ISHACK AI BOT

CentOS Linux: CVE-2023-2952: Moderate: wireshark security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file Solution(s) centos-upgrade-wireshark centos-upgrade-wireshark-cli centos-upgrade-wireshark-cli-debuginfo centos-upgrade-wireshark-debuginfo centos-upgrade-wireshark-debugsource References DSA-5429 CVE-2023-2952

Gentoo Linux: CVE-2023-2952: Wireshark: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/30/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file Solution(s) gentoo-linux-upgrade-net-analyzer-wireshark References https://attackerkb.com/topics/cve-2023-2952 CVE - 2023-2952 202309-02

Debian: CVE-2023-2941: chromium -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2941 CVE - 2023-2941 DSA-5418-1

Debian: CVE-2023-2940: chromium -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/30/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-2940 CVE - 2023-2940 DSA-5418-1

MediaWiki: Incorrect Permission Assignment for Critical Resource (CVE-2022-41766) Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 05/29/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed). Solution(s) mediawiki-upgrade-1_35_8 mediawiki-upgrade-1_37_5 mediawiki-upgrade-1_38_3 References https://attackerkb.com/topics/cve-2022-41766 CVE - 2022-41766 https://phabricator.wikimedia.org/T307278

Oracle Linux: CVE-2023-35788: ELSA-2023-4377:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/29/2023 Created 08/04/2023 Added 08/03/2023 Modified 12/06/2024 Description An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-35788 CVE - 2023-35788 ELSA-2023-4377 ELSA-2023-5244 ELSA-2023-4819

Oracle Linux: CVE-2023-2953: ELSA-2024-4264:openldap security update (LOW) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 05/29/2023 Created 07/04/2024 Added 07/03/2024 Modified 11/22/2024 Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication. Solution(s) oracle-linux-upgrade-openldap oracle-linux-upgrade-openldap-clients oracle-linux-upgrade-openldap-devel oracle-linux-upgrade-openldap-servers References https://attackerkb.com/topics/cve-2023-2953 CVE - 2023-2953 ELSA-2024-4264

Debian: CVE-2023-2253: docker-registry -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/29/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/28/2025 Description A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution, which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n,` causing the allocation of a massive string array, possibly causing a denial of service through excessive use of memory. Solution(s) debian-upgrade-docker-registry References https://attackerkb.com/topics/cve-2023-2253 CVE - 2023-2253 DSA-5414-1

Debian: CVE-2019-19791: lemonldap-ng -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/29/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive. Solution(s) debian-upgrade-lemonldap-ng References https://attackerkb.com/topics/cve-2019-19791 CVE - 2019-19791

Amazon Linux 2023: CVE-2023-2953: Medium priority package update for openldap Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 05/29/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. A vulnerability was found in OpenLDAP, in ber_memalloc_x() function, leading to a null pointer dereference. This flaw can result in reduced system memory and cause LDAP authentication failures. The impact is primarily a disruption in authentication processes, which may hinder user access or service operations relying on LDAP for authentication. Solution(s) amazon-linux-2023-upgrade-openldap amazon-linux-2023-upgrade-openldap-clients amazon-linux-2023-upgrade-openldap-clients-debuginfo amazon-linux-2023-upgrade-openldap-compat amazon-linux-2023-upgrade-openldap-compat-debuginfo amazon-linux-2023-upgrade-openldap-debuginfo amazon-linux-2023-upgrade-openldap-debugsource amazon-linux-2023-upgrade-openldap-devel amazon-linux-2023-upgrade-openldap-servers amazon-linux-2023-upgrade-openldap-servers-debuginfo References https://attackerkb.com/topics/cve-2023-2953 CVE - 2023-2953 https://alas.aws.amazon.com/AL2023/ALAS-2023-219.html

Red Hat OpenShift: CVE-2023-30570: libreswan: Malicious IKEv1 Aggressive Mode packets can crash libreswan Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/29/2023 Created 01/11/2025 Added 01/10/2025 Modified 01/28/2025 Description pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. Solution(s) linuxrpm-upgrade-libreswan References https://attackerkb.com/topics/cve-2023-30570 CVE - 2023-30570 RHSA-2023:2120 RHSA-2023:2121 RHSA-2023:2122 RHSA-2023:2123 RHSA-2023:2124 RHSA-2023:2125 RHSA-2023:2126 View more

Amazon Linux 2023: CVE-2023-34151: Medium priority package update for ImageMagick Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 05/29/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). A vulnerability was found in ImageMagick. This issue occurs as an undefined behavior, casting double to size_t in svg, mvg and other coders. Solution(s) amazon-linux-2023-upgrade-imagemagick amazon-linux-2023-upgrade-imagemagick-c amazon-linux-2023-upgrade-imagemagick-c-debuginfo amazon-linux-2023-upgrade-imagemagick-c-devel amazon-linux-2023-upgrade-imagemagick-debuginfo amazon-linux-2023-upgrade-imagemagick-debugsource amazon-linux-2023-upgrade-imagemagick-devel amazon-linux-2023-upgrade-imagemagick-doc amazon-linux-2023-upgrade-imagemagick-libs amazon-linux-2023-upgrade-imagemagick-libs-debuginfo amazon-linux-2023-upgrade-imagemagick-perl amazon-linux-2023-upgrade-imagemagick-perl-debuginfo References https://attackerkb.com/topics/cve-2023-34151 CVE - 2023-34151 https://alas.aws.amazon.com/AL2023/ALAS-2023-301.html

Debian: CVE-2023-30570: libreswan -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/29/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. Solution(s) debian-upgrade-libreswan References https://attackerkb.com/topics/cve-2023-30570 CVE - 2023-30570

Amazon Linux 2023: CVE-2023-35788: Important priority package update for kernel Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/29/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. A flaw was found in the TC flower classifier (cls_flower) in the Networking subsystem of the Linux kernel. This issue occurs when sending two TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets with a total size of 252 bytes, which results in an out-of-bounds write when the third packet enters fl_set_geneve_opt, potentially leading to a denial of service or privilege escalation. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-34-56-100 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2023-35788 CVE - 2023-35788 https://alas.aws.amazon.com/AL2023/ALAS-2023-228.html

Rocky Linux: CVE-2023-30570: libreswan (RLSA-2023-3107) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/29/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. Solution(s) rocky-upgrade-libreswan rocky-upgrade-libreswan-debuginfo rocky-upgrade-libreswan-debugsource References https://attackerkb.com/topics/cve-2023-30570 CVE - 2023-30570 https://errata.rockylinux.org/RLSA-2023:3107

Amazon Linux AMI 2: CVE-2023-32762: Security patch for qt5-qtbase (ALAS-2023-2227) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 05/28/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. Solution(s) amazon-linux-ami-2-upgrade-qt5-qtbase amazon-linux-ami-2-upgrade-qt5-qtbase-common amazon-linux-ami-2-upgrade-qt5-qtbase-debuginfo amazon-linux-ami-2-upgrade-qt5-qtbase-devel amazon-linux-ami-2-upgrade-qt5-qtbase-doc amazon-linux-ami-2-upgrade-qt5-qtbase-examples amazon-linux-ami-2-upgrade-qt5-qtbase-gui amazon-linux-ami-2-upgrade-qt5-qtbase-mysql amazon-linux-ami-2-upgrade-qt5-qtbase-odbc amazon-linux-ami-2-upgrade-qt5-qtbase-postgresql amazon-linux-ami-2-upgrade-qt5-qtbase-static amazon-linux-ami-2-upgrade-qt5-rpm-macros References https://attackerkb.com/topics/cve-2023-32762 AL2/ALAS-2023-2227 CVE - 2023-32762

Debian: CVE-2023-32763: qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/28/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. Solution(s) debian-upgrade-qt6-base debian-upgrade-qtbase-opensource-src debian-upgrade-qtbase-opensource-src-gles References https://attackerkb.com/topics/cve-2023-32763 CVE - 2023-32763 DLA-3539-1

Alpine Linux: CVE-2023-33187: Cleartext Transmission of Sensitive Information Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 05/26/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `type="password"` inputs. A customer may assume that switching to `type="text"` would also not record this input; hence, they would not add additional `highlight-mask` css-class obfuscation to this part of the DOM, resulting in unintentional recording of a password value when a `Show Password` button is used. This issue was patched in version 6.0.0. This patch tracks changes to the `type` attribute of an input to ensure an input that used to be a `type="password"` continues to be obfuscated. Solution(s) alpine-linux-upgrade-highlight References https://attackerkb.com/topics/cve-2023-33187 CVE - 2023-33187 https://security.alpinelinux.org/vuln/CVE-2023-33187

Debian: CVE-2023-28320: curl -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. Solution(s) debian-upgrade-curl References https://attackerkb.com/topics/cve-2023-28320 CVE - 2023-28320

Debian: CVE-2023-28319: curl -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/26/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. Solution(s) debian-upgrade-curl References https://attackerkb.com/topics/cve-2023-28319 CVE - 2023-28319

Debian: CVE-2023-28321: curl -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/26/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/30/2025 Description An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. Solution(s) debian-upgrade-curl References https://attackerkb.com/topics/cve-2023-28321 CVE - 2023-28321 DLA-3613-1

Debian: CVE-2023-28322: curl -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 05/26/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. Solution(s) debian-upgrade-curl References https://attackerkb.com/topics/cve-2023-28322 CVE - 2023-28322 DLA-3692-1

OS X update for curl (CVE-2023-28320) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 07/25/2023 Added 07/25/2023 Modified 01/28/2025 Description A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. Solution(s) apple-osx-upgrade-11_7_9 apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-28320 CVE - 2023-28320 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845

Rocky Linux: CVE-2023-32681: Satellite-6.14 (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 05/26/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. Solution(s) rocky-upgrade-libdb-cxx rocky-upgrade-libdb-cxx-debuginfo rocky-upgrade-libdb-debuginfo rocky-upgrade-libdb-debugsource rocky-upgrade-libdb-sql-debuginfo rocky-upgrade-libdb-sql-devel-debuginfo rocky-upgrade-libdb-utils-debuginfo References https://attackerkb.com/topics/cve-2023-32681 CVE - 2023-32681 https://errata.rockylinux.org/RLSA-2023:4520 https://errata.rockylinux.org/RLSA-2023:6818

SUSE: CVE-2023-33199: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 05/26/2023 Created 06/21/2023 Added 06/20/2023 Modified 01/28/2025 Description Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) suse-upgrade-rekor References https://attackerkb.com/topics/cve-2023-33199 CVE - 2023-33199