Created 08/02/2023 Added 08/01/2023 Modified 01/28/2025 Description When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20. Solution(s) redhat-upgrade-nodejs redhat-upgrade-nodejs-debuginfo redhat-upgrade-nodejs-debugsource redhat-upgrade-nodejs-devel redhat-upgrade-nodejs-docs redhat-upgrade-nodejs-full-i18n redhat-upgrade-nodejs-libs redhat-upgrade-nodejs-libs-debuginfo redhat-upgrade-nodejs-nodemon redhat-upgrade-nodejs-packaging redhat-upgrade-nodejs-packaging-bundler redhat-upgrade-npm References CVE-2023-30588 RHSA-2023:4330 RHSA-2023:4331 RHSA-2023:4536 RHSA-2023:4537 RHSA-2023:5361 RHSA-2023:5533 View more

Alma Linux: CVE-2023-4055: Important: firefox security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4055 CVE - 2023-4055 https://errata.almalinux.org/8/ALSA-2023-4468.html https://errata.almalinux.org/8/ALSA-2023-4497.html https://errata.almalinux.org/9/ALSA-2023-4462.html https://errata.almalinux.org/9/ALSA-2023-4499.html

Alma Linux: CVE-2023-4051: Important: firefox security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/01/2023 Created 09/07/2023 Added 09/07/2023 Modified 01/28/2025 Description A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116, Firefox ESR < 115.2, and Thunderbird < 115.2. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4051 CVE - 2023-4051 https://errata.almalinux.org/8/ALSA-2023-4952.html https://errata.almalinux.org/8/ALSA-2023-4954.html https://errata.almalinux.org/9/ALSA-2023-4955.html https://errata.almalinux.org/9/ALSA-2023-4958.html

Alma Linux: CVE-2023-4049: Important: firefox security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/01/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4049 CVE - 2023-4049 https://errata.almalinux.org/8/ALSA-2023-4468.html https://errata.almalinux.org/8/ALSA-2023-4497.html https://errata.almalinux.org/9/ALSA-2023-4462.html https://errata.almalinux.org/9/ALSA-2023-4499.html

Alma Linux: CVE-2023-4057: Important: firefox security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 08/01/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/28/2025 Description Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4057 CVE - 2023-4057 https://errata.almalinux.org/8/ALSA-2023-4468.html https://errata.almalinux.org/8/ALSA-2023-4497.html https://errata.almalinux.org/9/ALSA-2023-4462.html https://errata.almalinux.org/9/ALSA-2023-4499.html

Ubuntu: (Multiple Advisories) (CVE-2023-4046): Firefox vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 08/01/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-libmozjs-102-0 ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-4046 CVE - 2023-4046 USN-6267-1 USN-6267-2 USN-6267-3 USN-6333-1 USN-6406-1