ISHACK AI BOT

Ubuntu: USN-6283-1 (CVE-2023-35826): Linux kernel vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 06/18/2023 Created 08/14/2023 Added 08/14/2023 Modified 01/28/2025 Description An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. Solution(s) ubuntu-upgrade-linux-image-6-2-0-1007-ibm ubuntu-upgrade-linux-image-6-2-0-1009-aws ubuntu-upgrade-linux-image-6-2-0-1009-azure ubuntu-upgrade-linux-image-6-2-0-1009-oracle ubuntu-upgrade-linux-image-6-2-0-1010-kvm ubuntu-upgrade-linux-image-6-2-0-1010-lowlatency ubuntu-upgrade-linux-image-6-2-0-1010-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1010-raspi ubuntu-upgrade-linux-image-6-2-0-1011-gcp ubuntu-upgrade-linux-image-6-2-0-27-generic ubuntu-upgrade-linux-image-6-2-0-27-generic-64k ubuntu-upgrade-linux-image-6-2-0-27-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual References https://attackerkb.com/topics/cve-2023-35826 CVE - 2023-35826 USN-6283-1

Huawei EulerOS: CVE-2023-35824: kernel security update Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 06/18/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. Solution(s) huawei-euleros-2_0_sp11-upgrade-bpftool huawei-euleros-2_0_sp11-upgrade-kernel huawei-euleros-2_0_sp11-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp11-upgrade-kernel-tools huawei-euleros-2_0_sp11-upgrade-kernel-tools-libs huawei-euleros-2_0_sp11-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-35824 CVE - 2023-35824 EulerOS-SA-2023-2860

Red Hat: CVE-2023-35823: kernel: saa7134: race condition leading to use-after-free in saa7134_finidev() (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 06/18/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-35823 RHSA-2023:6901 RHSA-2023:7077 RHSA-2024:0412 RHSA-2024:0575

Amazon Linux 2023: CVE-2023-4641: Low priority package update for shadow-utils Severity 4 CVSS (AV:L/AC:H/Au:S/C:C/I:N/A:N) Published 06/17/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. Solution(s) amazon-linux-2023-upgrade-shadow-utils amazon-linux-2023-upgrade-shadow-utils-debuginfo amazon-linux-2023-upgrade-shadow-utils-debugsource amazon-linux-2023-upgrade-shadow-utils-subid amazon-linux-2023-upgrade-shadow-utils-subid-debuginfo amazon-linux-2023-upgrade-shadow-utils-subid-devel References https://attackerkb.com/topics/cve-2023-4641 CVE - 2023-4641 https://alas.aws.amazon.com/AL2023/ALAS-2023-450.html

Oracle Linux: CVE-2023-4641: ELSA-2023-7112:shadow-utils security and bug fix update (LOW) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:S/C:C/I:N/A:N) Published 06/17/2023 Created 05/22/2024 Added 05/21/2024 Modified 12/03/2024 Description A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. Solution(s) oracle-linux-upgrade-shadow-utils oracle-linux-upgrade-shadow-utils-subid oracle-linux-upgrade-shadow-utils-subid-devel References https://attackerkb.com/topics/cve-2023-4641 CVE - 2023-4641 ELSA-2023-7112 ELSA-2023-6632

VMware Photon OS: CVE-2023-3268 Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-3268 CVE - 2023-3268

Amazon Linux AMI 2: CVE-2023-3195: Security patch for ImageMagick (ALAS-2023-2128) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 06/16/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/30/2025 Description A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. Solution(s) amazon-linux-ami-2-upgrade-imagemagick amazon-linux-ami-2-upgrade-imagemagick-c amazon-linux-ami-2-upgrade-imagemagick-c-devel amazon-linux-ami-2-upgrade-imagemagick-debuginfo amazon-linux-ami-2-upgrade-imagemagick-devel amazon-linux-ami-2-upgrade-imagemagick-doc amazon-linux-ami-2-upgrade-imagemagick-perl References https://attackerkb.com/topics/cve-2023-3195 AL2/ALAS-2023-2128 CVE - 2023-3195

Red Hat: CVE-2023-35789: rabbitmq-c/librabbitmq: Insecure credentials submission (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 06/16/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. Solution(s) redhat-upgrade-librabbitmq redhat-upgrade-librabbitmq-debuginfo redhat-upgrade-librabbitmq-debugsource redhat-upgrade-librabbitmq-devel redhat-upgrade-librabbitmq-tools redhat-upgrade-librabbitmq-tools-debuginfo References CVE-2023-35789 RHSA-2023:6482 RHSA-2023:7150

VMware Photon OS: CVE-2023-35788 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/16/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-35788 CVE - 2023-35788

Alma Linux: CVE-2023-35788: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/16/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla References https://attackerkb.com/topics/cve-2023-35788 CVE - 2023-35788 https://errata.almalinux.org/8/ALSA-2023-5244.html https://errata.almalinux.org/9/ALSA-2023-4377.html https://errata.almalinux.org/9/ALSA-2023-4378.html

Huawei EulerOS: CVE-2023-35788: kernel security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/16/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-35788 CVE - 2023-35788 EulerOS-SA-2023-2614

Huawei EulerOS: CVE-2023-3268: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/16/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. Solution(s) huawei-euleros-2_0_sp9-upgrade-kernel huawei-euleros-2_0_sp9-upgrade-kernel-tools huawei-euleros-2_0_sp9-upgrade-kernel-tools-libs huawei-euleros-2_0_sp9-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3268 CVE - 2023-3268 EulerOS-SA-2023-2614

Huawei EulerOS: CVE-2023-3268: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/16/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-3268 CVE - 2023-3268 EulerOS-SA-2023-3132

Rudder Server SQLI Remote Code Execution Disclosed 06/16/2023 Created 07/31/2023 Description This Metasploit module exploits a SQL injection vulnerability in RudderStack's rudder-server, an open source Customer Data Platform (CDP). The vulnerability exists in versions of rudder-server prior to 1.3.0-rc.1. By exploiting this flaw, an attacker can execute arbitrary SQL commands, which may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgreSQL having superuser permissions by default. Author(s) Ege Balcı <[email protected]> Platform Linux,Unix Architectures cmd, x86, x64 Development Source Code History

Ubuntu: (Multiple Advisories) (CVE-2023-3268): Linux kernel vulnerabilities Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/16/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1068-dell300x ubuntu-upgrade-linux-image-4-15-0-1122-oracle ubuntu-upgrade-linux-image-4-15-0-1143-kvm ubuntu-upgrade-linux-image-4-15-0-1153-gcp ubuntu-upgrade-linux-image-4-15-0-1153-snapdragon ubuntu-upgrade-linux-image-4-15-0-1159-aws ubuntu-upgrade-linux-image-4-15-0-1168-azure ubuntu-upgrade-linux-image-4-15-0-214-generic ubuntu-upgrade-linux-image-4-15-0-214-generic-lpae ubuntu-upgrade-linux-image-4-15-0-214-lowlatency ubuntu-upgrade-linux-image-4-4-0-1121-aws ubuntu-upgrade-linux-image-4-4-0-1122-kvm ubuntu-upgrade-linux-image-4-4-0-1159-aws ubuntu-upgrade-linux-image-4-4-0-243-generic ubuntu-upgrade-linux-image-4-4-0-243-lowlatency ubuntu-upgrade-linux-image-5-15-0-1025-gkeop ubuntu-upgrade-linux-image-5-15-0-1030-nvidia ubuntu-upgrade-linux-image-5-15-0-1030-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1035-ibm ubuntu-upgrade-linux-image-5-15-0-1035-raspi ubuntu-upgrade-linux-image-5-15-0-1037-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1039-gcp ubuntu-upgrade-linux-image-5-15-0-1039-gke ubuntu-upgrade-linux-image-5-15-0-1039-kvm ubuntu-upgrade-linux-image-5-15-0-1040-oracle ubuntu-upgrade-linux-image-5-15-0-1041-aws ubuntu-upgrade-linux-image-5-15-0-1042-aws ubuntu-upgrade-linux-image-5-15-0-1043-azure-fde ubuntu-upgrade-linux-image-5-15-0-1045-azure ubuntu-upgrade-linux-image-5-15-0-1045-azure-fde ubuntu-upgrade-linux-image-5-15-0-79-generic ubuntu-upgrade-linux-image-5-15-0-79-generic-64k ubuntu-upgrade-linux-image-5-15-0-79-generic-lpae ubuntu-upgrade-linux-image-5-15-0-79-lowlatency ubuntu-upgrade-linux-image-5-15-0-79-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1021-iot ubuntu-upgrade-linux-image-5-4-0-1029-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1056-ibm ubuntu-upgrade-linux-image-5-4-0-1070-bluefield ubuntu-upgrade-linux-image-5-4-0-1076-gkeop ubuntu-upgrade-linux-image-5-4-0-1093-raspi ubuntu-upgrade-linux-image-5-4-0-1098-kvm ubuntu-upgrade-linux-image-5-4-0-1108-oracle ubuntu-upgrade-linux-image-5-4-0-1109-aws ubuntu-upgrade-linux-image-5-4-0-1112-gcp ubuntu-upgrade-linux-image-5-4-0-1115-azure ubuntu-upgrade-linux-image-5-4-0-162-generic ubuntu-upgrade-linux-image-5-4-0-162-generic-lpae ubuntu-upgrade-linux-image-5-4-0-162-lowlatency ubuntu-upgrade-linux-image-6-2-0-1007-ibm ubuntu-upgrade-linux-image-6-2-0-1009-aws ubuntu-upgrade-linux-image-6-2-0-1009-azure ubuntu-upgrade-linux-image-6-2-0-1009-oracle ubuntu-upgrade-linux-image-6-2-0-1010-kvm ubuntu-upgrade-linux-image-6-2-0-1010-lowlatency ubuntu-upgrade-linux-image-6-2-0-1010-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1010-raspi ubuntu-upgrade-linux-image-6-2-0-1011-gcp ubuntu-upgrade-linux-image-6-2-0-27-generic ubuntu-upgrade-linux-image-6-2-0-27-generic-64k ubuntu-upgrade-linux-image-6-2-0-27-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-dell300x ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-raspi2-hwe-18-04 ubuntu-upgrade-linux-image-snapdragon ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-3268 CVE - 2023-3268 DSA-5448 DSA-5480 USN-6252-1 USN-6254-1 USN-6283-1 USN-6300-1 USN-6311-1 USN-6332-1 USN-6340-1 USN-6340-2 USN-6347-1 USN-6349-1 USN-6357-1 USN-6397-1 View more

Ubuntu: (Multiple Advisories) (CVE-2023-35788): Linux kernel vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/16/2023 Created 06/30/2023 Added 06/30/2023 Modified 01/28/2025 Description An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1023-gkeop ubuntu-upgrade-linux-image-5-15-0-1028-nvidia ubuntu-upgrade-linux-image-5-15-0-1028-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1033-ibm ubuntu-upgrade-linux-image-5-15-0-1033-raspi ubuntu-upgrade-linux-image-5-15-0-1033-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1034-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1037-gcp ubuntu-upgrade-linux-image-5-15-0-1037-gke ubuntu-upgrade-linux-image-5-15-0-1037-kvm ubuntu-upgrade-linux-image-5-15-0-1038-oracle ubuntu-upgrade-linux-image-5-15-0-1039-aws ubuntu-upgrade-linux-image-5-15-0-1041-azure ubuntu-upgrade-linux-image-5-15-0-1041-azure-fde ubuntu-upgrade-linux-image-5-15-0-76-generic ubuntu-upgrade-linux-image-5-15-0-76-generic-64k ubuntu-upgrade-linux-image-5-15-0-76-generic-lpae ubuntu-upgrade-linux-image-5-15-0-76-lowlatency ubuntu-upgrade-linux-image-5-15-0-76-lowlatency-64k ubuntu-upgrade-linux-image-5-17-0-1034-oem ubuntu-upgrade-linux-image-5-19-0-1015-allwinner ubuntu-upgrade-linux-image-5-19-0-1020-starfive ubuntu-upgrade-linux-image-5-19-0-1022-raspi ubuntu-upgrade-linux-image-5-19-0-1022-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1025-ibm ubuntu-upgrade-linux-image-5-19-0-1026-kvm ubuntu-upgrade-linux-image-5-19-0-1026-oracle ubuntu-upgrade-linux-image-5-19-0-1027-gcp ubuntu-upgrade-linux-image-5-19-0-1028-aws ubuntu-upgrade-linux-image-5-19-0-1028-lowlatency ubuntu-upgrade-linux-image-5-19-0-1028-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1029-azure ubuntu-upgrade-linux-image-5-19-0-46-generic ubuntu-upgrade-linux-image-5-19-0-46-generic-64k ubuntu-upgrade-linux-image-5-19-0-46-generic-lpae ubuntu-upgrade-linux-image-5-4-0-1017-iot ubuntu-upgrade-linux-image-5-4-0-1025-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1052-ibm ubuntu-upgrade-linux-image-5-4-0-1066-bluefield ubuntu-upgrade-linux-image-5-4-0-1072-gkeop ubuntu-upgrade-linux-image-5-4-0-1089-raspi ubuntu-upgrade-linux-image-5-4-0-1094-kvm ubuntu-upgrade-linux-image-5-4-0-1103-gke ubuntu-upgrade-linux-image-5-4-0-1104-oracle ubuntu-upgrade-linux-image-5-4-0-1105-aws ubuntu-upgrade-linux-image-5-4-0-1108-gcp ubuntu-upgrade-linux-image-5-4-0-1111-azure ubuntu-upgrade-linux-image-5-4-0-153-generic ubuntu-upgrade-linux-image-5-4-0-153-generic-lpae ubuntu-upgrade-linux-image-5-4-0-153-lowlatency ubuntu-upgrade-linux-image-6-0-0-1019-oem ubuntu-upgrade-linux-image-6-1-0-1015-oem ubuntu-upgrade-linux-image-6-2-0-1004-ibm ubuntu-upgrade-linux-image-6-2-0-1006-aws ubuntu-upgrade-linux-image-6-2-0-1006-azure ubuntu-upgrade-linux-image-6-2-0-1006-oracle ubuntu-upgrade-linux-image-6-2-0-1007-kvm ubuntu-upgrade-linux-image-6-2-0-1007-lowlatency ubuntu-upgrade-linux-image-6-2-0-1007-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1007-raspi ubuntu-upgrade-linux-image-6-2-0-1007-raspi-nolpae ubuntu-upgrade-linux-image-6-2-0-1008-gcp ubuntu-upgrade-linux-image-6-2-0-24-generic ubuntu-upgrade-linux-image-6-2-0-24-generic-64k ubuntu-upgrade-linux-image-6-2-0-24-generic-lpae ubuntu-upgrade-linux-image-allwinner ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-18-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gke-5-4 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-raspi2-hwe-18-04 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-35788 CVE - 2023-35788 DSA-5448 DSA-5480 USN-6192-1 USN-6193-1 USN-6194-1 USN-6205-1 USN-6206-1 USN-6212-1 USN-6220-1 USN-6223-1 USN-6234-1 USN-6235-1 USN-6256-1 View more

Amazon Linux AMI 2: CVE-2023-3268: Security patch for kernel (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/16/2023 Created 06/30/2023 Added 06/30/2023 Modified 01/28/2025 Description An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-184-174-730 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-117-72-142 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-3268 AL2/ALASKERNEL-5.10-2023-034 AL2/ALASKERNEL-5.15-2023-021 AL2/ALASKERNEL-5.4-2023-047 CVE - 2023-3268

Amazon Linux AMI: CVE-2023-3195: Security patch for ImageMagick (ALAS-2023-1781) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 06/16/2023 Created 07/21/2023 Added 07/20/2023 Modified 01/28/2025 Description A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service. Solution(s) amazon-linux-upgrade-imagemagick References ALAS-2023-1781 CVE-2023-3195

Progress MOVEit Transfer Critical Vulnerability (CVE-2023-35708): Privilege Escalation (Remote) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 06/16/2023 Created 06/16/2023 Added 06/16/2023 Modified 10/31/2024 Description Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. Solution(s) progress-moveit-transfer-cve-2023-35708 References https://attackerkb.com/topics/cve-2023-35708 CVE - 2023-35708 https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023 https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/

Rocky Linux: CVE-2023-35788: kernel (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 06/16/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. Solution(s) rocky-upgrade-kernel-rt rocky-upgrade-kernel-rt-core rocky-upgrade-kernel-rt-debug rocky-upgrade-kernel-rt-debug-core rocky-upgrade-kernel-rt-debug-debuginfo rocky-upgrade-kernel-rt-debug-devel rocky-upgrade-kernel-rt-debug-kvm rocky-upgrade-kernel-rt-debug-modules rocky-upgrade-kernel-rt-debug-modules-core rocky-upgrade-kernel-rt-debug-modules-extra rocky-upgrade-kernel-rt-debuginfo rocky-upgrade-kernel-rt-devel rocky-upgrade-kernel-rt-kvm rocky-upgrade-kernel-rt-modules rocky-upgrade-kernel-rt-modules-core rocky-upgrade-kernel-rt-modules-extra References https://attackerkb.com/topics/cve-2023-35788 CVE - 2023-35788 https://errata.rockylinux.org/RLSA-2023:4378 https://errata.rockylinux.org/RLSA-2023:5244

Oracle Linux: CVE-2023-35789: ELSA-2023-7150:librabbitmq security update (MODERATE) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:L/Au:N/C:P/I:P/A:N) Published 06/16/2023 Created 11/24/2023 Added 11/22/2023 Modified 01/07/2025 Description An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. A flaw was found in librabbitmq. This issue occurs because credentials can only be entered on the command line (for example, for amqp-publish or amqp-consume) and are visible to local attackers by listing a process and its arguments. Solution(s) oracle-linux-upgrade-librabbitmq oracle-linux-upgrade-librabbitmq-devel oracle-linux-upgrade-librabbitmq-tools References https://attackerkb.com/topics/cve-2023-35789 CVE - 2023-35789 ELSA-2023-7150 ELSA-2023-6482

Debian: CVE-2023-28204: webkit2gtk, wpewebkit -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 06/16/2023 Created 06/16/2023 Added 06/16/2023 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2023-28204 CVE - 2023-28204 DSA-5427-1

Debian: CVE-2023-32373: webkit2gtk, wpewebkit -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 06/16/2023 Created 06/16/2023 Added 06/16/2023 Modified 01/28/2025 Description A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) debian-upgrade-webkit2gtk debian-upgrade-wpewebkit References https://attackerkb.com/topics/cve-2023-32373 CVE - 2023-32373 DSA-5427-1

Debian: CVE-2023-3268: linux -- security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/16/2023 Created 07/31/2023 Added 07/31/2023 Modified 01/28/2025 Description An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-3268 CVE - 2023-3268 DLA-3508-1 DSA-5448 DSA-5448-1 DSA-5480

Huawei EulerOS: CVE-2023-3268: kernel security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 06/16/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs References https://attackerkb.com/topics/cve-2023-3268 CVE - 2023-3268 EulerOS-SA-2023-2811