ISHACK AI BOT

MFSA2023-28 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.13.1 (CVE-2023-3417) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 07/20/2023 Created 07/25/2023 Added 07/24/2023 Modified 02/14/2025 Description Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while infact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1. Solution(s) mozilla-thunderbird-upgrade-102_13_1 References https://attackerkb.com/topics/cve-2023-3417 CVE - 2023-3417 http://www.mozilla.org/security/announce/2023/mfsa2023-28.html

OS X update for ColorSync (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for bootp (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Clock (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

VMware Photon OS: CVE-2022-28737 Severity 6 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 07/20/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-28737 CVE - 2022-28737

Debian: CVE-2022-28737: shim -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario. Solution(s) debian-upgrade-shim References https://attackerkb.com/topics/cve-2022-28737 CVE - 2022-28737

Huawei EulerOS: CVE-2022-2127: samba security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. Solution(s) huawei-euleros-2_0_sp11-upgrade-libsmbclient huawei-euleros-2_0_sp11-upgrade-libwbclient huawei-euleros-2_0_sp11-upgrade-samba huawei-euleros-2_0_sp11-upgrade-samba-client huawei-euleros-2_0_sp11-upgrade-samba-common huawei-euleros-2_0_sp11-upgrade-samba-common-tools huawei-euleros-2_0_sp11-upgrade-samba-libs huawei-euleros-2_0_sp11-upgrade-samba-winbind huawei-euleros-2_0_sp11-upgrade-samba-winbind-clients huawei-euleros-2_0_sp11-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2022-2127 CVE - 2022-2127 EulerOS-SA-2023-2869

Amazon Linux AMI 2: CVE-2023-3610: Security patch for kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-184-175-749 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-120-74-144 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-3610 AL2/ALASKERNEL-5.10-2023-037 AL2/ALASKERNEL-5.15-2023-024 CVE - 2023-3610

Huawei EulerOS: CVE-2023-3776: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3776 CVE - 2023-3776 EulerOS-SA-2023-2898

Huawei EulerOS: CVE-2023-3609: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/21/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3609 CVE - 2023-3609 EulerOS-SA-2023-2898

Amazon Linux AMI 2: CVE-2023-38408: Security patch for openssh (ALAS-2023-2176) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) amazon-linux-ami-2-upgrade-openssh amazon-linux-ami-2-upgrade-openssh-askpass amazon-linux-ami-2-upgrade-openssh-cavs amazon-linux-ami-2-upgrade-openssh-clients amazon-linux-ami-2-upgrade-openssh-debuginfo amazon-linux-ami-2-upgrade-openssh-keycat amazon-linux-ami-2-upgrade-openssh-ldap amazon-linux-ami-2-upgrade-openssh-server amazon-linux-ami-2-upgrade-openssh-server-sysvinit amazon-linux-ami-2-upgrade-pam_ssh_agent_auth References https://attackerkb.com/topics/cve-2023-38408 AL2/ALAS-2023-2176 CVE - 2023-38408

Huawei EulerOS: CVE-2023-34967: samba security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. Solution(s) huawei-euleros-2_0_sp11-upgrade-libsmbclient huawei-euleros-2_0_sp11-upgrade-libwbclient huawei-euleros-2_0_sp11-upgrade-samba huawei-euleros-2_0_sp11-upgrade-samba-client huawei-euleros-2_0_sp11-upgrade-samba-common huawei-euleros-2_0_sp11-upgrade-samba-common-tools huawei-euleros-2_0_sp11-upgrade-samba-libs huawei-euleros-2_0_sp11-upgrade-samba-winbind huawei-euleros-2_0_sp11-upgrade-samba-winbind-clients huawei-euleros-2_0_sp11-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2023-34967 CVE - 2023-34967 EulerOS-SA-2023-2869

Huawei EulerOS: CVE-2023-38408: openssh security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) huawei-euleros-2_0_sp11-upgrade-openssh huawei-euleros-2_0_sp11-upgrade-openssh-clients huawei-euleros-2_0_sp11-upgrade-openssh-server References https://attackerkb.com/topics/cve-2023-38408 CVE - 2023-38408 EulerOS-SA-2023-2863

OS X update for libpcap (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2023-34966: samba security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/30/2025 Description An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. Solution(s) huawei-euleros-2_0_sp5-upgrade-libsmbclient huawei-euleros-2_0_sp5-upgrade-libwbclient huawei-euleros-2_0_sp5-upgrade-samba huawei-euleros-2_0_sp5-upgrade-samba-client huawei-euleros-2_0_sp5-upgrade-samba-client-libs huawei-euleros-2_0_sp5-upgrade-samba-common huawei-euleros-2_0_sp5-upgrade-samba-common-libs huawei-euleros-2_0_sp5-upgrade-samba-common-tools huawei-euleros-2_0_sp5-upgrade-samba-libs huawei-euleros-2_0_sp5-upgrade-samba-python huawei-euleros-2_0_sp5-upgrade-samba-winbind huawei-euleros-2_0_sp5-upgrade-samba-winbind-clients huawei-euleros-2_0_sp5-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2023-34966 CVE - 2023-34966 EulerOS-SA-2024-1163

CentOS Linux: CVE-2023-34968: Moderate: samba security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/20/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. Solution(s) centos-upgrade-ctdb centos-upgrade-ctdb-debuginfo centos-upgrade-evolution-mapi centos-upgrade-evolution-mapi-debuginfo centos-upgrade-evolution-mapi-debugsource centos-upgrade-evolution-mapi-langpacks centos-upgrade-libnetapi centos-upgrade-libnetapi-debuginfo centos-upgrade-libsmbclient centos-upgrade-libsmbclient-debuginfo centos-upgrade-libwbclient centos-upgrade-libwbclient-debuginfo centos-upgrade-openchange centos-upgrade-openchange-client-debuginfo centos-upgrade-openchange-debuginfo centos-upgrade-openchange-debugsource centos-upgrade-python3-samba centos-upgrade-python3-samba-dc centos-upgrade-python3-samba-dc-debuginfo centos-upgrade-python3-samba-debuginfo centos-upgrade-python3-samba-test centos-upgrade-samba centos-upgrade-samba-client centos-upgrade-samba-client-debuginfo centos-upgrade-samba-client-libs centos-upgrade-samba-client-libs-debuginfo centos-upgrade-samba-common centos-upgrade-samba-common-libs centos-upgrade-samba-common-libs-debuginfo centos-upgrade-samba-common-tools centos-upgrade-samba-common-tools-debuginfo centos-upgrade-samba-dc-libs centos-upgrade-samba-dc-libs-debuginfo centos-upgrade-samba-dcerpc centos-upgrade-samba-dcerpc-debuginfo centos-upgrade-samba-debuginfo centos-upgrade-samba-debugsource centos-upgrade-samba-krb5-printing centos-upgrade-samba-krb5-printing-debuginfo centos-upgrade-samba-ldb-ldap-modules centos-upgrade-samba-ldb-ldap-modules-debuginfo centos-upgrade-samba-libs centos-upgrade-samba-libs-debuginfo centos-upgrade-samba-pidl centos-upgrade-samba-test centos-upgrade-samba-test-debuginfo centos-upgrade-samba-test-libs centos-upgrade-samba-test-libs-debuginfo centos-upgrade-samba-tools centos-upgrade-samba-usershares centos-upgrade-samba-vfs-iouring centos-upgrade-samba-vfs-iouring-debuginfo centos-upgrade-samba-winbind centos-upgrade-samba-winbind-clients centos-upgrade-samba-winbind-clients-debuginfo centos-upgrade-samba-winbind-debuginfo centos-upgrade-samba-winbind-krb5-locator centos-upgrade-samba-winbind-krb5-locator-debuginfo centos-upgrade-samba-winbind-modules centos-upgrade-samba-winbind-modules-debuginfo centos-upgrade-samba-winexe centos-upgrade-samba-winexe-debuginfo References CVE-2023-34968

CentOS Linux: CVE-2023-34966: Moderate: samba security, bug fix, and enhancement update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. Solution(s) centos-upgrade-ctdb centos-upgrade-ctdb-debuginfo centos-upgrade-evolution-mapi centos-upgrade-evolution-mapi-debuginfo centos-upgrade-evolution-mapi-debugsource centos-upgrade-evolution-mapi-langpacks centos-upgrade-libnetapi centos-upgrade-libnetapi-debuginfo centos-upgrade-libsmbclient centos-upgrade-libsmbclient-debuginfo centos-upgrade-libwbclient centos-upgrade-libwbclient-debuginfo centos-upgrade-openchange centos-upgrade-openchange-client-debuginfo centos-upgrade-openchange-debuginfo centos-upgrade-openchange-debugsource centos-upgrade-python3-samba centos-upgrade-python3-samba-dc centos-upgrade-python3-samba-dc-debuginfo centos-upgrade-python3-samba-debuginfo centos-upgrade-python3-samba-test centos-upgrade-samba centos-upgrade-samba-client centos-upgrade-samba-client-debuginfo centos-upgrade-samba-client-libs centos-upgrade-samba-client-libs-debuginfo centos-upgrade-samba-common centos-upgrade-samba-common-libs centos-upgrade-samba-common-libs-debuginfo centos-upgrade-samba-common-tools centos-upgrade-samba-common-tools-debuginfo centos-upgrade-samba-dc-libs centos-upgrade-samba-dc-libs-debuginfo centos-upgrade-samba-dcerpc centos-upgrade-samba-dcerpc-debuginfo centos-upgrade-samba-debuginfo centos-upgrade-samba-debugsource centos-upgrade-samba-krb5-printing centos-upgrade-samba-krb5-printing-debuginfo centos-upgrade-samba-ldb-ldap-modules centos-upgrade-samba-ldb-ldap-modules-debuginfo centos-upgrade-samba-libs centos-upgrade-samba-libs-debuginfo centos-upgrade-samba-pidl centos-upgrade-samba-test centos-upgrade-samba-test-debuginfo centos-upgrade-samba-test-libs centos-upgrade-samba-test-libs-debuginfo centos-upgrade-samba-tools centos-upgrade-samba-usershares centos-upgrade-samba-vfs-iouring centos-upgrade-samba-vfs-iouring-debuginfo centos-upgrade-samba-winbind centos-upgrade-samba-winbind-clients centos-upgrade-samba-winbind-clients-debuginfo centos-upgrade-samba-winbind-debuginfo centos-upgrade-samba-winbind-krb5-locator centos-upgrade-samba-winbind-krb5-locator-debuginfo centos-upgrade-samba-winbind-modules centos-upgrade-samba-winbind-modules-debuginfo centos-upgrade-samba-winexe centos-upgrade-samba-winexe-debuginfo References CVE-2023-34966

CentOS Linux: CVE-2023-38408: Important: openssh security update (CESA-2023:4382) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) centos-upgrade-openssh centos-upgrade-openssh-askpass centos-upgrade-openssh-cavs centos-upgrade-openssh-clients centos-upgrade-openssh-debuginfo centos-upgrade-openssh-keycat centos-upgrade-openssh-ldap centos-upgrade-openssh-server centos-upgrade-openssh-server-sysvinit centos-upgrade-pam_ssh_agent_auth References CVE-2023-38408

OS X update for Notes (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2022-2127: samba security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. Solution(s) huawei-euleros-2_0_sp10-upgrade-libsmbclient huawei-euleros-2_0_sp10-upgrade-libwbclient huawei-euleros-2_0_sp10-upgrade-samba huawei-euleros-2_0_sp10-upgrade-samba-client huawei-euleros-2_0_sp10-upgrade-samba-common huawei-euleros-2_0_sp10-upgrade-samba-common-tools huawei-euleros-2_0_sp10-upgrade-samba-libs huawei-euleros-2_0_sp10-upgrade-samba-winbind huawei-euleros-2_0_sp10-upgrade-samba-winbind-clients huawei-euleros-2_0_sp10-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2022-2127 CVE - 2022-2127 EulerOS-SA-2023-3229

OS X update for NetFSFramework (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI: CVE-2022-2127: Security patch for samba (ALAS-2023-1896) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 12/07/2023 Added 12/05/2023 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. Solution(s) amazon-linux-upgrade-samba References ALAS-2023-1896 CVE-2022-2127

SUSE: CVE-2023-34967: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/20/2023 Created 07/20/2023 Added 07/20/2023 Modified 01/28/2025 Description A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. Solution(s) suse-upgrade-ctdb suse-upgrade-ctdb-pcp-pmda suse-upgrade-libsamba-policy-devel suse-upgrade-libsamba-policy-python3-devel suse-upgrade-libsamba-policy0-python3 suse-upgrade-libsamba-policy0-python3-32bit suse-upgrade-samba suse-upgrade-samba-ad-dc suse-upgrade-samba-ad-dc-libs suse-upgrade-samba-ad-dc-libs-32bit suse-upgrade-samba-ceph suse-upgrade-samba-client suse-upgrade-samba-client-32bit suse-upgrade-samba-client-libs suse-upgrade-samba-client-libs-32bit suse-upgrade-samba-devel suse-upgrade-samba-devel-32bit suse-upgrade-samba-doc suse-upgrade-samba-dsdb-modules suse-upgrade-samba-gpupdate suse-upgrade-samba-ldb-ldap suse-upgrade-samba-libs suse-upgrade-samba-libs-32bit suse-upgrade-samba-libs-python3 suse-upgrade-samba-libs-python3-32bit suse-upgrade-samba-python3 suse-upgrade-samba-test suse-upgrade-samba-tool suse-upgrade-samba-winbind suse-upgrade-samba-winbind-libs suse-upgrade-samba-winbind-libs-32bit References https://attackerkb.com/topics/cve-2023-34967 CVE - 2023-34967

Amazon Linux AMI 2: CVE-2022-28735: Security patch for grub2 (ALAS-2023-2146) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/20/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/30/2025 Description The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. Solution(s) amazon-linux-ami-2-upgrade-grub2 amazon-linux-ami-2-upgrade-grub2-common amazon-linux-ami-2-upgrade-grub2-debuginfo amazon-linux-ami-2-upgrade-grub2-efi-aa64 amazon-linux-ami-2-upgrade-grub2-efi-aa64-cdboot amazon-linux-ami-2-upgrade-grub2-efi-aa64-ec2 amazon-linux-ami-2-upgrade-grub2-efi-aa64-modules amazon-linux-ami-2-upgrade-grub2-efi-x64 amazon-linux-ami-2-upgrade-grub2-efi-x64-cdboot amazon-linux-ami-2-upgrade-grub2-efi-x64-ec2 amazon-linux-ami-2-upgrade-grub2-efi-x64-modules amazon-linux-ami-2-upgrade-grub2-emu amazon-linux-ami-2-upgrade-grub2-emu-modules amazon-linux-ami-2-upgrade-grub2-pc amazon-linux-ami-2-upgrade-grub2-pc-modules amazon-linux-ami-2-upgrade-grub2-tools amazon-linux-ami-2-upgrade-grub2-tools-efi amazon-linux-ami-2-upgrade-grub2-tools-extra amazon-linux-ami-2-upgrade-grub2-tools-minimal References https://attackerkb.com/topics/cve-2022-28735 AL2/ALAS-2023-2146 CVE - 2022-28735

SUSE: CVE-2023-3347: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/20/2023 Created 07/25/2023 Added 07/24/2023 Modified 01/28/2025 Description A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. Solution(s) suse-upgrade-ctdb suse-upgrade-ctdb-pcp-pmda suse-upgrade-libsamba-policy-devel suse-upgrade-libsamba-policy-python3-devel suse-upgrade-libsamba-policy0-python3 suse-upgrade-libsamba-policy0-python3-32bit suse-upgrade-samba suse-upgrade-samba-ceph suse-upgrade-samba-client suse-upgrade-samba-client-32bit suse-upgrade-samba-client-libs suse-upgrade-samba-client-libs-32bit suse-upgrade-samba-devel suse-upgrade-samba-devel-32bit suse-upgrade-samba-doc suse-upgrade-samba-gpupdate suse-upgrade-samba-ldb-ldap suse-upgrade-samba-libs suse-upgrade-samba-libs-32bit suse-upgrade-samba-libs-python3 suse-upgrade-samba-libs-python3-32bit suse-upgrade-samba-python3 suse-upgrade-samba-test suse-upgrade-samba-tool suse-upgrade-samba-winbind suse-upgrade-samba-winbind-libs suse-upgrade-samba-winbind-libs-32bit References https://attackerkb.com/topics/cve-2023-3347 CVE - 2023-3347