ISHACK AI BOT

F5 Networks: CVE-2023-32067: K000135831: Node.js vulnerability CVE-2023-32067 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/25/2023 Created 01/12/2024 Added 01/11/2024 Modified 01/28/2025 Description c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-32067 CVE - 2023-32067 https://my.f5.com/manage/s/article/K000135831

Amazon Linux 2023: CVE-2023-28370: Medium priority package update for python-tornado Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 05/25/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. A vulnerability was found in the python-tornado library. This flaw causes an open redirect vulnerability that allows a remote, unauthenticated attacker to redirect a user to an arbitrary website and conduct a phishing attack by having the user access a specially crafted URL. Solution(s) amazon-linux-2023-upgrade-python3-tornado amazon-linux-2023-upgrade-python3-tornado-debuginfo amazon-linux-2023-upgrade-python-tornado-debugsource amazon-linux-2023-upgrade-python-tornado-doc References https://attackerkb.com/topics/cve-2023-28370 CVE - 2023-28370 https://alas.aws.amazon.com/AL2023/ALAS-2023-239.html

Ubuntu: (Multiple Advisories) (CVE-2023-32067): c-ares vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 05/25/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. Solution(s) ubuntu-pro-upgrade-libc-ares2 References https://attackerkb.com/topics/cve-2023-32067 CVE - 2023-32067 USN-6164-1 USN-6164-2

Debian: CVE-2023-31130: c-ares -- security update Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 05/25/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/30/2025 Description c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue.C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. Solution(s) debian-upgrade-c-ares References https://attackerkb.com/topics/cve-2023-31130 CVE - 2023-31130 DSA-5419-1

Debian: CVE-2023-28370: python-tornado -- security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 05/25/2023 Created 01/04/2025 Added 01/03/2025 Modified 01/28/2025 Description Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. Solution(s) debian-upgrade-python-tornado References https://attackerkb.com/topics/cve-2023-28370 CVE - 2023-28370 DLA-4007-1

Huawei EulerOS: CVE-2023-31147: c-ares security update Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/25/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. Solution(s) huawei-euleros-2_0_sp11-upgrade-c-ares References https://attackerkb.com/topics/cve-2023-31147 CVE - 2023-31147 EulerOS-SA-2023-2833

Huawei EulerOS: CVE-2023-31130: c-ares security update Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 05/25/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue.C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. Solution(s) huawei-euleros-2_0_sp11-upgrade-c-ares References https://attackerkb.com/topics/cve-2023-31130 CVE - 2023-31130 EulerOS-SA-2023-2676

SUSE: CVE-2023-0950: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/25/2023 Created 08/28/2023 Added 08/28/2023 Modified 01/28/2025 Description Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. Solution(s) suse-upgrade-atk-devel suse-upgrade-atk-doc suse-upgrade-atk-lang suse-upgrade-dragonbox-devel suse-upgrade-fixmath-devel suse-upgrade-libatk-1_0-0 suse-upgrade-libatk-1_0-0-32bit suse-upgrade-libmwaw-0_3-3 suse-upgrade-libmwaw-devel suse-upgrade-libmwaw-devel-doc suse-upgrade-libreoffice suse-upgrade-libreoffice-base suse-upgrade-libreoffice-base-drivers-postgresql suse-upgrade-libreoffice-branding-upstream suse-upgrade-libreoffice-calc suse-upgrade-libreoffice-calc-extensions suse-upgrade-libreoffice-draw suse-upgrade-libreoffice-filters-optional suse-upgrade-libreoffice-gdb-pretty-printers suse-upgrade-libreoffice-glade suse-upgrade-libreoffice-gnome suse-upgrade-libreoffice-gtk3 suse-upgrade-libreoffice-icon-themes suse-upgrade-libreoffice-impress suse-upgrade-libreoffice-l10n-af suse-upgrade-libreoffice-l10n-am suse-upgrade-libreoffice-l10n-ar suse-upgrade-libreoffice-l10n-as suse-upgrade-libreoffice-l10n-ast suse-upgrade-libreoffice-l10n-be suse-upgrade-libreoffice-l10n-bg suse-upgrade-libreoffice-l10n-bn suse-upgrade-libreoffice-l10n-bn_in suse-upgrade-libreoffice-l10n-bo suse-upgrade-libreoffice-l10n-br suse-upgrade-libreoffice-l10n-brx suse-upgrade-libreoffice-l10n-bs suse-upgrade-libreoffice-l10n-ca suse-upgrade-libreoffice-l10n-ca_valencia suse-upgrade-libreoffice-l10n-ckb suse-upgrade-libreoffice-l10n-cs suse-upgrade-libreoffice-l10n-cy suse-upgrade-libreoffice-l10n-da suse-upgrade-libreoffice-l10n-de suse-upgrade-libreoffice-l10n-dgo suse-upgrade-libreoffice-l10n-dsb suse-upgrade-libreoffice-l10n-dz suse-upgrade-libreoffice-l10n-el suse-upgrade-libreoffice-l10n-en suse-upgrade-libreoffice-l10n-en_gb suse-upgrade-libreoffice-l10n-en_za suse-upgrade-libreoffice-l10n-eo suse-upgrade-libreoffice-l10n-es suse-upgrade-libreoffice-l10n-et suse-upgrade-libreoffice-l10n-eu suse-upgrade-libreoffice-l10n-fa suse-upgrade-libreoffice-l10n-fi suse-upgrade-libreoffice-l10n-fr suse-upgrade-libreoffice-l10n-fur suse-upgrade-libreoffice-l10n-fy suse-upgrade-libreoffice-l10n-ga suse-upgrade-libreoffice-l10n-gd suse-upgrade-libreoffice-l10n-gl suse-upgrade-libreoffice-l10n-gu suse-upgrade-libreoffice-l10n-gug suse-upgrade-libreoffice-l10n-he suse-upgrade-libreoffice-l10n-hi suse-upgrade-libreoffice-l10n-hr suse-upgrade-libreoffice-l10n-hsb suse-upgrade-libreoffice-l10n-hu suse-upgrade-libreoffice-l10n-id suse-upgrade-libreoffice-l10n-is suse-upgrade-libreoffice-l10n-it suse-upgrade-libreoffice-l10n-ja suse-upgrade-libreoffice-l10n-ka suse-upgrade-libreoffice-l10n-kab suse-upgrade-libreoffice-l10n-kk suse-upgrade-libreoffice-l10n-km suse-upgrade-libreoffice-l10n-kmr_latn suse-upgrade-libreoffice-l10n-kn suse-upgrade-libreoffice-l10n-ko suse-upgrade-libreoffice-l10n-kok suse-upgrade-libreoffice-l10n-ks suse-upgrade-libreoffice-l10n-lb suse-upgrade-libreoffice-l10n-lo suse-upgrade-libreoffice-l10n-lt suse-upgrade-libreoffice-l10n-lv suse-upgrade-libreoffice-l10n-mai suse-upgrade-libreoffice-l10n-mk suse-upgrade-libreoffice-l10n-ml suse-upgrade-libreoffice-l10n-mn suse-upgrade-libreoffice-l10n-mni suse-upgrade-libreoffice-l10n-mr suse-upgrade-libreoffice-l10n-my suse-upgrade-libreoffice-l10n-nb suse-upgrade-libreoffice-l10n-ne suse-upgrade-libreoffice-l10n-nl suse-upgrade-libreoffice-l10n-nn suse-upgrade-libreoffice-l10n-nr suse-upgrade-libreoffice-l10n-nso suse-upgrade-libreoffice-l10n-oc suse-upgrade-libreoffice-l10n-om suse-upgrade-libreoffice-l10n-or suse-upgrade-libreoffice-l10n-pa suse-upgrade-libreoffice-l10n-pl suse-upgrade-libreoffice-l10n-pt_br suse-upgrade-libreoffice-l10n-pt_pt suse-upgrade-libreoffice-l10n-ro suse-upgrade-libreoffice-l10n-ru suse-upgrade-libreoffice-l10n-rw suse-upgrade-libreoffice-l10n-sa_in suse-upgrade-libreoffice-l10n-sat suse-upgrade-libreoffice-l10n-sd suse-upgrade-libreoffice-l10n-si suse-upgrade-libreoffice-l10n-sid suse-upgrade-libreoffice-l10n-sk suse-upgrade-libreoffice-l10n-sl suse-upgrade-libreoffice-l10n-sq suse-upgrade-libreoffice-l10n-sr suse-upgrade-libreoffice-l10n-ss suse-upgrade-libreoffice-l10n-st suse-upgrade-libreoffice-l10n-sv suse-upgrade-libreoffice-l10n-sw_tz suse-upgrade-libreoffice-l10n-szl suse-upgrade-libreoffice-l10n-ta suse-upgrade-libreoffice-l10n-te suse-upgrade-libreoffice-l10n-tg suse-upgrade-libreoffice-l10n-th suse-upgrade-libreoffice-l10n-tn suse-upgrade-libreoffice-l10n-tr suse-upgrade-libreoffice-l10n-ts suse-upgrade-libreoffice-l10n-tt suse-upgrade-libreoffice-l10n-ug suse-upgrade-libreoffice-l10n-uk suse-upgrade-libreoffice-l10n-uz suse-upgrade-libreoffice-l10n-ve suse-upgrade-libreoffice-l10n-vec suse-upgrade-libreoffice-l10n-vi suse-upgrade-libreoffice-l10n-xh suse-upgrade-libreoffice-l10n-zh_cn suse-upgrade-libreoffice-l10n-zh_tw suse-upgrade-libreoffice-l10n-zu suse-upgrade-libreoffice-librelogo suse-upgrade-libreoffice-mailmerge suse-upgrade-libreoffice-math suse-upgrade-libreoffice-officebean suse-upgrade-libreoffice-pyuno suse-upgrade-libreoffice-qt5 suse-upgrade-libreoffice-sdk suse-upgrade-libreoffice-sdk-doc suse-upgrade-libreoffice-writer suse-upgrade-libreoffice-writer-extensions suse-upgrade-libreofficekit suse-upgrade-libreofficekit-devel suse-upgrade-libxmlsec1-1 suse-upgrade-libxmlsec1-gcrypt1 suse-upgrade-libxmlsec1-gnutls1 suse-upgrade-libxmlsec1-nss1 suse-upgrade-libxmlsec1-openssl1 suse-upgrade-typelib-1_0-atk-1_0 suse-upgrade-xmlsec1 suse-upgrade-xmlsec1-devel suse-upgrade-xmlsec1-gcrypt-devel suse-upgrade-xmlsec1-gnutls-devel suse-upgrade-xmlsec1-nss-devel suse-upgrade-xmlsec1-openssl-devel References https://attackerkb.com/topics/cve-2023-0950 CVE - 2023-0950 DSA-5415

CentOS Linux: CVE-2023-28370: Moderate: python-tornado security update (CESA-2023:6523) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 05/25/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. Solution(s) centos-upgrade-python-tornado-debugsource centos-upgrade-python3-tornado centos-upgrade-python3-tornado-debuginfo References CVE-2023-28370

Oracle Linux: CVE-2023-2255: ELSA-2023-6508:libreoffice security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 05/25/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/28/2024 Description Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3. A vulnerability was found in LibreOffice. Improper access control in the editor components of The Document Foundation in LibreOffice allows an attacker to craft a document that causes external links to load without a prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, they would load the contents of those frames without prompting the user for permission. This action was inconsistent with the treatment of other linked content in LibreOffice. Solution(s) oracle-linux-upgrade-autocorr-af oracle-linux-upgrade-autocorr-bg oracle-linux-upgrade-autocorr-ca oracle-linux-upgrade-autocorr-cs oracle-linux-upgrade-autocorr-da oracle-linux-upgrade-autocorr-de oracle-linux-upgrade-autocorr-dsb oracle-linux-upgrade-autocorr-el oracle-linux-upgrade-autocorr-en oracle-linux-upgrade-autocorr-es oracle-linux-upgrade-autocorr-fa oracle-linux-upgrade-autocorr-fi oracle-linux-upgrade-autocorr-fr oracle-linux-upgrade-autocorr-ga oracle-linux-upgrade-autocorr-hr oracle-linux-upgrade-autocorr-hsb oracle-linux-upgrade-autocorr-hu oracle-linux-upgrade-autocorr-is oracle-linux-upgrade-autocorr-it oracle-linux-upgrade-autocorr-ja oracle-linux-upgrade-autocorr-ko oracle-linux-upgrade-autocorr-lb oracle-linux-upgrade-autocorr-lt oracle-linux-upgrade-autocorr-mn oracle-linux-upgrade-autocorr-nl oracle-linux-upgrade-autocorr-pl oracle-linux-upgrade-autocorr-pt oracle-linux-upgrade-autocorr-ro oracle-linux-upgrade-autocorr-ru oracle-linux-upgrade-autocorr-sk oracle-linux-upgrade-autocorr-sl oracle-linux-upgrade-autocorr-sr oracle-linux-upgrade-autocorr-sv oracle-linux-upgrade-autocorr-tr oracle-linux-upgrade-autocorr-vi oracle-linux-upgrade-autocorr-vro oracle-linux-upgrade-autocorr-zh oracle-linux-upgrade-libreoffice oracle-linux-upgrade-libreoffice-base oracle-linux-upgrade-libreoffice-calc oracle-linux-upgrade-libreoffice-core oracle-linux-upgrade-libreoffice-data oracle-linux-upgrade-libreoffice-draw oracle-linux-upgrade-libreoffice-emailmerge oracle-linux-upgrade-libreoffice-filters oracle-linux-upgrade-libreoffice-gdb-debug-support oracle-linux-upgrade-libreoffice-graphicfilter oracle-linux-upgrade-libreoffice-gtk3 oracle-linux-upgrade-libreoffice-help-ar oracle-linux-upgrade-libreoffice-help-bg oracle-linux-upgrade-libreoffice-help-bn oracle-linux-upgrade-libreoffice-help-ca oracle-linux-upgrade-libreoffice-help-cs oracle-linux-upgrade-libreoffice-help-da oracle-linux-upgrade-libreoffice-help-de oracle-linux-upgrade-libreoffice-help-dz oracle-linux-upgrade-libreoffice-help-el oracle-linux-upgrade-libreoffice-help-en oracle-linux-upgrade-libreoffice-help-eo oracle-linux-upgrade-libreoffice-help-es oracle-linux-upgrade-libreoffice-help-et oracle-linux-upgrade-libreoffice-help-eu oracle-linux-upgrade-libreoffice-help-fi oracle-linux-upgrade-libreoffice-help-fr oracle-linux-upgrade-libreoffice-help-gl oracle-linux-upgrade-libreoffice-help-gu oracle-linux-upgrade-libreoffice-help-he oracle-linux-upgrade-libreoffice-help-hi oracle-linux-upgrade-libreoffice-help-hr oracle-linux-upgrade-libreoffice-help-hu oracle-linux-upgrade-libreoffice-help-id oracle-linux-upgrade-libreoffice-help-it oracle-linux-upgrade-libreoffice-help-ja oracle-linux-upgrade-libreoffice-help-ko oracle-linux-upgrade-libreoffice-help-lt oracle-linux-upgrade-libreoffice-help-lv oracle-linux-upgrade-libreoffice-help-nb oracle-linux-upgrade-libreoffice-help-nl oracle-linux-upgrade-libreoffice-help-nn oracle-linux-upgrade-libreoffice-help-pl oracle-linux-upgrade-libreoffice-help-pt-br oracle-linux-upgrade-libreoffice-help-pt-pt oracle-linux-upgrade-libreoffice-help-ro oracle-linux-upgrade-libreoffice-help-ru oracle-linux-upgrade-libreoffice-help-si oracle-linux-upgrade-libreoffice-help-sk oracle-linux-upgrade-libreoffice-help-sl oracle-linux-upgrade-libreoffice-help-sv oracle-linux-upgrade-libreoffice-help-ta oracle-linux-upgrade-libreoffice-help-tr oracle-linux-upgrade-libreoffice-help-uk oracle-linux-upgrade-libreoffice-help-zh-hans oracle-linux-upgrade-libreoffice-help-zh-hant oracle-linux-upgrade-libreoffice-impress oracle-linux-upgrade-libreofficekit oracle-linux-upgrade-libreoffice-langpack-af oracle-linux-upgrade-libreoffice-langpack-ar oracle-linux-upgrade-libreoffice-langpack-as oracle-linux-upgrade-libreoffice-langpack-bg oracle-linux-upgrade-libreoffice-langpack-bn oracle-linux-upgrade-libreoffice-langpack-br oracle-linux-upgrade-libreoffice-langpack-ca oracle-linux-upgrade-libreoffice-langpack-cs oracle-linux-upgrade-libreoffice-langpack-cy oracle-linux-upgrade-libreoffice-langpack-da oracle-linux-upgrade-libreoffice-langpack-de oracle-linux-upgrade-libreoffice-langpack-dz oracle-linux-upgrade-libreoffice-langpack-el oracle-linux-upgrade-libreoffice-langpack-en oracle-linux-upgrade-libreoffice-langpack-eo oracle-linux-upgrade-libreoffice-langpack-es oracle-linux-upgrade-libreoffice-langpack-et oracle-linux-upgrade-libreoffice-langpack-eu oracle-linux-upgrade-libreoffice-langpack-fa oracle-linux-upgrade-libreoffice-langpack-fi oracle-linux-upgrade-libreoffice-langpack-fr oracle-linux-upgrade-libreoffice-langpack-fy oracle-linux-upgrade-libreoffice-langpack-ga oracle-linux-upgrade-libreoffice-langpack-gl oracle-linux-upgrade-libreoffice-langpack-gu oracle-linux-upgrade-libreoffice-langpack-he oracle-linux-upgrade-libreoffice-langpack-hi oracle-linux-upgrade-libreoffice-langpack-hr oracle-linux-upgrade-libreoffice-langpack-hu oracle-linux-upgrade-libreoffice-langpack-id oracle-linux-upgrade-libreoffice-langpack-it oracle-linux-upgrade-libreoffice-langpack-ja oracle-linux-upgrade-libreoffice-langpack-kk oracle-linux-upgrade-libreoffice-langpack-kn oracle-linux-upgrade-libreoffice-langpack-ko oracle-linux-upgrade-libreoffice-langpack-lt oracle-linux-upgrade-libreoffice-langpack-lv oracle-linux-upgrade-libreoffice-langpack-mai oracle-linux-upgrade-libreoffice-langpack-ml oracle-linux-upgrade-libreoffice-langpack-mr oracle-linux-upgrade-libreoffice-langpack-nb oracle-linux-upgrade-libreoffice-langpack-nl oracle-linux-upgrade-libreoffice-langpack-nn oracle-linux-upgrade-libreoffice-langpack-nr oracle-linux-upgrade-libreoffice-langpack-nso oracle-linux-upgrade-libreoffice-langpack-or oracle-linux-upgrade-libreoffice-langpack-pa oracle-linux-upgrade-libreoffice-langpack-pl oracle-linux-upgrade-libreoffice-langpack-pt-br oracle-linux-upgrade-libreoffice-langpack-pt-pt oracle-linux-upgrade-libreoffice-langpack-ro oracle-linux-upgrade-libreoffice-langpack-ru oracle-linux-upgrade-libreoffice-langpack-si oracle-linux-upgrade-libreoffice-langpack-sk oracle-linux-upgrade-libreoffice-langpack-sl oracle-linux-upgrade-libreoffice-langpack-sr oracle-linux-upgrade-libreoffice-langpack-ss oracle-linux-upgrade-libreoffice-langpack-st oracle-linux-upgrade-libreoffice-langpack-sv oracle-linux-upgrade-libreoffice-langpack-ta oracle-linux-upgrade-libreoffice-langpack-te oracle-linux-upgrade-libreoffice-langpack-th oracle-linux-upgrade-libreoffice-langpack-tn oracle-linux-upgrade-libreoffice-langpack-tr oracle-linux-upgrade-libreoffice-langpack-ts oracle-linux-upgrade-libreoffice-langpack-uk oracle-linux-upgrade-libreoffice-langpack-ve oracle-linux-upgrade-libreoffice-langpack-xh oracle-linux-upgrade-libreoffice-langpack-zh-hans oracle-linux-upgrade-libreoffice-langpack-zh-hant oracle-linux-upgrade-libreoffice-langpack-zu oracle-linux-upgrade-libreoffice-math oracle-linux-upgrade-libreoffice-ogltrans oracle-linux-upgrade-libreoffice-opensymbol-fonts oracle-linux-upgrade-libreoffice-pdfimport oracle-linux-upgrade-libreoffice-pyuno oracle-linux-upgrade-libreoffice-sdk oracle-linux-upgrade-libreoffice-sdk-doc oracle-linux-upgrade-libreoffice-ure oracle-linux-upgrade-libreoffice-ure-common oracle-linux-upgrade-libreoffice-wiki-publisher oracle-linux-upgrade-libreoffice-writer oracle-linux-upgrade-libreoffice-x11 oracle-linux-upgrade-libreoffice-xsltfilter References https://attackerkb.com/topics/cve-2023-2255 CVE - 2023-2255 ELSA-2023-6508 ELSA-2023-6933

Oracle Linux: CVE-2023-0950: ELSA-2023-6508:libreoffice security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:P/I:C/A:C) Published 05/25/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/28/2024 Description Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. A vulnerability was found in LibreOffice. Improper validation of the array index in the spreadsheet component of The Document Foundation in LibreOffice allows an attacker to craft a spreadsheet document that causes an array index underflow when loaded. In affected versions of LibreOffice, certain malformed spreadsheet formulas, such as AGGREGATE, could be created with fewer parameters passed to the formula interpreter than expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. Solution(s) oracle-linux-upgrade-autocorr-af oracle-linux-upgrade-autocorr-bg oracle-linux-upgrade-autocorr-ca oracle-linux-upgrade-autocorr-cs oracle-linux-upgrade-autocorr-da oracle-linux-upgrade-autocorr-de oracle-linux-upgrade-autocorr-dsb oracle-linux-upgrade-autocorr-el oracle-linux-upgrade-autocorr-en oracle-linux-upgrade-autocorr-es oracle-linux-upgrade-autocorr-fa oracle-linux-upgrade-autocorr-fi oracle-linux-upgrade-autocorr-fr oracle-linux-upgrade-autocorr-ga oracle-linux-upgrade-autocorr-hr oracle-linux-upgrade-autocorr-hsb oracle-linux-upgrade-autocorr-hu oracle-linux-upgrade-autocorr-is oracle-linux-upgrade-autocorr-it oracle-linux-upgrade-autocorr-ja oracle-linux-upgrade-autocorr-ko oracle-linux-upgrade-autocorr-lb oracle-linux-upgrade-autocorr-lt oracle-linux-upgrade-autocorr-mn oracle-linux-upgrade-autocorr-nl oracle-linux-upgrade-autocorr-pl oracle-linux-upgrade-autocorr-pt oracle-linux-upgrade-autocorr-ro oracle-linux-upgrade-autocorr-ru oracle-linux-upgrade-autocorr-sk oracle-linux-upgrade-autocorr-sl oracle-linux-upgrade-autocorr-sr oracle-linux-upgrade-autocorr-sv oracle-linux-upgrade-autocorr-tr oracle-linux-upgrade-autocorr-vi oracle-linux-upgrade-autocorr-vro oracle-linux-upgrade-autocorr-zh oracle-linux-upgrade-libreoffice oracle-linux-upgrade-libreoffice-base oracle-linux-upgrade-libreoffice-calc oracle-linux-upgrade-libreoffice-core oracle-linux-upgrade-libreoffice-data oracle-linux-upgrade-libreoffice-draw oracle-linux-upgrade-libreoffice-emailmerge oracle-linux-upgrade-libreoffice-filters oracle-linux-upgrade-libreoffice-gdb-debug-support oracle-linux-upgrade-libreoffice-graphicfilter oracle-linux-upgrade-libreoffice-gtk3 oracle-linux-upgrade-libreoffice-help-ar oracle-linux-upgrade-libreoffice-help-bg oracle-linux-upgrade-libreoffice-help-bn oracle-linux-upgrade-libreoffice-help-ca oracle-linux-upgrade-libreoffice-help-cs oracle-linux-upgrade-libreoffice-help-da oracle-linux-upgrade-libreoffice-help-de oracle-linux-upgrade-libreoffice-help-dz oracle-linux-upgrade-libreoffice-help-el oracle-linux-upgrade-libreoffice-help-en oracle-linux-upgrade-libreoffice-help-eo oracle-linux-upgrade-libreoffice-help-es oracle-linux-upgrade-libreoffice-help-et oracle-linux-upgrade-libreoffice-help-eu oracle-linux-upgrade-libreoffice-help-fi oracle-linux-upgrade-libreoffice-help-fr oracle-linux-upgrade-libreoffice-help-gl oracle-linux-upgrade-libreoffice-help-gu oracle-linux-upgrade-libreoffice-help-he oracle-linux-upgrade-libreoffice-help-hi oracle-linux-upgrade-libreoffice-help-hr oracle-linux-upgrade-libreoffice-help-hu oracle-linux-upgrade-libreoffice-help-id oracle-linux-upgrade-libreoffice-help-it oracle-linux-upgrade-libreoffice-help-ja oracle-linux-upgrade-libreoffice-help-ko oracle-linux-upgrade-libreoffice-help-lt oracle-linux-upgrade-libreoffice-help-lv oracle-linux-upgrade-libreoffice-help-nb oracle-linux-upgrade-libreoffice-help-nl oracle-linux-upgrade-libreoffice-help-nn oracle-linux-upgrade-libreoffice-help-pl oracle-linux-upgrade-libreoffice-help-pt-br oracle-linux-upgrade-libreoffice-help-pt-pt oracle-linux-upgrade-libreoffice-help-ro oracle-linux-upgrade-libreoffice-help-ru oracle-linux-upgrade-libreoffice-help-si oracle-linux-upgrade-libreoffice-help-sk oracle-linux-upgrade-libreoffice-help-sl oracle-linux-upgrade-libreoffice-help-sv oracle-linux-upgrade-libreoffice-help-ta oracle-linux-upgrade-libreoffice-help-tr oracle-linux-upgrade-libreoffice-help-uk oracle-linux-upgrade-libreoffice-help-zh-hans oracle-linux-upgrade-libreoffice-help-zh-hant oracle-linux-upgrade-libreoffice-impress oracle-linux-upgrade-libreofficekit oracle-linux-upgrade-libreoffice-langpack-af oracle-linux-upgrade-libreoffice-langpack-ar oracle-linux-upgrade-libreoffice-langpack-as oracle-linux-upgrade-libreoffice-langpack-bg oracle-linux-upgrade-libreoffice-langpack-bn oracle-linux-upgrade-libreoffice-langpack-br oracle-linux-upgrade-libreoffice-langpack-ca oracle-linux-upgrade-libreoffice-langpack-cs oracle-linux-upgrade-libreoffice-langpack-cy oracle-linux-upgrade-libreoffice-langpack-da oracle-linux-upgrade-libreoffice-langpack-de oracle-linux-upgrade-libreoffice-langpack-dz oracle-linux-upgrade-libreoffice-langpack-el oracle-linux-upgrade-libreoffice-langpack-en oracle-linux-upgrade-libreoffice-langpack-eo oracle-linux-upgrade-libreoffice-langpack-es oracle-linux-upgrade-libreoffice-langpack-et oracle-linux-upgrade-libreoffice-langpack-eu oracle-linux-upgrade-libreoffice-langpack-fa oracle-linux-upgrade-libreoffice-langpack-fi oracle-linux-upgrade-libreoffice-langpack-fr oracle-linux-upgrade-libreoffice-langpack-fy oracle-linux-upgrade-libreoffice-langpack-ga oracle-linux-upgrade-libreoffice-langpack-gl oracle-linux-upgrade-libreoffice-langpack-gu oracle-linux-upgrade-libreoffice-langpack-he oracle-linux-upgrade-libreoffice-langpack-hi oracle-linux-upgrade-libreoffice-langpack-hr oracle-linux-upgrade-libreoffice-langpack-hu oracle-linux-upgrade-libreoffice-langpack-id oracle-linux-upgrade-libreoffice-langpack-it oracle-linux-upgrade-libreoffice-langpack-ja oracle-linux-upgrade-libreoffice-langpack-kk oracle-linux-upgrade-libreoffice-langpack-kn oracle-linux-upgrade-libreoffice-langpack-ko oracle-linux-upgrade-libreoffice-langpack-lt oracle-linux-upgrade-libreoffice-langpack-lv oracle-linux-upgrade-libreoffice-langpack-mai oracle-linux-upgrade-libreoffice-langpack-ml oracle-linux-upgrade-libreoffice-langpack-mr oracle-linux-upgrade-libreoffice-langpack-nb oracle-linux-upgrade-libreoffice-langpack-nl oracle-linux-upgrade-libreoffice-langpack-nn oracle-linux-upgrade-libreoffice-langpack-nr oracle-linux-upgrade-libreoffice-langpack-nso oracle-linux-upgrade-libreoffice-langpack-or oracle-linux-upgrade-libreoffice-langpack-pa oracle-linux-upgrade-libreoffice-langpack-pl oracle-linux-upgrade-libreoffice-langpack-pt-br oracle-linux-upgrade-libreoffice-langpack-pt-pt oracle-linux-upgrade-libreoffice-langpack-ro oracle-linux-upgrade-libreoffice-langpack-ru oracle-linux-upgrade-libreoffice-langpack-si oracle-linux-upgrade-libreoffice-langpack-sk oracle-linux-upgrade-libreoffice-langpack-sl oracle-linux-upgrade-libreoffice-langpack-sr oracle-linux-upgrade-libreoffice-langpack-ss oracle-linux-upgrade-libreoffice-langpack-st oracle-linux-upgrade-libreoffice-langpack-sv oracle-linux-upgrade-libreoffice-langpack-ta oracle-linux-upgrade-libreoffice-langpack-te oracle-linux-upgrade-libreoffice-langpack-th oracle-linux-upgrade-libreoffice-langpack-tn oracle-linux-upgrade-libreoffice-langpack-tr oracle-linux-upgrade-libreoffice-langpack-ts oracle-linux-upgrade-libreoffice-langpack-uk oracle-linux-upgrade-libreoffice-langpack-ve oracle-linux-upgrade-libreoffice-langpack-xh oracle-linux-upgrade-libreoffice-langpack-zh-hans oracle-linux-upgrade-libreoffice-langpack-zh-hant oracle-linux-upgrade-libreoffice-langpack-zu oracle-linux-upgrade-libreoffice-math oracle-linux-upgrade-libreoffice-ogltrans oracle-linux-upgrade-libreoffice-opensymbol-fonts oracle-linux-upgrade-libreoffice-pdfimport oracle-linux-upgrade-libreoffice-pyuno oracle-linux-upgrade-libreoffice-sdk oracle-linux-upgrade-libreoffice-sdk-doc oracle-linux-upgrade-libreoffice-ure oracle-linux-upgrade-libreoffice-ure-common oracle-linux-upgrade-libreoffice-wiki-publisher oracle-linux-upgrade-libreoffice-writer oracle-linux-upgrade-libreoffice-x11 oracle-linux-upgrade-libreoffice-xsltfilter References https://attackerkb.com/topics/cve-2023-0950 CVE - 2023-0950 ELSA-2023-6508 ELSA-2023-6933

CentOS Linux: CVE-2023-0950: Moderate: libreoffice security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/25/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. Solution(s) centos-upgrade-autocorr-af centos-upgrade-autocorr-bg centos-upgrade-autocorr-ca centos-upgrade-autocorr-cs centos-upgrade-autocorr-da centos-upgrade-autocorr-de centos-upgrade-autocorr-dsb centos-upgrade-autocorr-el centos-upgrade-autocorr-en centos-upgrade-autocorr-es centos-upgrade-autocorr-fa centos-upgrade-autocorr-fi centos-upgrade-autocorr-fr centos-upgrade-autocorr-ga centos-upgrade-autocorr-hr centos-upgrade-autocorr-hsb centos-upgrade-autocorr-hu centos-upgrade-autocorr-is centos-upgrade-autocorr-it centos-upgrade-autocorr-ja centos-upgrade-autocorr-ko centos-upgrade-autocorr-lb centos-upgrade-autocorr-lt centos-upgrade-autocorr-mn centos-upgrade-autocorr-nl centos-upgrade-autocorr-pl centos-upgrade-autocorr-pt centos-upgrade-autocorr-ro centos-upgrade-autocorr-ru centos-upgrade-autocorr-sk centos-upgrade-autocorr-sl centos-upgrade-autocorr-sr centos-upgrade-autocorr-sv centos-upgrade-autocorr-tr centos-upgrade-autocorr-vi centos-upgrade-autocorr-vro centos-upgrade-autocorr-zh centos-upgrade-libreoffice centos-upgrade-libreoffice-base centos-upgrade-libreoffice-base-debuginfo centos-upgrade-libreoffice-calc centos-upgrade-libreoffice-calc-debuginfo centos-upgrade-libreoffice-core centos-upgrade-libreoffice-core-debuginfo centos-upgrade-libreoffice-data centos-upgrade-libreoffice-debuginfo centos-upgrade-libreoffice-debugsource centos-upgrade-libreoffice-draw centos-upgrade-libreoffice-emailmerge centos-upgrade-libreoffice-filters centos-upgrade-libreoffice-gdb-debug-support centos-upgrade-libreoffice-glade-debuginfo centos-upgrade-libreoffice-graphicfilter centos-upgrade-libreoffice-graphicfilter-debuginfo centos-upgrade-libreoffice-gtk3 centos-upgrade-libreoffice-gtk3-debuginfo centos-upgrade-libreoffice-help-ar centos-upgrade-libreoffice-help-bg centos-upgrade-libreoffice-help-bn centos-upgrade-libreoffice-help-ca centos-upgrade-libreoffice-help-cs centos-upgrade-libreoffice-help-da centos-upgrade-libreoffice-help-de centos-upgrade-libreoffice-help-dz centos-upgrade-libreoffice-help-el centos-upgrade-libreoffice-help-en centos-upgrade-libreoffice-help-eo centos-upgrade-libreoffice-help-es centos-upgrade-libreoffice-help-et centos-upgrade-libreoffice-help-eu centos-upgrade-libreoffice-help-fi centos-upgrade-libreoffice-help-fr centos-upgrade-libreoffice-help-gl centos-upgrade-libreoffice-help-gu centos-upgrade-libreoffice-help-he centos-upgrade-libreoffice-help-hi centos-upgrade-libreoffice-help-hr centos-upgrade-libreoffice-help-hu centos-upgrade-libreoffice-help-id centos-upgrade-libreoffice-help-it centos-upgrade-libreoffice-help-ja centos-upgrade-libreoffice-help-ko centos-upgrade-libreoffice-help-lt centos-upgrade-libreoffice-help-lv centos-upgrade-libreoffice-help-nb centos-upgrade-libreoffice-help-nl centos-upgrade-libreoffice-help-nn centos-upgrade-libreoffice-help-pl centos-upgrade-libreoffice-help-pt-br centos-upgrade-libreoffice-help-pt-pt centos-upgrade-libreoffice-help-ro centos-upgrade-libreoffice-help-ru centos-upgrade-libreoffice-help-si centos-upgrade-libreoffice-help-sk centos-upgrade-libreoffice-help-sl centos-upgrade-libreoffice-help-sv centos-upgrade-libreoffice-help-ta centos-upgrade-libreoffice-help-tr centos-upgrade-libreoffice-help-uk centos-upgrade-libreoffice-help-zh-hans centos-upgrade-libreoffice-help-zh-hant centos-upgrade-libreoffice-impress centos-upgrade-libreoffice-impress-debuginfo centos-upgrade-libreoffice-langpack-af centos-upgrade-libreoffice-langpack-ar centos-upgrade-libreoffice-langpack-as centos-upgrade-libreoffice-langpack-bg centos-upgrade-libreoffice-langpack-bn centos-upgrade-libreoffice-langpack-br centos-upgrade-libreoffice-langpack-ca centos-upgrade-libreoffice-langpack-cs centos-upgrade-libreoffice-langpack-cy centos-upgrade-libreoffice-langpack-da centos-upgrade-libreoffice-langpack-de centos-upgrade-libreoffice-langpack-dz centos-upgrade-libreoffice-langpack-el centos-upgrade-libreoffice-langpack-en centos-upgrade-libreoffice-langpack-eo centos-upgrade-libreoffice-langpack-es centos-upgrade-libreoffice-langpack-et centos-upgrade-libreoffice-langpack-eu centos-upgrade-libreoffice-langpack-fa centos-upgrade-libreoffice-langpack-fi centos-upgrade-libreoffice-langpack-fr centos-upgrade-libreoffice-langpack-fy centos-upgrade-libreoffice-langpack-ga centos-upgrade-libreoffice-langpack-gl centos-upgrade-libreoffice-langpack-gu centos-upgrade-libreoffice-langpack-he centos-upgrade-libreoffice-langpack-hi centos-upgrade-libreoffice-langpack-hr centos-upgrade-libreoffice-langpack-hu centos-upgrade-libreoffice-langpack-id centos-upgrade-libreoffice-langpack-it centos-upgrade-libreoffice-langpack-ja centos-upgrade-libreoffice-langpack-kk centos-upgrade-libreoffice-langpack-kn centos-upgrade-libreoffice-langpack-ko centos-upgrade-libreoffice-langpack-lt centos-upgrade-libreoffice-langpack-lv centos-upgrade-libreoffice-langpack-mai centos-upgrade-libreoffice-langpack-ml centos-upgrade-libreoffice-langpack-mr centos-upgrade-libreoffice-langpack-nb centos-upgrade-libreoffice-langpack-nl centos-upgrade-libreoffice-langpack-nn centos-upgrade-libreoffice-langpack-nr centos-upgrade-libreoffice-langpack-nso centos-upgrade-libreoffice-langpack-or centos-upgrade-libreoffice-langpack-pa centos-upgrade-libreoffice-langpack-pl centos-upgrade-libreoffice-langpack-pt-br centos-upgrade-libreoffice-langpack-pt-pt centos-upgrade-libreoffice-langpack-ro centos-upgrade-libreoffice-langpack-ru centos-upgrade-libreoffice-langpack-si centos-upgrade-libreoffice-langpack-sk centos-upgrade-libreoffice-langpack-sl centos-upgrade-libreoffice-langpack-sr centos-upgrade-libreoffice-langpack-ss centos-upgrade-libreoffice-langpack-st centos-upgrade-libreoffice-langpack-sv centos-upgrade-libreoffice-langpack-ta centos-upgrade-libreoffice-langpack-te centos-upgrade-libreoffice-langpack-th centos-upgrade-libreoffice-langpack-tn centos-upgrade-libreoffice-langpack-tr centos-upgrade-libreoffice-langpack-ts centos-upgrade-libreoffice-langpack-uk centos-upgrade-libreoffice-langpack-ve centos-upgrade-libreoffice-langpack-xh centos-upgrade-libreoffice-langpack-zh-hans centos-upgrade-libreoffice-langpack-zh-hant centos-upgrade-libreoffice-langpack-zu centos-upgrade-libreoffice-math centos-upgrade-libreoffice-officebean-debuginfo centos-upgrade-libreoffice-ogltrans centos-upgrade-libreoffice-ogltrans-debuginfo centos-upgrade-libreoffice-opensymbol-fonts centos-upgrade-libreoffice-pdfimport centos-upgrade-libreoffice-pdfimport-debuginfo centos-upgrade-libreoffice-postgresql-debuginfo centos-upgrade-libreoffice-pyuno centos-upgrade-libreoffice-pyuno-debuginfo centos-upgrade-libreoffice-sdk-debuginfo centos-upgrade-libreoffice-ure centos-upgrade-libreoffice-ure-common centos-upgrade-libreoffice-ure-debuginfo centos-upgrade-libreoffice-wiki-publisher centos-upgrade-libreoffice-writer centos-upgrade-libreoffice-writer-debuginfo centos-upgrade-libreoffice-x11 centos-upgrade-libreoffice-x11-debuginfo centos-upgrade-libreoffice-xsltfilter centos-upgrade-libreofficekit centos-upgrade-libreofficekit-debuginfo References DSA-5415 CVE-2023-0950

CentOS Linux: CVE-2023-0459: Important: kernel-rt security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 05/25/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/28/2025 Description Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-0459

Alma Linux: CVE-2023-0950: Moderate: libreoffice security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/25/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. Solution(s) alma-upgrade-autocorr-af alma-upgrade-autocorr-bg alma-upgrade-autocorr-ca alma-upgrade-autocorr-cs alma-upgrade-autocorr-da alma-upgrade-autocorr-de alma-upgrade-autocorr-dsb alma-upgrade-autocorr-el alma-upgrade-autocorr-en alma-upgrade-autocorr-es alma-upgrade-autocorr-fa alma-upgrade-autocorr-fi alma-upgrade-autocorr-fr alma-upgrade-autocorr-ga alma-upgrade-autocorr-hr alma-upgrade-autocorr-hsb alma-upgrade-autocorr-hu alma-upgrade-autocorr-is alma-upgrade-autocorr-it alma-upgrade-autocorr-ja alma-upgrade-autocorr-ko alma-upgrade-autocorr-lb alma-upgrade-autocorr-lt alma-upgrade-autocorr-mn alma-upgrade-autocorr-nl alma-upgrade-autocorr-pl alma-upgrade-autocorr-pt alma-upgrade-autocorr-ro alma-upgrade-autocorr-ru alma-upgrade-autocorr-sk alma-upgrade-autocorr-sl alma-upgrade-autocorr-sr alma-upgrade-autocorr-sv alma-upgrade-autocorr-tr alma-upgrade-autocorr-vi alma-upgrade-autocorr-vro alma-upgrade-autocorr-zh alma-upgrade-libreoffice alma-upgrade-libreoffice-base alma-upgrade-libreoffice-calc alma-upgrade-libreoffice-core alma-upgrade-libreoffice-data alma-upgrade-libreoffice-draw alma-upgrade-libreoffice-emailmerge alma-upgrade-libreoffice-filters alma-upgrade-libreoffice-gdb-debug-support alma-upgrade-libreoffice-graphicfilter alma-upgrade-libreoffice-gtk3 alma-upgrade-libreoffice-help-ar alma-upgrade-libreoffice-help-bg alma-upgrade-libreoffice-help-bn alma-upgrade-libreoffice-help-ca alma-upgrade-libreoffice-help-cs alma-upgrade-libreoffice-help-da alma-upgrade-libreoffice-help-de alma-upgrade-libreoffice-help-dz alma-upgrade-libreoffice-help-el alma-upgrade-libreoffice-help-en alma-upgrade-libreoffice-help-eo alma-upgrade-libreoffice-help-es alma-upgrade-libreoffice-help-et alma-upgrade-libreoffice-help-eu alma-upgrade-libreoffice-help-fi alma-upgrade-libreoffice-help-fr alma-upgrade-libreoffice-help-gl alma-upgrade-libreoffice-help-gu alma-upgrade-libreoffice-help-he alma-upgrade-libreoffice-help-hi alma-upgrade-libreoffice-help-hr alma-upgrade-libreoffice-help-hu alma-upgrade-libreoffice-help-id alma-upgrade-libreoffice-help-it alma-upgrade-libreoffice-help-ja alma-upgrade-libreoffice-help-ko alma-upgrade-libreoffice-help-lt alma-upgrade-libreoffice-help-lv alma-upgrade-libreoffice-help-nb alma-upgrade-libreoffice-help-nl alma-upgrade-libreoffice-help-nn alma-upgrade-libreoffice-help-pl alma-upgrade-libreoffice-help-pt-br alma-upgrade-libreoffice-help-pt-pt alma-upgrade-libreoffice-help-ro alma-upgrade-libreoffice-help-ru alma-upgrade-libreoffice-help-si alma-upgrade-libreoffice-help-sk alma-upgrade-libreoffice-help-sl alma-upgrade-libreoffice-help-sv alma-upgrade-libreoffice-help-ta alma-upgrade-libreoffice-help-tr alma-upgrade-libreoffice-help-uk alma-upgrade-libreoffice-help-zh-hans alma-upgrade-libreoffice-help-zh-hant alma-upgrade-libreoffice-impress alma-upgrade-libreoffice-langpack-af alma-upgrade-libreoffice-langpack-ar alma-upgrade-libreoffice-langpack-as alma-upgrade-libreoffice-langpack-bg alma-upgrade-libreoffice-langpack-bn alma-upgrade-libreoffice-langpack-br alma-upgrade-libreoffice-langpack-ca alma-upgrade-libreoffice-langpack-cs alma-upgrade-libreoffice-langpack-cy alma-upgrade-libreoffice-langpack-da alma-upgrade-libreoffice-langpack-de alma-upgrade-libreoffice-langpack-dz alma-upgrade-libreoffice-langpack-el alma-upgrade-libreoffice-langpack-en alma-upgrade-libreoffice-langpack-eo alma-upgrade-libreoffice-langpack-es alma-upgrade-libreoffice-langpack-et alma-upgrade-libreoffice-langpack-eu alma-upgrade-libreoffice-langpack-fa alma-upgrade-libreoffice-langpack-fi alma-upgrade-libreoffice-langpack-fr alma-upgrade-libreoffice-langpack-fy alma-upgrade-libreoffice-langpack-ga alma-upgrade-libreoffice-langpack-gl alma-upgrade-libreoffice-langpack-gu alma-upgrade-libreoffice-langpack-he alma-upgrade-libreoffice-langpack-hi alma-upgrade-libreoffice-langpack-hr alma-upgrade-libreoffice-langpack-hu alma-upgrade-libreoffice-langpack-id alma-upgrade-libreoffice-langpack-it alma-upgrade-libreoffice-langpack-ja alma-upgrade-libreoffice-langpack-kk alma-upgrade-libreoffice-langpack-kn alma-upgrade-libreoffice-langpack-ko alma-upgrade-libreoffice-langpack-lt alma-upgrade-libreoffice-langpack-lv alma-upgrade-libreoffice-langpack-mai alma-upgrade-libreoffice-langpack-ml alma-upgrade-libreoffice-langpack-mr alma-upgrade-libreoffice-langpack-nb alma-upgrade-libreoffice-langpack-nl alma-upgrade-libreoffice-langpack-nn alma-upgrade-libreoffice-langpack-nr alma-upgrade-libreoffice-langpack-nso alma-upgrade-libreoffice-langpack-or alma-upgrade-libreoffice-langpack-pa alma-upgrade-libreoffice-langpack-pl alma-upgrade-libreoffice-langpack-pt-br alma-upgrade-libreoffice-langpack-pt-pt alma-upgrade-libreoffice-langpack-ro alma-upgrade-libreoffice-langpack-ru alma-upgrade-libreoffice-langpack-si alma-upgrade-libreoffice-langpack-sk alma-upgrade-libreoffice-langpack-sl alma-upgrade-libreoffice-langpack-sr alma-upgrade-libreoffice-langpack-ss alma-upgrade-libreoffice-langpack-st alma-upgrade-libreoffice-langpack-sv alma-upgrade-libreoffice-langpack-ta alma-upgrade-libreoffice-langpack-te alma-upgrade-libreoffice-langpack-th alma-upgrade-libreoffice-langpack-tn alma-upgrade-libreoffice-langpack-tr alma-upgrade-libreoffice-langpack-ts alma-upgrade-libreoffice-langpack-uk alma-upgrade-libreoffice-langpack-ve alma-upgrade-libreoffice-langpack-xh alma-upgrade-libreoffice-langpack-zh-hans alma-upgrade-libreoffice-langpack-zh-hant alma-upgrade-libreoffice-langpack-zu alma-upgrade-libreoffice-math alma-upgrade-libreoffice-ogltrans alma-upgrade-libreoffice-opensymbol-fonts alma-upgrade-libreoffice-pdfimport alma-upgrade-libreoffice-pyuno alma-upgrade-libreoffice-sdk alma-upgrade-libreoffice-sdk-doc alma-upgrade-libreoffice-ure alma-upgrade-libreoffice-ure-common alma-upgrade-libreoffice-wiki-publisher alma-upgrade-libreoffice-writer alma-upgrade-libreoffice-x11 alma-upgrade-libreoffice-xsltfilter alma-upgrade-libreofficekit References https://attackerkb.com/topics/cve-2023-0950 CVE - 2023-0950 https://errata.almalinux.org/8/ALSA-2023-6933.html https://errata.almalinux.org/9/ALSA-2023-6508.html

SUSE: CVE-2023-31147: SUSE Linux Security Advisory Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/25/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. Solution(s) suse-upgrade-c-ares-devel suse-upgrade-c-ares-utils suse-upgrade-corepack16 suse-upgrade-corepack18 suse-upgrade-libcares-devel suse-upgrade-libcares2 suse-upgrade-libcares2-32bit suse-upgrade-nodejs16 suse-upgrade-nodejs16-devel suse-upgrade-nodejs16-docs suse-upgrade-nodejs18 suse-upgrade-nodejs18-devel suse-upgrade-nodejs18-docs suse-upgrade-npm16 suse-upgrade-npm18 References https://attackerkb.com/topics/cve-2023-31147 CVE - 2023-31147

Red Hat: CVE-2023-0459: Copy_from_user on 64-bit versions may leak kernel information (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 05/25/2023 Created 10/11/2023 Added 10/10/2023 Modified 01/30/2025 Description Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-0459 RHSA-2022:1975 RHSA-2022:1988

CentOS Linux: CVE-2023-31147: Important: nodejs:18 security update (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/25/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/28/2025 Description c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. Solution(s) centos-upgrade-c-ares centos-upgrade-c-ares-debuginfo centos-upgrade-c-ares-debugsource centos-upgrade-c-ares-devel centos-upgrade-nodejs centos-upgrade-nodejs-debuginfo centos-upgrade-nodejs-debugsource centos-upgrade-nodejs-devel centos-upgrade-nodejs-docs centos-upgrade-nodejs-full-i18n centos-upgrade-nodejs-libs centos-upgrade-nodejs-libs-debuginfo centos-upgrade-nodejs-nodemon centos-upgrade-nodejs-packaging centos-upgrade-nodejs-packaging-bundler centos-upgrade-npm References CVE-2023-31147

Apple iTunes security update for CVE-2023-32353 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/24/2023 Created 05/24/2023 Added 05/24/2023 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges. Solution(s) apple-itunes-upgrade-12_12_9 References https://attackerkb.com/topics/cve-2023-32353 CVE - 2023-32353 http://support.apple.com/kb/HT213763

CVE-2023-33010: Buffer overflow due to lack of input size checking Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/24/2023 Created 05/31/2023 Added 05/31/2023 Modified 06/06/2023 Description A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. Solution(s) zyxel-firewall-upgrade-latest References https://attackerkb.com/topics/cve-2023-33010 CVE - 2023-33010 https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls

Apple iTunes security update for CVE-2023-32351 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 05/24/2023 Created 05/24/2023 Added 05/24/2023 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges. Solution(s) apple-itunes-upgrade-12_12_9 References https://attackerkb.com/topics/cve-2023-32351 CVE - 2023-32351 http://support.apple.com/kb/HT213763

SUSE: CVE-2023-2859: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/24/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-2859 CVE - 2023-2859

Debian: CVE-2023-1667: libssh -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 05/24/2023 Created 05/24/2023 Added 05/24/2023 Modified 01/28/2025 Description A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. Solution(s) debian-upgrade-libssh References https://attackerkb.com/topics/cve-2023-1667 CVE - 2023-1667 DSA-5409-1

Ubuntu: USN-6101-1 (CVE-2023-25585): GNU binutils vulnerabilities Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/24/2023 Created 05/25/2023 Added 05/25/2023 Modified 01/28/2025 Description A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. Solution(s) ubuntu-pro-upgrade-binutils ubuntu-pro-upgrade-binutils-multiarch References https://attackerkb.com/topics/cve-2023-25585 CVE - 2023-25585 USN-6101-1

CVE-2023-33009: Buffer overflow due to lack of input size checking Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 05/24/2023 Created 05/31/2023 Added 05/31/2023 Modified 06/06/2023 Description A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. Solution(s) zyxel-firewall-upgrade-latest References https://attackerkb.com/topics/cve-2023-33009 CVE - 2023-33009 https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls

SUSE: CVE-2023-28120: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 05/24/2023 Created 05/25/2023 Added 05/25/2023 Modified 07/05/2023 Description This CVE is addressed in the SUSE advisories SUSE-SU-2023:2280-1, SUSE-SU-2023:2294-1, SUSE-SU-2023:2295-1, SUSE-SU-2023:2304-1, SUSE-SU-2023:2781-1, CVE-2023-28120. Solution(s) suse-upgrade-rmt-server suse-upgrade-rmt-server-config suse-upgrade-rmt-server-pubcloud References https://attackerkb.com/topics/cve-2023-28120 CVE - 2023-28120 SUSE-SU-2023:2280-1 SUSE-SU-2023:2294-1 SUSE-SU-2023:2295-1 SUSE-SU-2023:2304-1 SUSE-SU-2023:2781-1