ISHACK AI BOT

Huawei EulerOS: CVE-2023-32681: python-requests security update Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 05/26/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. Solution(s) huawei-euleros-2_0_sp9-upgrade-python-requests-help References https://attackerkb.com/topics/cve-2023-32681 CVE - 2023-32681 EulerOS-SA-2023-2627

Huawei EulerOS: CVE-2023-1981: avahi security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/26/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. Solution(s) huawei-euleros-2_0_sp11-upgrade-avahi-libs References https://attackerkb.com/topics/cve-2023-1981 CVE - 2023-1981 EulerOS-SA-2023-2674

Huawei EulerOS: CVE-2023-2283: libssh security update Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/26/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. Solution(s) huawei-euleros-2_0_sp11-upgrade-libssh References https://attackerkb.com/topics/cve-2023-2283 CVE - 2023-2283 EulerOS-SA-2023-2693

Huawei EulerOS: CVE-2023-28322: curl security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 05/26/2023 Created 07/23/2024 Added 07/23/2024 Modified 01/28/2025 Description An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. Solution(s) huawei-euleros-2_0_sp8-upgrade-curl huawei-euleros-2_0_sp8-upgrade-libcurl huawei-euleros-2_0_sp8-upgrade-libcurl-devel References https://attackerkb.com/topics/cve-2023-28322 CVE - 2023-28322 EulerOS-SA-2024-2460

SUSE: CVE-2023-2002: SUSE Linux Security Advisory Severity 7 CVSS (AV:A/AC:L/Au:S/C:P/I:P/A:C) Published 05/26/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-2002 CVE - 2023-2002 DSA-5480

Huawei EulerOS: CVE-2023-1667: libssh security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/26/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. Solution(s) huawei-euleros-2_0_sp11-upgrade-libssh References https://attackerkb.com/topics/cve-2023-1667 CVE - 2023-1667 EulerOS-SA-2023-2693

Huawei EulerOS: CVE-2023-2283: libssh security update Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/26/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. Solution(s) huawei-euleros-2_0_sp10-upgrade-libssh References https://attackerkb.com/topics/cve-2023-2283 CVE - 2023-2283 EulerOS-SA-2023-2384

SUSE: CVE-2023-32681: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 05/26/2023 Created 06/27/2023 Added 06/27/2023 Modified 01/28/2025 Description Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. Solution(s) suse-upgrade-python-requests suse-upgrade-python2-requests suse-upgrade-python3-requests References https://attackerkb.com/topics/cve-2023-32681 CVE - 2023-32681

Gentoo Linux: CVE-2023-2879: Wireshark: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file Solution(s) gentoo-linux-upgrade-net-analyzer-wireshark References https://attackerkb.com/topics/cve-2023-2879 CVE - 2023-2879 202309-02

Red Hat: CVE-2023-2283: authorization bypass in pki_verify_data_signature (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/26/2023 Created 06/28/2023 Added 06/28/2023 Modified 01/28/2025 Description A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. Solution(s) redhat-upgrade-libssh redhat-upgrade-libssh-config redhat-upgrade-libssh-debuginfo redhat-upgrade-libssh-debugsource redhat-upgrade-libssh-devel References CVE-2023-2283 RHSA-2023:3839 RHSA-2023:6643 RHSA-2024:0538

Red Hat: CVE-2023-28321: IDN wildcard match may lead to Improper Cerificate Validation (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/26/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/30/2025 Description An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. Solution(s) redhat-upgrade-curl redhat-upgrade-curl-debuginfo redhat-upgrade-curl-debugsource redhat-upgrade-curl-minimal redhat-upgrade-curl-minimal-debuginfo redhat-upgrade-libcurl redhat-upgrade-libcurl-debuginfo redhat-upgrade-libcurl-devel redhat-upgrade-libcurl-minimal redhat-upgrade-libcurl-minimal-debuginfo References CVE-2023-28321 RHSA-2023:4354 RHSA-2023:4523 RHSA-2023:5598 RHSA-2023:6292

Huawei EulerOS: CVE-2023-28322: curl security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 05/26/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. Solution(s) huawei-euleros-2_0_sp11-upgrade-curl huawei-euleros-2_0_sp11-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-28322 CVE - 2023-28322 EulerOS-SA-2023-2677

CentOS Linux: CVE-2023-2283: Moderate: libssh security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/26/2023 Created 06/28/2023 Added 06/28/2023 Modified 01/28/2025 Description A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. Solution(s) centos-upgrade-libssh centos-upgrade-libssh-config centos-upgrade-libssh-debuginfo centos-upgrade-libssh-debugsource centos-upgrade-libssh-devel References CVE-2023-2283

CentOS Linux: CVE-2023-28321: Moderate: curl security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/26/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. Solution(s) centos-upgrade-curl centos-upgrade-curl-debuginfo centos-upgrade-curl-debugsource centos-upgrade-curl-minimal centos-upgrade-curl-minimal-debuginfo centos-upgrade-libcurl centos-upgrade-libcurl-debuginfo centos-upgrade-libcurl-devel centos-upgrade-libcurl-minimal centos-upgrade-libcurl-minimal-debuginfo References CVE-2023-28321

Debian: CVE-2023-2858: wireshark -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 06/05/2023 Added 06/05/2023 Modified 01/28/2025 Description NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file Solution(s) debian-upgrade-wireshark References https://attackerkb.com/topics/cve-2023-2858 CVE - 2023-2858 DLA-3443-1 DSA-5429

CentOS Linux: CVE-2023-1667: Moderate: libssh security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/26/2023 Created 06/28/2023 Added 06/28/2023 Modified 01/28/2025 Description A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. Solution(s) centos-upgrade-libssh centos-upgrade-libssh-config centos-upgrade-libssh-debuginfo centos-upgrade-libssh-debugsource centos-upgrade-libssh-devel References CVE-2023-1667

FreeBSD: VID-06428D91-152E-11EE-8B14-DBDD62DA85FB: OpenEXR -- heap buffer overflow in internal_huf_decompress Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/28/2023 Created 06/29/2023 Added 06/28/2023 Modified 06/28/2023 Description oss-fuzz reports: heap buffer overflow in internal_huf_decompress. Cary Phillips reports: v3.1.9 - Patch release that addresses [...] also OSS-fuzz 59382 Heap-buffer-overflow in internal_huf_decompress Kimball Thurston reports: Fix scenario where malformed dwa file could read past end of buffer - fixes OSS-Fuzz 59382 Solution(s) freebsd-upgrade-package-openexr

Alpine Linux: CVE-2023-32763: Classic Buffer Overflow Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/28/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. Solution(s) alpine-linux-upgrade-qt5-qtbase alpine-linux-upgrade-qt6-qtbase References https://attackerkb.com/topics/cve-2023-32763 CVE - 2023-32763 https://security.alpinelinux.org/vuln/CVE-2023-32763

Alpine Linux: CVE-2023-32762: Vulnerability in Multiple Components Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 05/28/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. Solution(s) alpine-linux-upgrade-qt5-qtbase alpine-linux-upgrade-qt6-qtbase References https://attackerkb.com/topics/cve-2023-32762 CVE - 2023-32762 https://security.alpinelinux.org/vuln/CVE-2023-32762

Debian: CVE-2023-32762: qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 05/28/2023 Created 05/02/2024 Added 05/02/2024 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. Solution(s) debian-upgrade-qt6-base debian-upgrade-qtbase-opensource-src debian-upgrade-qtbase-opensource-src-gles References https://attackerkb.com/topics/cve-2023-32762 CVE - 2023-32762 DLA-3805-1

Gentoo Linux: CVE-2023-32763: QtGui: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/28/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. Solution(s) gentoo-linux-upgrade-dev-qt-qtgui References https://attackerkb.com/topics/cve-2023-32763 CVE - 2023-32763 202402-03

SUSE: CVE-2023-32762: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 05/28/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. Solution(s) suse-upgrade-libqt5-qtbase-common-devel suse-upgrade-libqt5-qtbase-devel suse-upgrade-libqt5-qtbase-examples suse-upgrade-libqt5-qtbase-examples-32bit suse-upgrade-libqt5-qtbase-platformtheme-gtk3 suse-upgrade-libqt5-qtbase-platformtheme-xdgdesktopportal suse-upgrade-libqt5-qtbase-private-headers-devel suse-upgrade-libqt5bootstrap-devel-static suse-upgrade-libqt5bootstrap-devel-static-32bit suse-upgrade-libqt5concurrent-devel suse-upgrade-libqt5concurrent-devel-32bit suse-upgrade-libqt5concurrent5 suse-upgrade-libqt5concurrent5-32bit suse-upgrade-libqt5core-devel suse-upgrade-libqt5core-devel-32bit suse-upgrade-libqt5core-private-headers-devel suse-upgrade-libqt5core5 suse-upgrade-libqt5core5-32bit suse-upgrade-libqt5dbus-devel suse-upgrade-libqt5dbus-devel-32bit suse-upgrade-libqt5dbus-private-headers-devel suse-upgrade-libqt5dbus5 suse-upgrade-libqt5dbus5-32bit suse-upgrade-libqt5gui-devel suse-upgrade-libqt5gui-devel-32bit suse-upgrade-libqt5gui-private-headers-devel suse-upgrade-libqt5gui5 suse-upgrade-libqt5gui5-32bit suse-upgrade-libqt5kmssupport-devel-static suse-upgrade-libqt5kmssupport-private-headers-devel suse-upgrade-libqt5network-devel suse-upgrade-libqt5network-devel-32bit suse-upgrade-libqt5network-private-headers-devel suse-upgrade-libqt5network5 suse-upgrade-libqt5network5-32bit suse-upgrade-libqt5opengl-devel suse-upgrade-libqt5opengl-devel-32bit suse-upgrade-libqt5opengl-private-headers-devel suse-upgrade-libqt5opengl5 suse-upgrade-libqt5opengl5-32bit suse-upgrade-libqt5openglextensions-devel-static suse-upgrade-libqt5openglextensions-devel-static-32bit suse-upgrade-libqt5platformheaders-devel suse-upgrade-libqt5platformsupport-devel-static suse-upgrade-libqt5platformsupport-devel-static-32bit suse-upgrade-libqt5platformsupport-private-headers-devel suse-upgrade-libqt5printsupport-devel suse-upgrade-libqt5printsupport-devel-32bit suse-upgrade-libqt5printsupport-private-headers-devel suse-upgrade-libqt5printsupport5 suse-upgrade-libqt5printsupport5-32bit suse-upgrade-libqt5sql-devel suse-upgrade-libqt5sql-devel-32bit suse-upgrade-libqt5sql-private-headers-devel suse-upgrade-libqt5sql5 suse-upgrade-libqt5sql5-32bit suse-upgrade-libqt5sql5-mysql suse-upgrade-libqt5sql5-mysql-32bit suse-upgrade-libqt5sql5-postgresql suse-upgrade-libqt5sql5-postgresql-32bit suse-upgrade-libqt5sql5-sqlite suse-upgrade-libqt5sql5-sqlite-32bit suse-upgrade-libqt5sql5-unixodbc suse-upgrade-libqt5sql5-unixodbc-32bit suse-upgrade-libqt5test-devel suse-upgrade-libqt5test-devel-32bit suse-upgrade-libqt5test-private-headers-devel suse-upgrade-libqt5test5 suse-upgrade-libqt5test5-32bit suse-upgrade-libqt5widgets-devel suse-upgrade-libqt5widgets-devel-32bit suse-upgrade-libqt5widgets-private-headers-devel suse-upgrade-libqt5widgets5 suse-upgrade-libqt5widgets5-32bit suse-upgrade-libqt5xml-devel suse-upgrade-libqt5xml-devel-32bit suse-upgrade-libqt5xml5 suse-upgrade-libqt5xml5-32bit suse-upgrade-libqt6concurrent6 suse-upgrade-libqt6core6 suse-upgrade-libqt6dbus6 suse-upgrade-libqt6gui6 suse-upgrade-libqt6network6 suse-upgrade-libqt6opengl6 suse-upgrade-libqt6openglwidgets6 suse-upgrade-libqt6printsupport6 suse-upgrade-libqt6sql6 suse-upgrade-libqt6test6 suse-upgrade-libqt6widgets6 suse-upgrade-libqt6xml6 suse-upgrade-qt6-base-common-devel suse-upgrade-qt6-base-devel suse-upgrade-qt6-base-docs-html suse-upgrade-qt6-base-docs-qch suse-upgrade-qt6-base-examples suse-upgrade-qt6-base-private-devel suse-upgrade-qt6-concurrent-devel suse-upgrade-qt6-core-devel suse-upgrade-qt6-core-private-devel suse-upgrade-qt6-dbus-devel suse-upgrade-qt6-dbus-private-devel suse-upgrade-qt6-docs-common suse-upgrade-qt6-gui-devel suse-upgrade-qt6-gui-private-devel suse-upgrade-qt6-kmssupport-devel-static suse-upgrade-qt6-kmssupport-private-devel suse-upgrade-qt6-network-devel suse-upgrade-qt6-network-private-devel suse-upgrade-qt6-network-tls suse-upgrade-qt6-networkinformation-glib suse-upgrade-qt6-networkinformation-nm suse-upgrade-qt6-opengl-devel suse-upgrade-qt6-opengl-private-devel suse-upgrade-qt6-openglwidgets-devel suse-upgrade-qt6-platformsupport-devel-static suse-upgrade-qt6-platformsupport-private-devel suse-upgrade-qt6-platformtheme-gtk3 suse-upgrade-qt6-platformtheme-xdgdesktopportal suse-upgrade-qt6-printsupport-cups suse-upgrade-qt6-printsupport-devel suse-upgrade-qt6-printsupport-private-devel suse-upgrade-qt6-sql-devel suse-upgrade-qt6-sql-mysql suse-upgrade-qt6-sql-postgresql suse-upgrade-qt6-sql-private-devel suse-upgrade-qt6-sql-sqlite suse-upgrade-qt6-sql-unixodbc suse-upgrade-qt6-test-devel suse-upgrade-qt6-test-private-devel suse-upgrade-qt6-widgets-devel suse-upgrade-qt6-widgets-private-devel suse-upgrade-qt6-xml-devel suse-upgrade-qt6-xml-private-devel References https://attackerkb.com/topics/cve-2023-32762 CVE - 2023-32762

Gentoo Linux: CVE-2023-32762: QtNetwork: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 05/28/2023 Created 02/20/2024 Added 02/19/2024 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match. Solution(s) gentoo-linux-upgrade-dev-qt-qtbase gentoo-linux-upgrade-dev-qt-qtnetwork References https://attackerkb.com/topics/cve-2023-32762 CVE - 2023-32762 202402-21

SUSE: CVE-2023-32763: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/28/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered. Solution(s) suse-upgrade-libqt4 suse-upgrade-libqt4-32bit suse-upgrade-libqt4-devel suse-upgrade-libqt4-devel-doc suse-upgrade-libqt4-devel-doc-data suse-upgrade-libqt4-linguist suse-upgrade-libqt4-private-headers-devel suse-upgrade-libqt4-qt3support suse-upgrade-libqt4-qt3support-32bit suse-upgrade-libqt4-sql suse-upgrade-libqt4-sql-32bit suse-upgrade-libqt4-sql-mysql suse-upgrade-libqt4-sql-mysql-32bit suse-upgrade-libqt4-sql-postgresql suse-upgrade-libqt4-sql-postgresql-32bit suse-upgrade-libqt4-sql-sqlite suse-upgrade-libqt4-sql-sqlite-32bit suse-upgrade-libqt4-sql-unixodbc suse-upgrade-libqt4-sql-unixodbc-32bit suse-upgrade-libqt4-x11 suse-upgrade-libqt4-x11-32bit suse-upgrade-libqt5-qtbase-common-devel suse-upgrade-libqt5-qtbase-devel suse-upgrade-libqt5-qtbase-examples suse-upgrade-libqt5-qtbase-examples-32bit suse-upgrade-libqt5-qtbase-platformtheme-gtk3 suse-upgrade-libqt5-qtbase-platformtheme-xdgdesktopportal suse-upgrade-libqt5-qtbase-private-headers-devel suse-upgrade-libqt5bootstrap-devel-static suse-upgrade-libqt5bootstrap-devel-static-32bit suse-upgrade-libqt5concurrent-devel suse-upgrade-libqt5concurrent-devel-32bit suse-upgrade-libqt5concurrent5 suse-upgrade-libqt5concurrent5-32bit suse-upgrade-libqt5core-devel suse-upgrade-libqt5core-devel-32bit suse-upgrade-libqt5core-private-headers-devel suse-upgrade-libqt5core5 suse-upgrade-libqt5core5-32bit suse-upgrade-libqt5dbus-devel suse-upgrade-libqt5dbus-devel-32bit suse-upgrade-libqt5dbus-private-headers-devel suse-upgrade-libqt5dbus5 suse-upgrade-libqt5dbus5-32bit suse-upgrade-libqt5gui-devel suse-upgrade-libqt5gui-devel-32bit suse-upgrade-libqt5gui-private-headers-devel suse-upgrade-libqt5gui5 suse-upgrade-libqt5gui5-32bit suse-upgrade-libqt5kmssupport-devel-static suse-upgrade-libqt5kmssupport-private-headers-devel suse-upgrade-libqt5network-devel suse-upgrade-libqt5network-devel-32bit suse-upgrade-libqt5network-private-headers-devel suse-upgrade-libqt5network5 suse-upgrade-libqt5network5-32bit suse-upgrade-libqt5opengl-devel suse-upgrade-libqt5opengl-devel-32bit suse-upgrade-libqt5opengl-private-headers-devel suse-upgrade-libqt5opengl5 suse-upgrade-libqt5opengl5-32bit suse-upgrade-libqt5openglextensions-devel-static suse-upgrade-libqt5openglextensions-devel-static-32bit suse-upgrade-libqt5platformheaders-devel suse-upgrade-libqt5platformsupport-devel-static suse-upgrade-libqt5platformsupport-devel-static-32bit suse-upgrade-libqt5platformsupport-private-headers-devel suse-upgrade-libqt5printsupport-devel suse-upgrade-libqt5printsupport-devel-32bit suse-upgrade-libqt5printsupport-private-headers-devel suse-upgrade-libqt5printsupport5 suse-upgrade-libqt5printsupport5-32bit suse-upgrade-libqt5sql-devel suse-upgrade-libqt5sql-devel-32bit suse-upgrade-libqt5sql-private-headers-devel suse-upgrade-libqt5sql5 suse-upgrade-libqt5sql5-32bit suse-upgrade-libqt5sql5-mysql suse-upgrade-libqt5sql5-mysql-32bit suse-upgrade-libqt5sql5-postgresql suse-upgrade-libqt5sql5-postgresql-32bit suse-upgrade-libqt5sql5-sqlite suse-upgrade-libqt5sql5-sqlite-32bit suse-upgrade-libqt5sql5-unixodbc suse-upgrade-libqt5sql5-unixodbc-32bit suse-upgrade-libqt5test-devel suse-upgrade-libqt5test-devel-32bit suse-upgrade-libqt5test-private-headers-devel suse-upgrade-libqt5test5 suse-upgrade-libqt5test5-32bit suse-upgrade-libqt5widgets-devel suse-upgrade-libqt5widgets-devel-32bit suse-upgrade-libqt5widgets-private-headers-devel suse-upgrade-libqt5widgets5 suse-upgrade-libqt5widgets5-32bit suse-upgrade-libqt5xml-devel suse-upgrade-libqt5xml-devel-32bit suse-upgrade-libqt5xml5 suse-upgrade-libqt5xml5-32bit suse-upgrade-libqt6concurrent6 suse-upgrade-libqt6core6 suse-upgrade-libqt6dbus6 suse-upgrade-libqt6gui6 suse-upgrade-libqt6network6 suse-upgrade-libqt6opengl6 suse-upgrade-libqt6openglwidgets6 suse-upgrade-libqt6printsupport6 suse-upgrade-libqt6sql6 suse-upgrade-libqt6test6 suse-upgrade-libqt6widgets6 suse-upgrade-libqt6xml6 suse-upgrade-qt4-x11-tools suse-upgrade-qt6-base-common-devel suse-upgrade-qt6-base-devel suse-upgrade-qt6-base-docs-html suse-upgrade-qt6-base-docs-qch suse-upgrade-qt6-base-examples suse-upgrade-qt6-base-private-devel suse-upgrade-qt6-concurrent-devel suse-upgrade-qt6-core-devel suse-upgrade-qt6-core-private-devel suse-upgrade-qt6-dbus-devel suse-upgrade-qt6-dbus-private-devel suse-upgrade-qt6-docs-common suse-upgrade-qt6-gui-devel suse-upgrade-qt6-gui-private-devel suse-upgrade-qt6-kmssupport-devel-static suse-upgrade-qt6-kmssupport-private-devel suse-upgrade-qt6-network-devel suse-upgrade-qt6-network-private-devel suse-upgrade-qt6-network-tls suse-upgrade-qt6-networkinformation-glib suse-upgrade-qt6-networkinformation-nm suse-upgrade-qt6-opengl-devel suse-upgrade-qt6-opengl-private-devel suse-upgrade-qt6-openglwidgets-devel suse-upgrade-qt6-platformsupport-devel-static suse-upgrade-qt6-platformsupport-private-devel suse-upgrade-qt6-platformtheme-gtk3 suse-upgrade-qt6-platformtheme-xdgdesktopportal suse-upgrade-qt6-printsupport-cups suse-upgrade-qt6-printsupport-devel suse-upgrade-qt6-printsupport-private-devel suse-upgrade-qt6-sql-devel suse-upgrade-qt6-sql-mysql suse-upgrade-qt6-sql-postgresql suse-upgrade-qt6-sql-private-devel suse-upgrade-qt6-sql-sqlite suse-upgrade-qt6-sql-unixodbc suse-upgrade-qt6-test-devel suse-upgrade-qt6-test-private-devel suse-upgrade-qt6-widgets-devel suse-upgrade-qt6-widgets-private-devel suse-upgrade-qt6-xml-devel suse-upgrade-qt6-xml-private-devel References https://attackerkb.com/topics/cve-2023-32763 CVE - 2023-32763

Alpine Linux: CVE-2023-30570: Uncontrolled Resource Consumption Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/28/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28. Solution(s) alpine-linux-upgrade-libreswan References https://attackerkb.com/topics/cve-2023-30570 CVE - 2023-30570 https://security.alpinelinux.org/vuln/CVE-2023-30570