ISHACK AI BOT

CentOS Linux: CVE-2023-2858: Moderate: wireshark security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file Solution(s) centos-upgrade-wireshark centos-upgrade-wireshark-cli centos-upgrade-wireshark-cli-debuginfo centos-upgrade-wireshark-debuginfo centos-upgrade-wireshark-debugsource References DSA-5429 CVE-2023-2858

Alpine Linux: CVE-2022-39335: Exposure of Sensitive Information to an Unauthorized Actor Severity 6 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:P) Published 05/26/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade. Solution(s) alpine-linux-upgrade-synapse References https://attackerkb.com/topics/cve-2022-39335 CVE - 2022-39335 https://security.alpinelinux.org/vuln/CVE-2022-39335

Alpine Linux: CVE-2023-28322: Vulnerability in Multiple Components Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 05/26/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2023-28322 CVE - 2023-28322 https://security.alpinelinux.org/vuln/CVE-2023-28322

Amazon Linux AMI 2: CVE-2023-28321: Security patch for curl (ALAS-2023-2230) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/26/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/30/2025 Description An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. Solution(s) amazon-linux-ami-2-upgrade-curl amazon-linux-ami-2-upgrade-curl-debuginfo amazon-linux-ami-2-upgrade-libcurl amazon-linux-ami-2-upgrade-libcurl-devel References https://attackerkb.com/topics/cve-2023-28321 AL2/ALAS-2023-2230 CVE - 2023-28321

Amazon Linux AMI 2: CVE-2023-28322: Security patch for curl (ALAS-2023-2230) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 05/26/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/28/2025 Description An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. Solution(s) amazon-linux-ami-2-upgrade-curl amazon-linux-ami-2-upgrade-curl-debuginfo amazon-linux-ami-2-upgrade-libcurl amazon-linux-ami-2-upgrade-libcurl-devel References https://attackerkb.com/topics/cve-2023-28322 AL2/ALAS-2023-2230 CVE - 2023-28322

Amazon Linux AMI 2: CVE-2023-32681: Security patch for python-requests, python3-requests (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 05/26/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. Solution(s) amazon-linux-ami-2-upgrade-python-requests amazon-linux-ami-2-upgrade-python3-requests References https://attackerkb.com/topics/cve-2023-32681 AL2/ALAS-2023-2110 AL2/ALAS-2023-2111 CVE - 2023-32681

Amazon Linux AMI 2: CVE-2023-28319: Security patch for curl (ALAS-2023-2230) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/26/2023 Created 09/08/2023 Added 09/08/2023 Modified 01/30/2025 Description A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. Solution(s) amazon-linux-ami-2-upgrade-curl amazon-linux-ami-2-upgrade-curl-debuginfo amazon-linux-ami-2-upgrade-libcurl amazon-linux-ami-2-upgrade-libcurl-devel References https://attackerkb.com/topics/cve-2023-28319 AL2/ALAS-2023-2230 CVE - 2023-28319

Amazon Linux AMI 2: CVE-2023-2856: Security patch for wireshark (ALAS-2023-2187) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file Solution(s) amazon-linux-ami-2-upgrade-wireshark amazon-linux-ami-2-upgrade-wireshark-cli amazon-linux-ami-2-upgrade-wireshark-debuginfo amazon-linux-ami-2-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-2856 AL2/ALAS-2023-2187 CVE - 2023-2856

Huawei EulerOS: CVE-2023-32681: python-requests security update Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 05/26/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. Solution(s) huawei-euleros-2_0_sp8-upgrade-python2-requests huawei-euleros-2_0_sp8-upgrade-python3-requests References https://attackerkb.com/topics/cve-2023-32681 CVE - 2023-32681 EulerOS-SA-2023-3152

Huawei EulerOS: CVE-2023-28321: curl security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/26/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. Solution(s) huawei-euleros-2_0_sp8-upgrade-curl huawei-euleros-2_0_sp8-upgrade-libcurl huawei-euleros-2_0_sp8-upgrade-libcurl-devel References https://attackerkb.com/topics/cve-2023-28321 CVE - 2023-28321 EulerOS-SA-2023-3121

Red Hat: CVE-2023-2855: Candump log file parser crash (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file Solution(s) redhat-upgrade-wireshark redhat-upgrade-wireshark-cli redhat-upgrade-wireshark-cli-debuginfo redhat-upgrade-wireshark-debuginfo redhat-upgrade-wireshark-debugsource redhat-upgrade-wireshark-devel References CVE-2023-2855 RHSA-2023:6469

Red Hat: CVE-2023-2858: wireshark: NetScaler file parser crash (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file Solution(s) redhat-upgrade-wireshark redhat-upgrade-wireshark-cli redhat-upgrade-wireshark-cli-debuginfo redhat-upgrade-wireshark-debuginfo redhat-upgrade-wireshark-debugsource redhat-upgrade-wireshark-devel References CVE-2023-2858 RHSA-2023:6469 RHSA-2023:7015

Ubuntu: (Multiple Advisories) (CVE-2023-2898): Linux kernel (OEM) vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 05/26/2023 Created 08/14/2023 Added 08/14/2023 Modified 01/28/2025 Description There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1027-gkeop ubuntu-upgrade-linux-image-5-15-0-1032-nvidia ubuntu-upgrade-linux-image-5-15-0-1032-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1037-ibm ubuntu-upgrade-linux-image-5-15-0-1037-raspi ubuntu-upgrade-linux-image-5-15-0-1039-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1041-gcp ubuntu-upgrade-linux-image-5-15-0-1041-gke ubuntu-upgrade-linux-image-5-15-0-1041-kvm ubuntu-upgrade-linux-image-5-15-0-1042-oracle ubuntu-upgrade-linux-image-5-15-0-1044-aws ubuntu-upgrade-linux-image-5-15-0-1046-azure ubuntu-upgrade-linux-image-5-15-0-1046-azure-fde ubuntu-upgrade-linux-image-5-15-0-83-generic ubuntu-upgrade-linux-image-5-15-0-83-generic-64k ubuntu-upgrade-linux-image-5-15-0-83-generic-lpae ubuntu-upgrade-linux-image-5-15-0-83-lowlatency ubuntu-upgrade-linux-image-5-15-0-83-lowlatency-64k ubuntu-upgrade-linux-image-6-0-0-1021-oem ubuntu-upgrade-linux-image-6-1-0-1019-oem ubuntu-upgrade-linux-image-6-2-0-1004-starfive ubuntu-upgrade-linux-image-6-2-0-1009-ibm ubuntu-upgrade-linux-image-6-2-0-1011-aws ubuntu-upgrade-linux-image-6-2-0-1011-azure ubuntu-upgrade-linux-image-6-2-0-1011-oracle ubuntu-upgrade-linux-image-6-2-0-1012-kvm ubuntu-upgrade-linux-image-6-2-0-1012-lowlatency ubuntu-upgrade-linux-image-6-2-0-1012-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1012-raspi ubuntu-upgrade-linux-image-6-2-0-1013-gcp ubuntu-upgrade-linux-image-6-2-0-32-generic ubuntu-upgrade-linux-image-6-2-0-32-generic-64k ubuntu-upgrade-linux-image-6-2-0-32-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-2898 CVE - 2023-2898 DSA-5480 DSA-5492 USN-6285-1 USN-6338-1 USN-6338-2 USN-6339-1 USN-6339-2 USN-6339-3 USN-6339-4 USN-6344-1 USN-6350-1 USN-6351-1 USN-6385-1 View more

F5 Networks: CVE-2023-1667: K000148495: libssh vulnerability CVE-2023-1667 Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/26/2023 Created 11/26/2024 Added 11/25/2024 Modified 01/28/2025 Description A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-1667 CVE - 2023-1667 https://my.f5.com/manage/s/article/K000148495

Ubuntu: USN-6138-1 (CVE-2023-1667): libssh vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/26/2023 Created 06/06/2023 Added 06/06/2023 Modified 01/28/2025 Description A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. Solution(s) ubuntu-upgrade-libssh-4 References https://attackerkb.com/topics/cve-2023-1667 CVE - 2023-1667 USN-6138-1

Ubuntu: (Multiple Advisories) (CVE-2023-2002): Linux kernel (OEM) vulnerabilities Severity 7 CVSS (AV:A/AC:L/Au:S/C:P/I:P/A:C) Published 05/26/2023 Created 06/19/2023 Added 06/19/2023 Modified 01/28/2025 Description A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1129-oracle ubuntu-upgrade-linux-image-4-15-0-1150-kvm ubuntu-upgrade-linux-image-4-15-0-1160-gcp ubuntu-upgrade-linux-image-4-15-0-1166-aws ubuntu-upgrade-linux-image-4-15-0-1175-azure ubuntu-upgrade-linux-image-4-15-0-223-generic ubuntu-upgrade-linux-image-4-15-0-223-lowlatency ubuntu-upgrade-linux-image-5-15-0-1025-gkeop ubuntu-upgrade-linux-image-5-15-0-1030-nvidia ubuntu-upgrade-linux-image-5-15-0-1030-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1035-ibm ubuntu-upgrade-linux-image-5-15-0-1035-raspi ubuntu-upgrade-linux-image-5-15-0-1037-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1039-gcp ubuntu-upgrade-linux-image-5-15-0-1039-gke ubuntu-upgrade-linux-image-5-15-0-1039-kvm ubuntu-upgrade-linux-image-5-15-0-1040-oracle ubuntu-upgrade-linux-image-5-15-0-1041-aws ubuntu-upgrade-linux-image-5-15-0-1042-aws ubuntu-upgrade-linux-image-5-15-0-1043-azure-fde ubuntu-upgrade-linux-image-5-15-0-1045-azure ubuntu-upgrade-linux-image-5-15-0-1045-azure-fde ubuntu-upgrade-linux-image-5-15-0-79-generic ubuntu-upgrade-linux-image-5-15-0-79-generic-64k ubuntu-upgrade-linux-image-5-15-0-79-generic-lpae ubuntu-upgrade-linux-image-5-15-0-79-lowlatency ubuntu-upgrade-linux-image-5-15-0-79-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1021-iot ubuntu-upgrade-linux-image-5-4-0-1029-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1056-ibm ubuntu-upgrade-linux-image-5-4-0-1070-bluefield ubuntu-upgrade-linux-image-5-4-0-1076-gkeop ubuntu-upgrade-linux-image-5-4-0-1093-raspi ubuntu-upgrade-linux-image-5-4-0-1098-kvm ubuntu-upgrade-linux-image-5-4-0-1108-oracle ubuntu-upgrade-linux-image-5-4-0-1109-aws ubuntu-upgrade-linux-image-5-4-0-1112-gcp ubuntu-upgrade-linux-image-5-4-0-1115-azure ubuntu-upgrade-linux-image-5-4-0-162-generic ubuntu-upgrade-linux-image-5-4-0-162-generic-lpae ubuntu-upgrade-linux-image-5-4-0-162-lowlatency ubuntu-upgrade-linux-image-6-0-0-1021-oem ubuntu-upgrade-linux-image-6-1-0-1014-oem ubuntu-upgrade-linux-image-6-2-0-1007-ibm ubuntu-upgrade-linux-image-6-2-0-1009-aws ubuntu-upgrade-linux-image-6-2-0-1009-azure ubuntu-upgrade-linux-image-6-2-0-1009-oracle ubuntu-upgrade-linux-image-6-2-0-1010-kvm ubuntu-upgrade-linux-image-6-2-0-1010-lowlatency ubuntu-upgrade-linux-image-6-2-0-1010-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1010-raspi ubuntu-upgrade-linux-image-6-2-0-1011-gcp ubuntu-upgrade-linux-image-6-2-0-27-generic ubuntu-upgrade-linux-image-6-2-0-27-generic-64k ubuntu-upgrade-linux-image-6-2-0-27-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-raspi2-hwe-18-04 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-2002 CVE - 2023-2002 DSA-5480 USN-6173-1 USN-6283-1 USN-6300-1 USN-6311-1 USN-6332-1 USN-6340-1 USN-6340-2 USN-6347-1 USN-6349-1 USN-6357-1 USN-6385-1 USN-6397-1 USN-6701-1 USN-6701-2 USN-6701-3 USN-6701-4 View more

Alpine Linux: CVE-2022-39374: Uncontrolled Resource Consumption Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/26/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0 Solution(s) alpine-linux-upgrade-synapse References https://attackerkb.com/topics/cve-2022-39374 CVE - 2022-39374 https://security.alpinelinux.org/vuln/CVE-2022-39374

Wireshark : CVE-2023-2856 : VMS TCPIPtrace file parser crash Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 09/25/2024 Added 09/24/2024 Modified 01/28/2025 Description VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file Solution(s) wireshark-upgrade-3_6_14 wireshark-upgrade-4_0_6 References https://attackerkb.com/topics/cve-2023-2856 CVE - 2023-2856 https://www.wireshark.org/security/wnpa-sec-2023-16.html

Alma Linux: CVE-2023-28322: Moderate: curl security and bug fix update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 05/26/2023 Created 08/03/2023 Added 08/03/2023 Modified 01/28/2025 Description An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. Solution(s) alma-upgrade-curl alma-upgrade-curl-minimal alma-upgrade-libcurl alma-upgrade-libcurl-devel alma-upgrade-libcurl-minimal References https://attackerkb.com/topics/cve-2023-28322 CVE - 2023-28322 https://errata.almalinux.org/8/ALSA-2024-1601.html https://errata.almalinux.org/9/ALSA-2023-4354.html

Gentoo Linux: CVE-2023-2283: libssh: Multiple Vulnerabilities Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/26/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. Solution(s) gentoo-linux-upgrade-net-libs-libssh References https://attackerkb.com/topics/cve-2023-2283 CVE - 2023-2283 202312-05

Gentoo Linux: CVE-2023-28319: curl: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/26/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/30/2025 Description A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. Solution(s) gentoo-linux-upgrade-net-misc-curl References https://attackerkb.com/topics/cve-2023-28319 CVE - 2023-28319 202310-12

Gentoo Linux: CVE-2023-2858: Wireshark: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file Solution(s) gentoo-linux-upgrade-net-analyzer-wireshark References https://attackerkb.com/topics/cve-2023-2858 CVE - 2023-2858 202309-02

Gentoo Linux: CVE-2023-2857: Wireshark: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file Solution(s) gentoo-linux-upgrade-net-analyzer-wireshark References https://attackerkb.com/topics/cve-2023-2857 CVE - 2023-2857 202309-02

Huawei EulerOS: CVE-2023-2283: libssh security update Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/26/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. Solution(s) huawei-euleros-2_0_sp9-upgrade-libssh References https://attackerkb.com/topics/cve-2023-2283 CVE - 2023-2283 EulerOS-SA-2023-2616

Huawei EulerOS: CVE-2023-28321: curl security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/26/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. Solution(s) huawei-euleros-2_0_sp11-upgrade-curl huawei-euleros-2_0_sp11-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-28321 CVE - 2023-28321 EulerOS-SA-2023-2677