ISHACK AI BOT

CentOS Linux: CVE-2023-32681: Moderate: python-requests security update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 05/26/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. Solution(s) centos-upgrade-babel centos-upgrade-cython-debugsource centos-upgrade-foreman-cli centos-upgrade-numpy-debugsource centos-upgrade-python-cffi-debugsource centos-upgrade-python-coverage-debugsource centos-upgrade-python-cryptography-debugsource centos-upgrade-python-lxml-debugsource centos-upgrade-python-markupsafe-debugsource centos-upgrade-python-nose-docs centos-upgrade-python-psutil-debugsource centos-upgrade-python-psycopg2-debuginfo centos-upgrade-python-psycopg2-debugsource centos-upgrade-python-psycopg2-doc centos-upgrade-python-pymongo-debuginfo centos-upgrade-python-pymongo-debugsource centos-upgrade-python-sqlalchemy-doc centos-upgrade-python2 centos-upgrade-python2-attrs centos-upgrade-python2-babel centos-upgrade-python2-backports centos-upgrade-python2-backports-ssl_match_hostname centos-upgrade-python2-bson centos-upgrade-python2-bson-debuginfo centos-upgrade-python2-chardet centos-upgrade-python2-coverage centos-upgrade-python2-coverage-debuginfo centos-upgrade-python2-cython centos-upgrade-python2-cython-debuginfo centos-upgrade-python2-debug centos-upgrade-python2-debuginfo centos-upgrade-python2-debugsource centos-upgrade-python2-devel centos-upgrade-python2-dns centos-upgrade-python2-docs centos-upgrade-python2-docs-info centos-upgrade-python2-docutils centos-upgrade-python2-funcsigs centos-upgrade-python2-idna centos-upgrade-python2-ipaddress centos-upgrade-python2-jinja2 centos-upgrade-python2-libs centos-upgrade-python2-lxml centos-upgrade-python2-lxml-debuginfo centos-upgrade-python2-markupsafe centos-upgrade-python2-mock centos-upgrade-python2-nose centos-upgrade-python2-numpy centos-upgrade-python2-numpy-debuginfo centos-upgrade-python2-numpy-doc centos-upgrade-python2-numpy-f2py centos-upgrade-python2-pip centos-upgrade-python2-pip-wheel centos-upgrade-python2-pluggy centos-upgrade-python2-psycopg2 centos-upgrade-python2-psycopg2-debug centos-upgrade-python2-psycopg2-debug-debuginfo centos-upgrade-python2-psycopg2-debuginfo centos-upgrade-python2-psycopg2-tests centos-upgrade-python2-py centos-upgrade-python2-pygments centos-upgrade-python2-pymongo centos-upgrade-python2-pymongo-debuginfo centos-upgrade-python2-pymongo-gridfs centos-upgrade-python2-pymysql centos-upgrade-python2-pysocks centos-upgrade-python2-pytest centos-upgrade-python2-pytest-mock centos-upgrade-python2-pytz centos-upgrade-python2-pyyaml centos-upgrade-python2-pyyaml-debuginfo centos-upgrade-python2-requests centos-upgrade-python2-rpm-macros centos-upgrade-python2-scipy centos-upgrade-python2-scipy-debuginfo centos-upgrade-python2-setuptools centos-upgrade-python2-setuptools-wheel centos-upgrade-python2-setuptools_scm centos-upgrade-python2-six centos-upgrade-python2-sqlalchemy centos-upgrade-python2-test centos-upgrade-python2-tkinter centos-upgrade-python2-tools centos-upgrade-python2-urllib3 centos-upgrade-python2-virtualenv centos-upgrade-python2-wheel centos-upgrade-python2-wheel-wheel centos-upgrade-python3-requests centos-upgrade-python3-requests-security centos-upgrade-python3-requests-socks centos-upgrade-python38 centos-upgrade-python38-asn1crypto centos-upgrade-python38-babel centos-upgrade-python38-cffi centos-upgrade-python38-cffi-debuginfo centos-upgrade-python38-chardet centos-upgrade-python38-cryptography centos-upgrade-python38-cryptography-debuginfo centos-upgrade-python38-cython centos-upgrade-python38-cython-debuginfo centos-upgrade-python38-debug centos-upgrade-python38-debuginfo centos-upgrade-python38-debugsource centos-upgrade-python38-devel centos-upgrade-python38-idle centos-upgrade-python38-idna centos-upgrade-python38-jinja2 centos-upgrade-python38-libs centos-upgrade-python38-lxml centos-upgrade-python38-lxml-debuginfo centos-upgrade-python38-markupsafe centos-upgrade-python38-markupsafe-debuginfo centos-upgrade-python38-mod_wsgi centos-upgrade-python38-numpy centos-upgrade-python38-numpy-debuginfo centos-upgrade-python38-numpy-doc centos-upgrade-python38-numpy-f2py centos-upgrade-python38-pip centos-upgrade-python38-pip-wheel centos-upgrade-python38-ply centos-upgrade-python38-psutil centos-upgrade-python38-psutil-debuginfo centos-upgrade-python38-psycopg2 centos-upgrade-python38-psycopg2-debuginfo centos-upgrade-python38-psycopg2-doc centos-upgrade-python38-psycopg2-tests centos-upgrade-python38-pycparser centos-upgrade-python38-pymysql centos-upgrade-python38-pysocks centos-upgrade-python38-pytz centos-upgrade-python38-pyyaml centos-upgrade-python38-pyyaml-debuginfo centos-upgrade-python38-requests centos-upgrade-python38-rpm-macros centos-upgrade-python38-scipy centos-upgrade-python38-scipy-debuginfo centos-upgrade-python38-setuptools centos-upgrade-python38-setuptools-wheel centos-upgrade-python38-six centos-upgrade-python38-test centos-upgrade-python38-tkinter centos-upgrade-python38-urllib3 centos-upgrade-python38-wheel centos-upgrade-python38-wheel-wheel centos-upgrade-python39 centos-upgrade-python39-cffi centos-upgrade-python39-cffi-debuginfo centos-upgrade-python39-chardet centos-upgrade-python39-cryptography centos-upgrade-python39-cryptography-debuginfo centos-upgrade-python39-debuginfo centos-upgrade-python39-debugsource centos-upgrade-python39-devel centos-upgrade-python39-idle centos-upgrade-python39-idna centos-upgrade-python39-libs centos-upgrade-python39-lxml centos-upgrade-python39-lxml-debuginfo centos-upgrade-python39-mod_wsgi centos-upgrade-python39-numpy centos-upgrade-python39-numpy-debuginfo centos-upgrade-python39-numpy-doc centos-upgrade-python39-numpy-f2py centos-upgrade-python39-pip centos-upgrade-python39-pip-wheel centos-upgrade-python39-ply centos-upgrade-python39-psutil centos-upgrade-python39-psutil-debuginfo centos-upgrade-python39-psycopg2 centos-upgrade-python39-psycopg2-debuginfo centos-upgrade-python39-psycopg2-doc centos-upgrade-python39-psycopg2-tests centos-upgrade-python39-pulp_manifest centos-upgrade-python39-pycparser centos-upgrade-python39-pymysql centos-upgrade-python39-pysocks centos-upgrade-python39-pyyaml centos-upgrade-python39-pyyaml-debuginfo centos-upgrade-python39-requests centos-upgrade-python39-rpm-macros centos-upgrade-python39-scipy centos-upgrade-python39-scipy-debuginfo centos-upgrade-python39-setuptools centos-upgrade-python39-setuptools-wheel centos-upgrade-python39-six centos-upgrade-python39-test centos-upgrade-python39-tkinter centos-upgrade-python39-toml centos-upgrade-python39-urllib3 centos-upgrade-python39-wheel centos-upgrade-python39-wheel-wheel centos-upgrade-pyyaml-debugsource centos-upgrade-rubygem-amazing_print centos-upgrade-rubygem-apipie-bindings centos-upgrade-rubygem-clamp centos-upgrade-rubygem-domain_name centos-upgrade-rubygem-fast_gettext centos-upgrade-rubygem-ffi centos-upgrade-rubygem-ffi-debuginfo centos-upgrade-rubygem-ffi-debugsource centos-upgrade-rubygem-foreman_maintain centos-upgrade-rubygem-gssapi centos-upgrade-rubygem-hammer_cli centos-upgrade-rubygem-hammer_cli_foreman centos-upgrade-rubygem-hammer_cli_foreman_admin centos-upgrade-rubygem-hammer_cli_foreman_ansible centos-upgrade-rubygem-hammer_cli_foreman_azure_rm centos-upgrade-rubygem-hammer_cli_foreman_bootdisk centos-upgrade-rubygem-hammer_cli_foreman_discovery centos-upgrade-rubygem-hammer_cli_foreman_google centos-upgrade-rubygem-hammer_cli_foreman_openscap centos-upgrade-rubygem-hammer_cli_foreman_remote_execution centos-upgrade-rubygem-hammer_cli_foreman_tasks centos-upgrade-rubygem-hammer_cli_foreman_templates centos-upgrade-rubygem-hammer_cli_foreman_virt_who_configure centos-upgrade-rubygem-hammer_cli_foreman_webhooks centos-upgrade-rubygem-hammer_cli_katello centos-upgrade-rubygem-hashie centos-upgrade-rubygem-highline centos-upgrade-rubygem-http-accept centos-upgrade-rubygem-http-cookie centos-upgrade-rubygem-jwt centos-upgrade-rubygem-little-plugger centos-upgrade-rubygem-locale centos-upgrade-rubygem-logging centos-upgrade-rubygem-mime-types centos-upgrade-rubygem-mime-types-data centos-upgrade-rubygem-multi_json centos-upgrade-rubygem-netrc centos-upgrade-rubygem-oauth centos-upgrade-rubygem-oauth-tty centos-upgrade-rubygem-powerbar centos-upgrade-rubygem-rest-client centos-upgrade-rubygem-snaky_hash centos-upgrade-rubygem-unf centos-upgrade-rubygem-unf_ext centos-upgrade-rubygem-unf_ext-debuginfo centos-upgrade-rubygem-unf_ext-debugsource centos-upgrade-rubygem-unicode centos-upgrade-rubygem-unicode-debuginfo centos-upgrade-rubygem-unicode-debugsource centos-upgrade-rubygem-unicode-display_width centos-upgrade-rubygem-version_gem centos-upgrade-satellite-cli centos-upgrade-satellite-clone centos-upgrade-satellite-maintain centos-upgrade-scipy-debugsource References CVE-2023-32681

CentOS Linux: CVE-2023-2855: Moderate: wireshark security update (CESA-2023:6469) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file Solution(s) centos-upgrade-wireshark centos-upgrade-wireshark-cli centos-upgrade-wireshark-cli-debuginfo centos-upgrade-wireshark-debuginfo centos-upgrade-wireshark-debugsource References DSA-5429 CVE-2023-2855

Debian: CVE-2023-2898: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 05/26/2023 Created 08/21/2023 Added 08/21/2023 Modified 01/28/2025 Description There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-2898 CVE - 2023-2898 DSA-5480 DSA-5480-1 DSA-5492

Debian: CVE-2022-46945: nagvis -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 05/26/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. Solution(s) debian-upgrade-nagvis References https://attackerkb.com/topics/cve-2022-46945 CVE - 2022-46945

Huawei EulerOS: CVE-2023-1667: libssh security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/26/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. Solution(s) huawei-euleros-2_0_sp10-upgrade-libssh References https://attackerkb.com/topics/cve-2023-1667 CVE - 2023-1667 EulerOS-SA-2023-2384

Openfire authentication bypass with RCE plugin Disclosed 05/26/2023 Created 07/19/2023 Description Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This module will use the vulnerability to create a new admin user that will be used to upload a Openfire management plugin weaponised with java native payload that triggers an RCE. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the first version on the 4.8 branch, which is version 4.8.0. Author(s) h00die-gr3y <[email protected]> Platform Java Architectures java Development Source Code History

Alpine Linux: CVE-2023-32307: Vulnerability in Sofia-sip Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 03/22/2024 Added 03/21/2024 Modified 03/22/2024 Description Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade. Solution(s) alpine-linux-upgrade-sofia-sip References https://attackerkb.com/topics/cve-2023-32307 CVE - 2023-32307 https://security.alpinelinux.org/vuln/CVE-2023-32307

Red Hat: CVE-2023-28322: more POST-after-PUT confusion (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 05/26/2023 Created 08/02/2023 Added 08/02/2023 Modified 01/28/2025 Description An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. Solution(s) redhat-upgrade-curl redhat-upgrade-curl-debuginfo redhat-upgrade-curl-debugsource redhat-upgrade-curl-minimal redhat-upgrade-curl-minimal-debuginfo redhat-upgrade-libcurl redhat-upgrade-libcurl-debuginfo redhat-upgrade-libcurl-devel redhat-upgrade-libcurl-minimal redhat-upgrade-libcurl-minimal-debuginfo References CVE-2023-28322 RHSA-2023:4354 RHSA-2023:5598 RHSA-2024:0428 RHSA-2024:0585 RHSA-2024:1601

Huawei EulerOS: CVE-2023-2002: kernel security update Severity 7 CVSS (AV:A/AC:L/Au:S/C:P/I:P/A:C) Published 05/26/2023 Created 07/18/2023 Added 07/18/2023 Modified 01/28/2025 Description A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. Solution(s) huawei-euleros-2_0_sp10-upgrade-kernel huawei-euleros-2_0_sp10-upgrade-kernel-abi-stablelists huawei-euleros-2_0_sp10-upgrade-kernel-tools huawei-euleros-2_0_sp10-upgrade-kernel-tools-libs huawei-euleros-2_0_sp10-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-2002 CVE - 2023-2002 EulerOS-SA-2023-2357

Red Hat: CVE-2023-1667: NULL pointer dereference during rekeying with algorithm guessing (Multiple Advisories) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/26/2023 Created 06/28/2023 Added 06/28/2023 Modified 01/28/2025 Description A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. Solution(s) redhat-upgrade-libssh redhat-upgrade-libssh-config redhat-upgrade-libssh-debuginfo redhat-upgrade-libssh-debugsource redhat-upgrade-libssh-devel References CVE-2023-1667 RHSA-2023:3839 RHSA-2023:6643 RHSA-2024:0538

Alpine Linux: CVE-2023-1981: Uncontrolled Resource Consumption Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 05/26/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. Solution(s) alpine-linux-upgrade-avahi References https://attackerkb.com/topics/cve-2023-1981 CVE - 2023-1981 https://security.alpinelinux.org/vuln/CVE-2023-1981

VMware Photon OS: CVE-2023-28321 Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:C/A:N) Published 05/26/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-28321 CVE - 2023-28321

Alpine Linux: CVE-2023-28319: Use After Free Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 05/26/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2023-28319 CVE - 2023-28319 https://security.alpinelinux.org/vuln/CVE-2023-28319

Alpine Linux: CVE-2023-28321: Improper Certificate Validation Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/26/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2023-28321 CVE - 2023-28321 https://security.alpinelinux.org/vuln/CVE-2023-28321

Alpine Linux: CVE-2023-28320: Race Condition Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. Solution(s) alpine-linux-upgrade-curl References https://attackerkb.com/topics/cve-2023-28320 CVE - 2023-28320 https://security.alpinelinux.org/vuln/CVE-2023-28320

Ubuntu: USN-6448-1 (CVE-2023-32307): Sofia-SIP vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/28/2025 Description Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade. Solution(s) ubuntu-pro-upgrade-libsofia-sip-ua-glib3 ubuntu-pro-upgrade-libsofia-sip-ua0 ubuntu-pro-upgrade-sofia-sip-bin References https://attackerkb.com/topics/cve-2023-32307 CVE - 2023-32307 USN-6448-1

VMware Photon OS: CVE-2023-2002 Severity 7 CVSS (AV:A/AC:L/Au:S/C:P/I:P/A:C) Published 05/26/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-2002 CVE - 2023-2002

VMware Photon OS: CVE-2023-2283 Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/26/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-2283 CVE - 2023-2283

Rocky Linux: CVE-2023-28322: curl (RLSA-2024-1601) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 05/26/2023 Created 04/09/2024 Added 04/08/2024 Modified 01/28/2025 Description An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. Solution(s) rocky-upgrade-curl rocky-upgrade-curl-debuginfo rocky-upgrade-curl-debugsource rocky-upgrade-libcurl rocky-upgrade-libcurl-debuginfo rocky-upgrade-libcurl-devel rocky-upgrade-libcurl-minimal rocky-upgrade-libcurl-minimal-debuginfo References https://attackerkb.com/topics/cve-2023-28322 CVE - 2023-28322 https://errata.rockylinux.org/RLSA-2024:1601

Gentoo Linux: CVE-2023-28321: curl: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 05/26/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/30/2025 Description An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. Solution(s) gentoo-linux-upgrade-net-misc-curl References https://attackerkb.com/topics/cve-2023-28321 CVE - 2023-28321 202310-12

Gentoo Linux: CVE-2023-32307: Sofia-SIP: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 07/09/2024 Added 07/09/2024 Modified 01/28/2025 Description Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade. Solution(s) gentoo-linux-upgrade-net-libs-sofia-sip References https://attackerkb.com/topics/cve-2023-32307 CVE - 2023-32307 202407-10

Gentoo Linux: CVE-2023-28320: curl: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 10/12/2023 Added 10/12/2023 Modified 01/28/2025 Description A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. Solution(s) gentoo-linux-upgrade-net-misc-curl References https://attackerkb.com/topics/cve-2023-28320 CVE - 2023-28320 202310-12

Gentoo Linux: CVE-2023-32681: Requests: Information Leak Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 05/26/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. Solution(s) gentoo-linux-upgrade-dev-python-requests References https://attackerkb.com/topics/cve-2023-32681 CVE - 2023-32681 202309-08

Wireshark : CVE-2023-2857 : BLF file parser crash Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 05/26/2023 Created 09/25/2024 Added 09/24/2024 Modified 01/28/2025 Description BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file Solution(s) wireshark-upgrade-3_6_14 wireshark-upgrade-4_0_6 References https://attackerkb.com/topics/cve-2023-2857 CVE - 2023-2857 https://www.wireshark.org/security/wnpa-sec-2023-13.html

Huawei EulerOS: CVE-2023-28322: curl security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 05/26/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. Solution(s) huawei-euleros-2_0_sp9-upgrade-curl huawei-euleros-2_0_sp9-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-28322 CVE - 2023-28322 EulerOS-SA-2023-2608