ISHACK AI BOT

OS X update for CoreMedia (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2022-28734: Security patch for grub2 (ALAS-2023-2146) Severity 8 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:C) Published 07/20/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/30/2025 Description Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. Solution(s) amazon-linux-ami-2-upgrade-grub2 amazon-linux-ami-2-upgrade-grub2-common amazon-linux-ami-2-upgrade-grub2-debuginfo amazon-linux-ami-2-upgrade-grub2-efi-aa64 amazon-linux-ami-2-upgrade-grub2-efi-aa64-cdboot amazon-linux-ami-2-upgrade-grub2-efi-aa64-ec2 amazon-linux-ami-2-upgrade-grub2-efi-aa64-modules amazon-linux-ami-2-upgrade-grub2-efi-x64 amazon-linux-ami-2-upgrade-grub2-efi-x64-cdboot amazon-linux-ami-2-upgrade-grub2-efi-x64-ec2 amazon-linux-ami-2-upgrade-grub2-efi-x64-modules amazon-linux-ami-2-upgrade-grub2-emu amazon-linux-ami-2-upgrade-grub2-emu-modules amazon-linux-ami-2-upgrade-grub2-pc amazon-linux-ami-2-upgrade-grub2-pc-modules amazon-linux-ami-2-upgrade-grub2-tools amazon-linux-ami-2-upgrade-grub2-tools-efi amazon-linux-ami-2-upgrade-grub2-tools-extra amazon-linux-ami-2-upgrade-grub2-tools-minimal References https://attackerkb.com/topics/cve-2022-28734 AL2/ALAS-2023-2146 CVE - 2022-28734

SUSE: CVE-2023-34966: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 07/20/2023 Added 07/20/2023 Modified 01/28/2025 Description An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. Solution(s) suse-upgrade-ctdb suse-upgrade-ctdb-pcp-pmda suse-upgrade-libsamba-policy-devel suse-upgrade-libsamba-policy-python3-devel suse-upgrade-libsamba-policy0-python3 suse-upgrade-libsamba-policy0-python3-32bit suse-upgrade-samba suse-upgrade-samba-ad-dc suse-upgrade-samba-ad-dc-libs suse-upgrade-samba-ad-dc-libs-32bit suse-upgrade-samba-ceph suse-upgrade-samba-client suse-upgrade-samba-client-32bit suse-upgrade-samba-client-libs suse-upgrade-samba-client-libs-32bit suse-upgrade-samba-devel suse-upgrade-samba-devel-32bit suse-upgrade-samba-doc suse-upgrade-samba-dsdb-modules suse-upgrade-samba-gpupdate suse-upgrade-samba-ldb-ldap suse-upgrade-samba-libs suse-upgrade-samba-libs-32bit suse-upgrade-samba-libs-python3 suse-upgrade-samba-libs-python3-32bit suse-upgrade-samba-python3 suse-upgrade-samba-test suse-upgrade-samba-tool suse-upgrade-samba-winbind suse-upgrade-samba-winbind-libs suse-upgrade-samba-winbind-libs-32bit References https://attackerkb.com/topics/cve-2023-34966 CVE - 2023-34966

Red Hat: CVE-2022-2127: samba: out-of-bounds read in winbind AUTH_CRAP (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. Solution(s) redhat-upgrade-ctdb redhat-upgrade-ctdb-debuginfo redhat-upgrade-evolution-mapi redhat-upgrade-evolution-mapi-debuginfo redhat-upgrade-evolution-mapi-debugsource redhat-upgrade-evolution-mapi-langpacks redhat-upgrade-libnetapi redhat-upgrade-libnetapi-debuginfo redhat-upgrade-libnetapi-devel redhat-upgrade-libsmbclient redhat-upgrade-libsmbclient-debuginfo redhat-upgrade-libsmbclient-devel redhat-upgrade-libwbclient redhat-upgrade-libwbclient-debuginfo redhat-upgrade-libwbclient-devel redhat-upgrade-openchange redhat-upgrade-openchange-client-debuginfo redhat-upgrade-openchange-debuginfo redhat-upgrade-openchange-debugsource redhat-upgrade-python3-samba redhat-upgrade-python3-samba-dc redhat-upgrade-python3-samba-dc-debuginfo redhat-upgrade-python3-samba-debuginfo redhat-upgrade-python3-samba-devel redhat-upgrade-python3-samba-test redhat-upgrade-samba redhat-upgrade-samba-client redhat-upgrade-samba-client-debuginfo redhat-upgrade-samba-client-libs redhat-upgrade-samba-client-libs-debuginfo redhat-upgrade-samba-common redhat-upgrade-samba-common-libs redhat-upgrade-samba-common-libs-debuginfo redhat-upgrade-samba-common-tools redhat-upgrade-samba-common-tools-debuginfo redhat-upgrade-samba-dc-libs redhat-upgrade-samba-dc-libs-debuginfo redhat-upgrade-samba-dcerpc redhat-upgrade-samba-dcerpc-debuginfo redhat-upgrade-samba-debuginfo redhat-upgrade-samba-debugsource redhat-upgrade-samba-devel redhat-upgrade-samba-krb5-printing redhat-upgrade-samba-krb5-printing-debuginfo redhat-upgrade-samba-ldb-ldap-modules redhat-upgrade-samba-ldb-ldap-modules-debuginfo redhat-upgrade-samba-libs redhat-upgrade-samba-libs-debuginfo redhat-upgrade-samba-pidl redhat-upgrade-samba-test redhat-upgrade-samba-test-debuginfo redhat-upgrade-samba-test-libs redhat-upgrade-samba-test-libs-debuginfo redhat-upgrade-samba-tools redhat-upgrade-samba-usershares redhat-upgrade-samba-vfs-iouring redhat-upgrade-samba-vfs-iouring-debuginfo redhat-upgrade-samba-winbind redhat-upgrade-samba-winbind-clients redhat-upgrade-samba-winbind-clients-debuginfo redhat-upgrade-samba-winbind-debuginfo redhat-upgrade-samba-winbind-krb5-locator redhat-upgrade-samba-winbind-krb5-locator-debuginfo redhat-upgrade-samba-winbind-modules redhat-upgrade-samba-winbind-modules-debuginfo redhat-upgrade-samba-winexe redhat-upgrade-samba-winexe-debuginfo References CVE-2022-2127 RHSA-2023:6667 RHSA-2023:7139 RHSA-2024:0423 RHSA-2024:0580

OS X update for Airport (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AMD (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Bluetooth (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Samba CVE-2023-3347: CVE-2022-2127, CVE-2023-3347, CVE-2023-34966, CVE-2023-34967 and CVE-2023-34968. Please see announcements for details. Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/20/2023 Created 08/09/2023 Added 08/08/2023 Modified 01/30/2025 Description A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. Solution(s) samba-upgrade-4_16_11 samba-upgrade-4_17_10 samba-upgrade-4_18_5 References https://attackerkb.com/topics/cve-2023-3347 CVE - 2023-3347 http://www.samba.org/samba/security/CVE-2023-3347.html

Samba CVE-2023-34967: CVE-2022-2127, CVE-2023-3347, CVE-2023-34966, CVE-2023-34967 and CVE-2023-34968. Please see announcements for details. Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/20/2023 Created 07/31/2023 Added 07/31/2023 Modified 01/30/2025 Description A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. Solution(s) samba-upgrade-4_16_11 samba-upgrade-4_17_10 samba-upgrade-4_18_5 References https://attackerkb.com/topics/cve-2023-34967 CVE - 2023-34967 http://www.samba.org/samba/security/CVE-2023-34967.html

VMware Photon OS: CVE-2022-28734 Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-28734 CVE - 2022-28734

Ubuntu: USN-6355-1 (CVE-2022-28734): GRUB2 vulnerabilities Severity 8 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:C) Published 07/20/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/30/2025 Description Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. Solution(s) ubuntu-upgrade-grub-efi-amd64 ubuntu-upgrade-grub-efi-amd64-bin ubuntu-upgrade-grub-efi-amd64-signed ubuntu-upgrade-grub-efi-arm64 ubuntu-upgrade-grub-efi-arm64-bin ubuntu-upgrade-grub-efi-arm64-signed ubuntu-upgrade-shim ubuntu-upgrade-shim-signed References https://attackerkb.com/topics/cve-2022-28734 CVE - 2022-28734 USN-6355-1

OS X update for Graphics Drivers (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for iCloud Photo Library (CVE-2023-38408) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Amazon Linux AMI 2: CVE-2022-28733: Security patch for grub2 (ALAS-2023-2146) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer. Solution(s) amazon-linux-ami-2-upgrade-grub2 amazon-linux-ami-2-upgrade-grub2-common amazon-linux-ami-2-upgrade-grub2-debuginfo amazon-linux-ami-2-upgrade-grub2-efi-aa64 amazon-linux-ami-2-upgrade-grub2-efi-aa64-cdboot amazon-linux-ami-2-upgrade-grub2-efi-aa64-ec2 amazon-linux-ami-2-upgrade-grub2-efi-aa64-modules amazon-linux-ami-2-upgrade-grub2-efi-x64 amazon-linux-ami-2-upgrade-grub2-efi-x64-cdboot amazon-linux-ami-2-upgrade-grub2-efi-x64-ec2 amazon-linux-ami-2-upgrade-grub2-efi-x64-modules amazon-linux-ami-2-upgrade-grub2-emu amazon-linux-ami-2-upgrade-grub2-emu-modules amazon-linux-ami-2-upgrade-grub2-pc amazon-linux-ami-2-upgrade-grub2-pc-modules amazon-linux-ami-2-upgrade-grub2-tools amazon-linux-ami-2-upgrade-grub2-tools-efi amazon-linux-ami-2-upgrade-grub2-tools-extra amazon-linux-ami-2-upgrade-grub2-tools-minimal References https://attackerkb.com/topics/cve-2022-28733 AL2/ALAS-2023-2146 CVE - 2022-28733

VMware Photon OS: CVE-2022-28736 Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 07/20/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-28736 CVE - 2022-28736

Debian: CVE-2022-28734: grub2 -- security update Severity 8 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:C) Published 07/20/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata. Solution(s) debian-upgrade-grub2 References https://attackerkb.com/topics/cve-2022-28734 CVE - 2022-28734

Debian: CVE-2022-2127: samba -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/28/2025 Description An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash. Solution(s) debian-upgrade-samba References https://attackerkb.com/topics/cve-2022-2127 CVE - 2022-2127 DSA-5477-1

Debian: CVE-2022-28736: grub2 -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/20/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved. Solution(s) debian-upgrade-grub2 References https://attackerkb.com/topics/cve-2022-28736 CVE - 2022-28736

Debian: CVE-2022-28735: grub2 -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/20/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. Solution(s) debian-upgrade-grub2 References https://attackerkb.com/topics/cve-2022-28735 CVE - 2022-28735

Sophos Web Appliance Obsolete Version Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 08/31/2023 Added 08/31/2023 Modified 06/26/2024 Description Sophos Web Appliance (SWA) reached End of Life (EOL) on July 20, 2023. SWA will continue to pass traffic but will no longer receive security or software updates. Solution(s) sophos-web-appliance-obsolete

Huawei EulerOS: CVE-2023-34966: samba security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. Solution(s) huawei-euleros-2_0_sp11-upgrade-libsmbclient huawei-euleros-2_0_sp11-upgrade-libwbclient huawei-euleros-2_0_sp11-upgrade-samba huawei-euleros-2_0_sp11-upgrade-samba-client huawei-euleros-2_0_sp11-upgrade-samba-common huawei-euleros-2_0_sp11-upgrade-samba-common-tools huawei-euleros-2_0_sp11-upgrade-samba-libs huawei-euleros-2_0_sp11-upgrade-samba-winbind huawei-euleros-2_0_sp11-upgrade-samba-winbind-clients huawei-euleros-2_0_sp11-upgrade-samba-winbind-modules References https://attackerkb.com/topics/cve-2023-34966 CVE - 2023-34966 EulerOS-SA-2023-2869

OpenSSH Vulnerability: CVE-2023-38408 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 07/20/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. Solution(s) openbsd-openssh-upgrade-9_3p2 References https://attackerkb.com/topics/cve-2023-38408 CVE - 2023-38408 https://www.openssh.com/security.html

Red Hat: CVE-2023-34967: samba: type confusion in mdssvc RPC service for spotlight (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/20/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/30/2025 Description A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. Solution(s) redhat-upgrade-ctdb redhat-upgrade-ctdb-debuginfo redhat-upgrade-evolution-mapi redhat-upgrade-evolution-mapi-debuginfo redhat-upgrade-evolution-mapi-debugsource redhat-upgrade-evolution-mapi-langpacks redhat-upgrade-libnetapi redhat-upgrade-libnetapi-debuginfo redhat-upgrade-libnetapi-devel redhat-upgrade-libsmbclient redhat-upgrade-libsmbclient-debuginfo redhat-upgrade-libsmbclient-devel redhat-upgrade-libwbclient redhat-upgrade-libwbclient-debuginfo redhat-upgrade-libwbclient-devel redhat-upgrade-openchange redhat-upgrade-openchange-client-debuginfo redhat-upgrade-openchange-debuginfo redhat-upgrade-openchange-debugsource redhat-upgrade-python3-samba redhat-upgrade-python3-samba-dc redhat-upgrade-python3-samba-dc-debuginfo redhat-upgrade-python3-samba-debuginfo redhat-upgrade-python3-samba-devel redhat-upgrade-python3-samba-test redhat-upgrade-samba redhat-upgrade-samba-client redhat-upgrade-samba-client-debuginfo redhat-upgrade-samba-client-libs redhat-upgrade-samba-client-libs-debuginfo redhat-upgrade-samba-common redhat-upgrade-samba-common-libs redhat-upgrade-samba-common-libs-debuginfo redhat-upgrade-samba-common-tools redhat-upgrade-samba-common-tools-debuginfo redhat-upgrade-samba-dc-libs redhat-upgrade-samba-dc-libs-debuginfo redhat-upgrade-samba-dcerpc redhat-upgrade-samba-dcerpc-debuginfo redhat-upgrade-samba-debuginfo redhat-upgrade-samba-debugsource redhat-upgrade-samba-devel redhat-upgrade-samba-krb5-printing redhat-upgrade-samba-krb5-printing-debuginfo redhat-upgrade-samba-ldb-ldap-modules redhat-upgrade-samba-ldb-ldap-modules-debuginfo redhat-upgrade-samba-libs redhat-upgrade-samba-libs-debuginfo redhat-upgrade-samba-pidl redhat-upgrade-samba-test redhat-upgrade-samba-test-debuginfo redhat-upgrade-samba-test-libs redhat-upgrade-samba-test-libs-debuginfo redhat-upgrade-samba-tools redhat-upgrade-samba-usershares redhat-upgrade-samba-vfs-iouring redhat-upgrade-samba-vfs-iouring-debuginfo redhat-upgrade-samba-winbind redhat-upgrade-samba-winbind-clients redhat-upgrade-samba-winbind-clients-debuginfo redhat-upgrade-samba-winbind-debuginfo redhat-upgrade-samba-winbind-krb5-locator redhat-upgrade-samba-winbind-krb5-locator-debuginfo redhat-upgrade-samba-winbind-modules redhat-upgrade-samba-winbind-modules-debuginfo redhat-upgrade-samba-winexe redhat-upgrade-samba-winexe-debuginfo References CVE-2023-34967 RHSA-2023:6667 RHSA-2023:7139 RHSA-2024:0423 RHSA-2024:0580

Red Hat: CVE-2023-34966: samba: infinite loop in mdssvc RPC service for spotlight (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/20/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/30/2025 Description An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. Solution(s) redhat-upgrade-ctdb redhat-upgrade-ctdb-debuginfo redhat-upgrade-evolution-mapi redhat-upgrade-evolution-mapi-debuginfo redhat-upgrade-evolution-mapi-debugsource redhat-upgrade-evolution-mapi-langpacks redhat-upgrade-libnetapi redhat-upgrade-libnetapi-debuginfo redhat-upgrade-libnetapi-devel redhat-upgrade-libsmbclient redhat-upgrade-libsmbclient-debuginfo redhat-upgrade-libsmbclient-devel redhat-upgrade-libwbclient redhat-upgrade-libwbclient-debuginfo redhat-upgrade-libwbclient-devel redhat-upgrade-openchange redhat-upgrade-openchange-client-debuginfo redhat-upgrade-openchange-debuginfo redhat-upgrade-openchange-debugsource redhat-upgrade-python3-samba redhat-upgrade-python3-samba-dc redhat-upgrade-python3-samba-dc-debuginfo redhat-upgrade-python3-samba-debuginfo redhat-upgrade-python3-samba-devel redhat-upgrade-python3-samba-test redhat-upgrade-samba redhat-upgrade-samba-client redhat-upgrade-samba-client-debuginfo redhat-upgrade-samba-client-libs redhat-upgrade-samba-client-libs-debuginfo redhat-upgrade-samba-common redhat-upgrade-samba-common-libs redhat-upgrade-samba-common-libs-debuginfo redhat-upgrade-samba-common-tools redhat-upgrade-samba-common-tools-debuginfo redhat-upgrade-samba-dc-libs redhat-upgrade-samba-dc-libs-debuginfo redhat-upgrade-samba-dcerpc redhat-upgrade-samba-dcerpc-debuginfo redhat-upgrade-samba-debuginfo redhat-upgrade-samba-debugsource redhat-upgrade-samba-devel redhat-upgrade-samba-krb5-printing redhat-upgrade-samba-krb5-printing-debuginfo redhat-upgrade-samba-ldb-ldap-modules redhat-upgrade-samba-ldb-ldap-modules-debuginfo redhat-upgrade-samba-libs redhat-upgrade-samba-libs-debuginfo redhat-upgrade-samba-pidl redhat-upgrade-samba-test redhat-upgrade-samba-test-debuginfo redhat-upgrade-samba-test-libs redhat-upgrade-samba-test-libs-debuginfo redhat-upgrade-samba-tools redhat-upgrade-samba-usershares redhat-upgrade-samba-vfs-iouring redhat-upgrade-samba-vfs-iouring-debuginfo redhat-upgrade-samba-winbind redhat-upgrade-samba-winbind-clients redhat-upgrade-samba-winbind-clients-debuginfo redhat-upgrade-samba-winbind-debuginfo redhat-upgrade-samba-winbind-krb5-locator redhat-upgrade-samba-winbind-krb5-locator-debuginfo redhat-upgrade-samba-winbind-modules redhat-upgrade-samba-winbind-modules-debuginfo redhat-upgrade-samba-winexe redhat-upgrade-samba-winexe-debuginfo References CVE-2023-34966 RHSA-2023:6667 RHSA-2023:7139 RHSA-2024:0423 RHSA-2024:0580 RHSA-2024:4101

Red Hat: CVE-2023-34968: samba: spotlight server-side share path disclosure (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/20/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. Solution(s) redhat-upgrade-ctdb redhat-upgrade-ctdb-debuginfo redhat-upgrade-evolution-mapi redhat-upgrade-evolution-mapi-debuginfo redhat-upgrade-evolution-mapi-debugsource redhat-upgrade-evolution-mapi-langpacks redhat-upgrade-libnetapi redhat-upgrade-libnetapi-debuginfo redhat-upgrade-libnetapi-devel redhat-upgrade-libsmbclient redhat-upgrade-libsmbclient-debuginfo redhat-upgrade-libsmbclient-devel redhat-upgrade-libwbclient redhat-upgrade-libwbclient-debuginfo redhat-upgrade-libwbclient-devel redhat-upgrade-openchange redhat-upgrade-openchange-client-debuginfo redhat-upgrade-openchange-debuginfo redhat-upgrade-openchange-debugsource redhat-upgrade-python3-samba redhat-upgrade-python3-samba-dc redhat-upgrade-python3-samba-dc-debuginfo redhat-upgrade-python3-samba-debuginfo redhat-upgrade-python3-samba-devel redhat-upgrade-python3-samba-test redhat-upgrade-samba redhat-upgrade-samba-client redhat-upgrade-samba-client-debuginfo redhat-upgrade-samba-client-libs redhat-upgrade-samba-client-libs-debuginfo redhat-upgrade-samba-common redhat-upgrade-samba-common-libs redhat-upgrade-samba-common-libs-debuginfo redhat-upgrade-samba-common-tools redhat-upgrade-samba-common-tools-debuginfo redhat-upgrade-samba-dc-libs redhat-upgrade-samba-dc-libs-debuginfo redhat-upgrade-samba-dcerpc redhat-upgrade-samba-dcerpc-debuginfo redhat-upgrade-samba-debuginfo redhat-upgrade-samba-debugsource redhat-upgrade-samba-devel redhat-upgrade-samba-krb5-printing redhat-upgrade-samba-krb5-printing-debuginfo redhat-upgrade-samba-ldb-ldap-modules redhat-upgrade-samba-ldb-ldap-modules-debuginfo redhat-upgrade-samba-libs redhat-upgrade-samba-libs-debuginfo redhat-upgrade-samba-pidl redhat-upgrade-samba-test redhat-upgrade-samba-test-debuginfo redhat-upgrade-samba-test-libs redhat-upgrade-samba-test-libs-debuginfo redhat-upgrade-samba-tools redhat-upgrade-samba-usershares redhat-upgrade-samba-vfs-iouring redhat-upgrade-samba-vfs-iouring-debuginfo redhat-upgrade-samba-winbind redhat-upgrade-samba-winbind-clients redhat-upgrade-samba-winbind-clients-debuginfo redhat-upgrade-samba-winbind-debuginfo redhat-upgrade-samba-winbind-krb5-locator redhat-upgrade-samba-winbind-krb5-locator-debuginfo redhat-upgrade-samba-winbind-modules redhat-upgrade-samba-winbind-modules-debuginfo redhat-upgrade-samba-winexe redhat-upgrade-samba-winexe-debuginfo References CVE-2023-34968 RHSA-2023:6667 RHSA-2023:7139 RHSA-2024:0423 RHSA-2024:0580