ISHACK AI BOT

Huawei EulerOS: CVE-2022-40896: python-pygments security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/19/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. Solution(s) huawei-euleros-2_0_sp11-upgrade-python-pygments-help huawei-euleros-2_0_sp11-upgrade-python3-pygments References https://attackerkb.com/topics/cve-2022-40896 CVE - 2022-40896 EulerOS-SA-2023-3042

Huawei EulerOS: CVE-2023-3446: shim security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) huawei-euleros-2_0_sp11-upgrade-shim References https://attackerkb.com/topics/cve-2023-3446 CVE - 2023-3446 EulerOS-SA-2023-3044

SUSE: CVE-2023-32001: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:H/Au:N/C:P/I:P/A:P) Published 07/19/2023 Created 07/20/2023 Added 07/20/2023 Modified 01/28/2025 Description Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for. Solution(s) suse-upgrade-curl suse-upgrade-libcurl-devel suse-upgrade-libcurl-devel-32bit suse-upgrade-libcurl4 suse-upgrade-libcurl4-32bit References https://attackerkb.com/topics/cve-2023-32001 CVE - 2023-32001

Google Chrome Vulnerability: CVE-2023-3735 Inappropriate implementation in Web API Permission Prompts Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 07/19/2023 Created 07/19/2023 Added 07/19/2023 Modified 01/28/2025 Description Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-3735 CVE - 2023-3735 https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html https://crbug.com/1394410

Oracle Linux: CVE-2023-34968: ELSA-2023-7139:samba security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 07/19/2023 Created 11/18/2023 Added 11/16/2023 Modified 12/05/2024 Description A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. Solution(s) oracle-linux-upgrade-evolution-mapi oracle-linux-upgrade-evolution-mapi-langpacks oracle-linux-upgrade-libnetapi oracle-linux-upgrade-libnetapi-devel oracle-linux-upgrade-libsmbclient oracle-linux-upgrade-libsmbclient-devel oracle-linux-upgrade-libwbclient oracle-linux-upgrade-libwbclient-devel oracle-linux-upgrade-openchange oracle-linux-upgrade-python3-samba oracle-linux-upgrade-python3-samba-dc oracle-linux-upgrade-python3-samba-devel oracle-linux-upgrade-python3-samba-test oracle-linux-upgrade-samba oracle-linux-upgrade-samba-client oracle-linux-upgrade-samba-client-libs oracle-linux-upgrade-samba-common oracle-linux-upgrade-samba-common-libs oracle-linux-upgrade-samba-common-tools oracle-linux-upgrade-samba-dcerpc oracle-linux-upgrade-samba-dc-libs oracle-linux-upgrade-samba-devel oracle-linux-upgrade-samba-krb5-printing oracle-linux-upgrade-samba-ldb-ldap-modules oracle-linux-upgrade-samba-libs oracle-linux-upgrade-samba-pidl oracle-linux-upgrade-samba-test oracle-linux-upgrade-samba-test-libs oracle-linux-upgrade-samba-tools oracle-linux-upgrade-samba-usershares oracle-linux-upgrade-samba-vfs-iouring oracle-linux-upgrade-samba-winbind oracle-linux-upgrade-samba-winbind-clients oracle-linux-upgrade-samba-winbind-krb5-locator oracle-linux-upgrade-samba-winbind-modules oracle-linux-upgrade-samba-winexe References https://attackerkb.com/topics/cve-2023-34968 CVE - 2023-34968 ELSA-2023-7139 ELSA-2023-6667

Oracle Linux: CVE-2023-34967: ELSA-2023-7139:samba security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 11/18/2023 Added 11/16/2023 Modified 12/05/2024 Description A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves. Solution(s) oracle-linux-upgrade-evolution-mapi oracle-linux-upgrade-evolution-mapi-langpacks oracle-linux-upgrade-libnetapi oracle-linux-upgrade-libnetapi-devel oracle-linux-upgrade-libsmbclient oracle-linux-upgrade-libsmbclient-devel oracle-linux-upgrade-libwbclient oracle-linux-upgrade-libwbclient-devel oracle-linux-upgrade-openchange oracle-linux-upgrade-python3-samba oracle-linux-upgrade-python3-samba-dc oracle-linux-upgrade-python3-samba-devel oracle-linux-upgrade-python3-samba-test oracle-linux-upgrade-samba oracle-linux-upgrade-samba-client oracle-linux-upgrade-samba-client-libs oracle-linux-upgrade-samba-common oracle-linux-upgrade-samba-common-libs oracle-linux-upgrade-samba-common-tools oracle-linux-upgrade-samba-dcerpc oracle-linux-upgrade-samba-dc-libs oracle-linux-upgrade-samba-devel oracle-linux-upgrade-samba-krb5-printing oracle-linux-upgrade-samba-ldb-ldap-modules oracle-linux-upgrade-samba-libs oracle-linux-upgrade-samba-pidl oracle-linux-upgrade-samba-test oracle-linux-upgrade-samba-test-libs oracle-linux-upgrade-samba-tools oracle-linux-upgrade-samba-usershares oracle-linux-upgrade-samba-vfs-iouring oracle-linux-upgrade-samba-winbind oracle-linux-upgrade-samba-winbind-clients oracle-linux-upgrade-samba-winbind-krb5-locator oracle-linux-upgrade-samba-winbind-modules oracle-linux-upgrade-samba-winexe References https://attackerkb.com/topics/cve-2023-34967 CVE - 2023-34967 ELSA-2023-7139 ELSA-2023-6667

Oracle Linux: CVE-2023-4004: ELSA-2023-5069:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/19/2023 Created 09/18/2023 Added 09/15/2023 Modified 12/06/2024 Description A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-4004 CVE - 2023-4004 ELSA-2023-5069 ELSA-2023-5244

Google Chrome Vulnerability: CVE-2023-3730 Use after free in Tab Groups Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/19/2023 Created 07/19/2023 Added 07/19/2023 Modified 01/28/2025 Description Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-3730 CVE - 2023-3730 https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html https://crbug.com/1453465

Google Chrome Vulnerability: CVE-2023-3740 Insufficient validation of untrusted input in Themes Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 07/19/2023 Created 07/19/2023 Added 07/19/2023 Modified 01/28/2025 Description Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-3740 CVE - 2023-3740 https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html https://crbug.com/1405223

Google Chrome Vulnerability: CVE-2023-3728 Use after free in WebRTC Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/19/2023 Created 07/19/2023 Added 07/19/2023 Modified 01/28/2025 Description Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-3728 CVE - 2023-3728 https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html https://crbug.com/1457421

Alma Linux: CVE-2023-3674: Low: keylime security update (ALSA-2024-1139) Severity 2 CVSS (AV:L/AC:M/Au:S/C:N/I:P/A:N) Published 07/19/2023 Created 03/09/2024 Added 03/08/2024 Modified 01/30/2025 Description A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted. Solution(s) alma-upgrade-keylime alma-upgrade-keylime-base alma-upgrade-keylime-registrar alma-upgrade-keylime-selinux alma-upgrade-keylime-tenant alma-upgrade-keylime-verifier alma-upgrade-python3-keylime References https://attackerkb.com/topics/cve-2023-3674 CVE - 2023-3674 https://errata.almalinux.org/9/ALSA-2024-1139.html

Google Chrome Vulnerability: CVE-2023-3732 Out of bounds memory access in Mojo Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/19/2023 Created 07/19/2023 Added 07/19/2023 Modified 01/28/2025 Description Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-3732 CVE - 2023-3732 https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html https://crbug.com/1450899

Google Chrome Vulnerability: CVE-2023-3734 Inappropriate implementation in Picture In Picture Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 07/19/2023 Created 07/19/2023 Added 07/19/2023 Modified 01/28/2025 Description Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-3734 CVE - 2023-3734 https://chromereleases.googleblog.com/2023/07/stable-channel-update-for-desktop.html https://crbug.com/1450376

Foxit Reader: Unspecified Security Vulnerability (CVE-2023-28744) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/19/2023 Created 07/28/2023 Added 07/28/2023 Modified 01/30/2025 Description A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. Solution(s) foxit-reader-upgrade-latest References https://attackerkb.com/topics/cve-2023-28744 CVE - 2023-28744 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1739

Amazon Linux 2023: CVE-2023-3446: Medium priority package update for openssl Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service. Solution(s) amazon-linux-2023-upgrade-openssl amazon-linux-2023-upgrade-openssl-debuginfo amazon-linux-2023-upgrade-openssl-debugsource amazon-linux-2023-upgrade-openssl-devel amazon-linux-2023-upgrade-openssl-libs amazon-linux-2023-upgrade-openssl-libs-debuginfo amazon-linux-2023-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-3446 CVE - 2023-3446 https://alas.aws.amazon.com/AL2023/ALAS-2023-306.html

Ubuntu: USN-7128-1 (CVE-2022-40896): Pygments vulnerability Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 07/19/2023 Created 11/28/2024 Added 11/27/2024 Modified 01/28/2025 Description A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer. Solution(s) ubuntu-upgrade-python3-pygments References https://attackerkb.com/topics/cve-2022-40896 CVE - 2022-40896 USN-7128-1

Rapid7 Insight Agent: CVE-2023-3446: Inefficient Regular Expression Complexity Severity 1 CVSS (AV:L/AC:H/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 03/20/2024 Added 03/19/2024 Modified 04/23/2024 Description Rapid7 Insight Agent versions below 4.0.6.14 suffer from a Inefficient Regular Expression Complexity vulnerability. Solution(s) rapid7-insightagent-cve-2023-3446 References https://attackerkb.com/topics/cve-2023-3446 CVE - 2023-3446 https://docs.rapid7.com/release-notes/insightagent/20240314/

Alma Linux: CVE-2023-3446: Low: openssl security update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 12/22/2023 Added 12/21/2023 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) alma-upgrade-edk2-aarch64 alma-upgrade-edk2-ovmf alma-upgrade-edk2-tools alma-upgrade-edk2-tools-doc alma-upgrade-openssl alma-upgrade-openssl-devel alma-upgrade-openssl-libs alma-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-3446 CVE - 2023-3446 https://errata.almalinux.org/8/ALSA-2023-7877.html https://errata.almalinux.org/8/ALSA-2024-0888.html https://errata.almalinux.org/9/ALSA-2024-2264.html https://errata.almalinux.org/9/ALSA-2024-2447.html

Huawei EulerOS: CVE-2023-3446: shim security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 07/02/2024 Added 07/01/2024 Modified 01/30/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) huawei-euleros-2_0_sp12-upgrade-shim References https://attackerkb.com/topics/cve-2023-3446 CVE - 2023-3446 EulerOS-SA-2024-1876

FreeBSD: VID-441E1E1A-27A5-11EE-A156-080027F5FEC9 (CVE-2023-3347): samba -- multiple vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 07/19/2023 Created 08/09/2023 Added 08/06/2023 Modified 01/28/2025 Description A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. Solution(s) freebsd-upgrade-package-samba413 freebsd-upgrade-package-samba416 References CVE-2023-3347

Foxit Reader: Unspecified Security Vulnerability (CVE-2023-27379) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 07/19/2023 Created 07/28/2023 Added 07/28/2023 Modified 01/28/2025 Description A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. Solution(s) foxit-reader-upgrade-latest References https://attackerkb.com/topics/cve-2023-27379 CVE - 2023-27379 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1756 https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1756

FreeBSD: VID-441E1E1A-27A5-11EE-A156-080027F5FEC9 (CVE-2023-34966): samba -- multiple vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 07/19/2023 Created 08/09/2023 Added 08/06/2023 Modified 01/28/2025 Description An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition. Solution(s) freebsd-upgrade-package-samba413 freebsd-upgrade-package-samba416 References CVE-2023-34966

Amazon Linux 2023: CVE-2023-3347: Important priority package update for samba Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:C/A:N) Published 07/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. Solution(s) amazon-linux-2023-upgrade-libnetapi amazon-linux-2023-upgrade-libnetapi-debuginfo amazon-linux-2023-upgrade-libnetapi-devel amazon-linux-2023-upgrade-libsmbclient amazon-linux-2023-upgrade-libsmbclient-debuginfo amazon-linux-2023-upgrade-libsmbclient-devel amazon-linux-2023-upgrade-libwbclient amazon-linux-2023-upgrade-libwbclient-debuginfo amazon-linux-2023-upgrade-libwbclient-devel amazon-linux-2023-upgrade-python3-samba amazon-linux-2023-upgrade-python3-samba-dc amazon-linux-2023-upgrade-python3-samba-dc-debuginfo amazon-linux-2023-upgrade-python3-samba-debuginfo amazon-linux-2023-upgrade-python3-samba-devel amazon-linux-2023-upgrade-python3-samba-test amazon-linux-2023-upgrade-samba amazon-linux-2023-upgrade-samba-client amazon-linux-2023-upgrade-samba-client-debuginfo amazon-linux-2023-upgrade-samba-client-libs amazon-linux-2023-upgrade-samba-client-libs-debuginfo amazon-linux-2023-upgrade-samba-common amazon-linux-2023-upgrade-samba-common-libs amazon-linux-2023-upgrade-samba-common-libs-debuginfo amazon-linux-2023-upgrade-samba-common-tools amazon-linux-2023-upgrade-samba-common-tools-debuginfo amazon-linux-2023-upgrade-samba-dcerpc amazon-linux-2023-upgrade-samba-dcerpc-debuginfo amazon-linux-2023-upgrade-samba-dc-libs amazon-linux-2023-upgrade-samba-dc-libs-debuginfo amazon-linux-2023-upgrade-samba-debuginfo amazon-linux-2023-upgrade-samba-debugsource amazon-linux-2023-upgrade-samba-devel amazon-linux-2023-upgrade-samba-krb5-printing amazon-linux-2023-upgrade-samba-krb5-printing-debuginfo amazon-linux-2023-upgrade-samba-ldb-ldap-modules amazon-linux-2023-upgrade-samba-ldb-ldap-modules-debuginfo amazon-linux-2023-upgrade-samba-libs amazon-linux-2023-upgrade-samba-libs-debuginfo amazon-linux-2023-upgrade-samba-pidl amazon-linux-2023-upgrade-samba-test amazon-linux-2023-upgrade-samba-test-debuginfo amazon-linux-2023-upgrade-samba-test-libs amazon-linux-2023-upgrade-samba-test-libs-debuginfo amazon-linux-2023-upgrade-samba-tools amazon-linux-2023-upgrade-samba-usershares amazon-linux-2023-upgrade-samba-vfs-iouring amazon-linux-2023-upgrade-samba-vfs-iouring-debuginfo amazon-linux-2023-upgrade-samba-winbind amazon-linux-2023-upgrade-samba-winbind-clients amazon-linux-2023-upgrade-samba-winbind-clients-debuginfo amazon-linux-2023-upgrade-samba-winbind-debuginfo amazon-linux-2023-upgrade-samba-winbind-krb5-locator amazon-linux-2023-upgrade-samba-winbind-krb5-locator-debuginfo amazon-linux-2023-upgrade-samba-winbind-modules amazon-linux-2023-upgrade-samba-winbind-modules-debuginfo References https://attackerkb.com/topics/cve-2023-3347 CVE - 2023-3347 https://alas.aws.amazon.com/AL2023/ALAS-2023-316.html

SUSE: CVE-2023-3446: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 07/26/2023 Added 07/26/2023 Modified 01/28/2025 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) suse-upgrade-libopenssl-1_0_0-devel suse-upgrade-libopenssl-1_0_0-devel-32bit suse-upgrade-libopenssl-1_1-devel suse-upgrade-libopenssl-1_1-devel-32bit suse-upgrade-libopenssl-3-devel suse-upgrade-libopenssl-3-devel-32bit suse-upgrade-libopenssl-devel suse-upgrade-libopenssl0_9_8 suse-upgrade-libopenssl0_9_8-32bit suse-upgrade-libopenssl0_9_8-hmac suse-upgrade-libopenssl0_9_8-hmac-32bit suse-upgrade-libopenssl1-devel suse-upgrade-libopenssl10 suse-upgrade-libopenssl1_0_0 suse-upgrade-libopenssl1_0_0-32bit suse-upgrade-libopenssl1_0_0-hmac suse-upgrade-libopenssl1_0_0-hmac-32bit suse-upgrade-libopenssl1_0_0-steam suse-upgrade-libopenssl1_0_0-steam-32bit suse-upgrade-libopenssl1_1 suse-upgrade-libopenssl1_1-32bit suse-upgrade-libopenssl1_1-hmac suse-upgrade-libopenssl1_1-hmac-32bit suse-upgrade-libopenssl3 suse-upgrade-libopenssl3-32bit suse-upgrade-openssl suse-upgrade-openssl-1_0_0 suse-upgrade-openssl-1_0_0-cavs suse-upgrade-openssl-1_0_0-doc suse-upgrade-openssl-1_1 suse-upgrade-openssl-1_1-doc suse-upgrade-openssl-3 suse-upgrade-openssl-3-doc suse-upgrade-openssl-doc suse-upgrade-openssl1 suse-upgrade-openssl1-doc References https://attackerkb.com/topics/cve-2023-3446 CVE - 2023-3446

Red Hat: CVE-2023-3446: openssl: Excessive time spent checking DH keys and parameters (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 07/19/2023 Created 12/21/2023 Added 12/20/2023 Modified 09/13/2024 Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) redhat-upgrade-edk2-aarch64 redhat-upgrade-edk2-debugsource redhat-upgrade-edk2-ovmf redhat-upgrade-edk2-tools redhat-upgrade-edk2-tools-debuginfo redhat-upgrade-edk2-tools-doc redhat-upgrade-openssl redhat-upgrade-openssl-debuginfo redhat-upgrade-openssl-debugsource redhat-upgrade-openssl-devel redhat-upgrade-openssl-fips-provider redhat-upgrade-openssl-fips-provider-debuginfo redhat-upgrade-openssl-fips-provider-debugsource redhat-upgrade-openssl-libs redhat-upgrade-openssl-libs-debuginfo redhat-upgrade-openssl-perl References CVE-2023-3446 RHSA-2023:7877 RHSA-2024:0154 RHSA-2024:0208 RHSA-2024:0408 RHSA-2024:0888 RHSA-2024:1415 RHSA-2024:2264 RHSA-2024:2447 View more