ISHACK AI BOT

Oracle Linux: CVE-2023-28370: ELSA-2023-6523:python-tornado security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 05/25/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/27/2024 Description Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. A vulnerability was found in the python-tornado library. This flaw causes an open redirect vulnerability that allows a remote, unauthenticated attacker to redirect a user to an arbitrary website and conduct a phishing attack by having the user access a specially crafted URL. Solution(s) oracle-linux-upgrade-python3-tornado References https://attackerkb.com/topics/cve-2023-28370 CVE - 2023-28370 ELSA-2023-6523

Red Hat: CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (Multiple Advisories) Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 05/25/2023 Created 06/15/2023 Added 06/15/2023 Modified 01/30/2025 Description c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue.C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. Solution(s) redhat-upgrade-c-ares redhat-upgrade-c-ares-debuginfo redhat-upgrade-c-ares-debugsource redhat-upgrade-c-ares-devel redhat-upgrade-nodejs redhat-upgrade-nodejs-debuginfo redhat-upgrade-nodejs-debugsource redhat-upgrade-nodejs-devel redhat-upgrade-nodejs-docs redhat-upgrade-nodejs-full-i18n redhat-upgrade-nodejs-libs redhat-upgrade-nodejs-libs-debuginfo redhat-upgrade-nodejs-nodemon redhat-upgrade-nodejs-packaging redhat-upgrade-nodejs-packaging-bundler redhat-upgrade-npm References CVE-2023-31130 RHSA-2023:3577 RHSA-2023:3586 RHSA-2023:4033 RHSA-2023:4034 RHSA-2023:4035 RHSA-2023:4036 RHSA-2023:6635 RHSA-2023:7207 RHSA-2023:7392 RHSA-2023:7543 View more

Huawei EulerOS: CVE-2023-31147: c-ares security update Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 05/25/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. Solution(s) huawei-euleros-2_0_sp9-upgrade-c-ares References https://attackerkb.com/topics/cve-2023-31147 CVE - 2023-31147 EulerOS-SA-2023-2605

SUSE: CVE-2023-31124: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 05/25/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android.This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. Solution(s) suse-upgrade-c-ares-devel suse-upgrade-c-ares-utils suse-upgrade-corepack16 suse-upgrade-corepack18 suse-upgrade-libcares-devel suse-upgrade-libcares2 suse-upgrade-libcares2-32bit suse-upgrade-nodejs16 suse-upgrade-nodejs16-devel suse-upgrade-nodejs16-docs suse-upgrade-nodejs18 suse-upgrade-nodejs18-devel suse-upgrade-nodejs18-docs suse-upgrade-npm16 suse-upgrade-npm18 References https://attackerkb.com/topics/cve-2023-31124 CVE - 2023-31124

Huawei EulerOS: CVE-2023-31130: c-ares security update Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 05/25/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/30/2025 Description c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue.C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. Solution(s) huawei-euleros-2_0_sp9-upgrade-c-ares References https://attackerkb.com/topics/cve-2023-31130 CVE - 2023-31130 EulerOS-SA-2023-2605

CentOS Linux: CVE-2020-36694: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 05/21/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2020-36694

Red Hat: CVE-2020-36694: use-after-free in the packet processing context (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 05/21/2023 Created 08/30/2023 Added 08/30/2023 Modified 01/28/2025 Description An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2020-36694 RHSA-2021:1578 RHSA-2021:1739

SUSE: CVE-2020-36694: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 05/21/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12. Solution(s) suse-upgrade-dtb-al suse-upgrade-dtb-zte suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-devel suse-upgrade-kernel-docs suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-source suse-upgrade-kernel-syms suse-upgrade-kernel-zfcpdump suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2020-36694 CVE - 2020-36694

CentOS Linux: CVE-2023-32700: Important: texlive security update (CESA-2023:3661) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/20/2023 Created 06/21/2023 Added 06/20/2023 Modified 01/28/2025 Description LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Solution(s) centos-upgrade-texlive centos-upgrade-texlive-adjustbox centos-upgrade-texlive-ae centos-upgrade-texlive-algorithms centos-upgrade-texlive-alphalph centos-upgrade-texlive-amscls centos-upgrade-texlive-amsfonts centos-upgrade-texlive-amsmath centos-upgrade-texlive-anyfontsize centos-upgrade-texlive-anysize centos-upgrade-texlive-appendix centos-upgrade-texlive-arabxetex centos-upgrade-texlive-arphic centos-upgrade-texlive-atbegshi centos-upgrade-texlive-attachfile centos-upgrade-texlive-attachfile2 centos-upgrade-texlive-atveryend centos-upgrade-texlive-auxhook centos-upgrade-texlive-avantgar centos-upgrade-texlive-awesomebox centos-upgrade-texlive-babel centos-upgrade-texlive-babel-english centos-upgrade-texlive-babelbib centos-upgrade-texlive-base centos-upgrade-texlive-beamer centos-upgrade-texlive-bera centos-upgrade-texlive-beton centos-upgrade-texlive-bibtex centos-upgrade-texlive-bibtex-debuginfo centos-upgrade-texlive-bibtopic centos-upgrade-texlive-bidi centos-upgrade-texlive-bigfoot centos-upgrade-texlive-bigintcalc centos-upgrade-texlive-bitset centos-upgrade-texlive-bookman centos-upgrade-texlive-bookmark centos-upgrade-texlive-booktabs centos-upgrade-texlive-breakurl centos-upgrade-texlive-breqn centos-upgrade-texlive-capt-of centos-upgrade-texlive-caption centos-upgrade-texlive-carlisle centos-upgrade-texlive-catchfile centos-upgrade-texlive-changebar centos-upgrade-texlive-changepage centos-upgrade-texlive-charter centos-upgrade-texlive-chngcntr centos-upgrade-texlive-cite centos-upgrade-texlive-cjk centos-upgrade-texlive-classpack centos-upgrade-texlive-cm centos-upgrade-texlive-cm-lgc centos-upgrade-texlive-cm-super centos-upgrade-texlive-cmap centos-upgrade-texlive-cmextra centos-upgrade-texlive-cns centos-upgrade-texlive-collectbox centos-upgrade-texlive-collection-basic centos-upgrade-texlive-collection-fontsrecommended centos-upgrade-texlive-collection-htmlxml centos-upgrade-texlive-collection-latex centos-upgrade-texlive-collection-latexrecommended centos-upgrade-texlive-collection-xetex centos-upgrade-texlive-colorprofiles centos-upgrade-texlive-colortbl centos-upgrade-texlive-context centos-upgrade-texlive-courier centos-upgrade-texlive-crop centos-upgrade-texlive-csquotes centos-upgrade-texlive-ctable centos-upgrade-texlive-ctablestack centos-upgrade-texlive-currfile centos-upgrade-texlive-datetime centos-upgrade-texlive-debuginfo centos-upgrade-texlive-debugsource centos-upgrade-texlive-dehyph centos-upgrade-texlive-dvipdfmx centos-upgrade-texlive-dvipng centos-upgrade-texlive-dvipng-debuginfo centos-upgrade-texlive-dvips centos-upgrade-texlive-dvips-debuginfo centos-upgrade-texlive-dvisvgm centos-upgrade-texlive-dvisvgm-debuginfo centos-upgrade-texlive-ec centos-upgrade-texlive-eepic centos-upgrade-texlive-enctex centos-upgrade-texlive-enumitem centos-upgrade-texlive-environ centos-upgrade-texlive-epsf centos-upgrade-texlive-epstopdf centos-upgrade-texlive-epstopdf-pkg centos-upgrade-texlive-eqparbox centos-upgrade-texlive-eso-pic centos-upgrade-texlive-etex centos-upgrade-texlive-etex-pkg centos-upgrade-texlive-etexcmds centos-upgrade-texlive-etoc centos-upgrade-texlive-etoolbox centos-upgrade-texlive-euenc centos-upgrade-texlive-euler centos-upgrade-texlive-euro centos-upgrade-texlive-eurosym centos-upgrade-texlive-extsizes centos-upgrade-texlive-fancybox centos-upgrade-texlive-fancyhdr centos-upgrade-texlive-fancyref centos-upgrade-texlive-fancyvrb centos-upgrade-texlive-filecontents centos-upgrade-texlive-filehook centos-upgrade-texlive-finstrut centos-upgrade-texlive-fix2col centos-upgrade-texlive-fixlatvian centos-upgrade-texlive-float centos-upgrade-texlive-fmtcount centos-upgrade-texlive-fncychap centos-upgrade-texlive-fontawesome centos-upgrade-texlive-fontbook centos-upgrade-texlive-fonts-tlwg centos-upgrade-texlive-fontspec centos-upgrade-texlive-fontware centos-upgrade-texlive-fontware-debuginfo centos-upgrade-texlive-fontwrap centos-upgrade-texlive-footmisc centos-upgrade-texlive-footnotehyper centos-upgrade-texlive-fp centos-upgrade-texlive-fpl centos-upgrade-texlive-framed centos-upgrade-texlive-garuda-c90 centos-upgrade-texlive-geometry centos-upgrade-texlive-gettitlestring centos-upgrade-texlive-glyphlist centos-upgrade-texlive-graphics centos-upgrade-texlive-graphics-cfg centos-upgrade-texlive-graphics-def centos-upgrade-texlive-grfext centos-upgrade-texlive-grffile centos-upgrade-texlive-gsftopk centos-upgrade-texlive-gsftopk-debuginfo centos-upgrade-texlive-hanging centos-upgrade-texlive-helvetic centos-upgrade-texlive-hobsub centos-upgrade-texlive-hologo centos-upgrade-texlive-hycolor centos-upgrade-texlive-hyperref centos-upgrade-texlive-hyph-utf8 centos-upgrade-texlive-hyphen-base centos-upgrade-texlive-hyphenat centos-upgrade-texlive-hyphenex centos-upgrade-texlive-ifetex centos-upgrade-texlive-ifluatex centos-upgrade-texlive-ifmtarg centos-upgrade-texlive-ifoddpage centos-upgrade-texlive-ifplatform centos-upgrade-texlive-iftex centos-upgrade-texlive-ifxetex centos-upgrade-texlive-import centos-upgrade-texlive-index centos-upgrade-texlive-infwarerr centos-upgrade-texlive-intcalc centos-upgrade-texlive-jadetex centos-upgrade-texlive-jknapltx centos-upgrade-texlive-kastrup centos-upgrade-texlive-kerkis centos-upgrade-texlive-knuth-lib centos-upgrade-texlive-knuth-local centos-upgrade-texlive-koma-script centos-upgrade-texlive-kpathsea centos-upgrade-texlive-kpathsea-debuginfo centos-upgrade-texlive-kvdefinekeys centos-upgrade-texlive-kvoptions centos-upgrade-texlive-kvsetkeys centos-upgrade-texlive-l3backend centos-upgrade-texlive-l3experimental centos-upgrade-texlive-l3kernel centos-upgrade-texlive-l3packages centos-upgrade-texlive-lastpage centos-upgrade-texlive-latex centos-upgrade-texlive-latex-fonts centos-upgrade-texlive-latex2man centos-upgrade-texlive-latexbug centos-upgrade-texlive-latexconfig centos-upgrade-texlive-letltxmacro centos-upgrade-texlive-lettrine centos-upgrade-texlive-lib centos-upgrade-texlive-lib-debuginfo centos-upgrade-texlive-linegoal centos-upgrade-texlive-lineno centos-upgrade-texlive-listings centos-upgrade-texlive-listofitems centos-upgrade-texlive-lm centos-upgrade-texlive-lm-math centos-upgrade-texlive-ltabptch centos-upgrade-texlive-ltxcmds centos-upgrade-texlive-ltxmisc centos-upgrade-texlive-lua-alt-getopt centos-upgrade-texlive-luahbtex centos-upgrade-texlive-luahbtex-debuginfo centos-upgrade-texlive-luajittex-debuginfo centos-upgrade-texlive-lualatex-math centos-upgrade-texlive-lualibs centos-upgrade-texlive-luaotfload centos-upgrade-texlive-luatex centos-upgrade-texlive-luatex-debuginfo centos-upgrade-texlive-luatex85 centos-upgrade-texlive-luatexbase centos-upgrade-texlive-lwarp centos-upgrade-texlive-makecmds centos-upgrade-texlive-makeindex centos-upgrade-texlive-makeindex-debuginfo centos-upgrade-texlive-manfnt-font centos-upgrade-texlive-marginnote centos-upgrade-texlive-marvosym centos-upgrade-texlive-mathpazo centos-upgrade-texlive-mathspec centos-upgrade-texlive-mathtools centos-upgrade-texlive-mdwtools centos-upgrade-texlive-memoir centos-upgrade-texlive-metafont centos-upgrade-texlive-metafont-debuginfo centos-upgrade-texlive-metalogo centos-upgrade-texlive-metapost centos-upgrade-texlive-metapost-debuginfo centos-upgrade-texlive-mflogo centos-upgrade-texlive-mflogo-font centos-upgrade-texlive-mfnfss centos-upgrade-texlive-mfware centos-upgrade-texlive-mfware-debuginfo centos-upgrade-texlive-microtype centos-upgrade-texlive-minitoc centos-upgrade-texlive-mnsymbol centos-upgrade-texlive-modes centos-upgrade-texlive-mparhack centos-upgrade-texlive-mptopdf centos-upgrade-texlive-ms centos-upgrade-texlive-multido centos-upgrade-texlive-multirow centos-upgrade-texlive-natbib centos-upgrade-texlive-ncctools centos-upgrade-texlive-ncntrsbk centos-upgrade-texlive-needspace centos-upgrade-texlive-newfloat centos-upgrade-texlive-newunicodechar centos-upgrade-texlive-norasi-c90 centos-upgrade-texlive-notoccite centos-upgrade-texlive-ntgclass centos-upgrade-texlive-oberdiek centos-upgrade-texlive-obsolete centos-upgrade-texlive-overpic centos-upgrade-texlive-palatino centos-upgrade-texlive-paralist centos-upgrade-texlive-parallel centos-upgrade-texlive-parskip centos-upgrade-texlive-passivetex centos-upgrade-texlive-pdfcolmk centos-upgrade-texlive-pdfescape centos-upgrade-texlive-pdflscape centos-upgrade-texlive-pdfpages centos-upgrade-texlive-pdftex centos-upgrade-texlive-pdftex-debuginfo centos-upgrade-texlive-pdftexcmds centos-upgrade-texlive-pgf centos-upgrade-texlive-philokalia centos-upgrade-texlive-placeins centos-upgrade-texlive-plain centos-upgrade-texlive-polyglossia centos-upgrade-texlive-powerdot centos-upgrade-texlive-preprint centos-upgrade-texlive-psfrag centos-upgrade-texlive-pslatex centos-upgrade-texlive-psnfss centos-upgrade-texlive-pspicture centos-upgrade-texlive-pst-3d centos-upgrade-texlive-pst-arrow centos-upgrade-texlive-pst-blur centos-upgrade-texlive-pst-coil centos-upgrade-texlive-pst-eps centos-upgrade-texlive-pst-fill centos-upgrade-texlive-pst-grad centos-upgrade-texlive-pst-math centos-upgrade-texlive-pst-node centos-upgrade-texlive-pst-plot centos-upgrade-texlive-pst-slpe centos-upgrade-texlive-pst-text centos-upgrade-texlive-pst-tools centos-upgrade-texlive-pst-tree centos-upgrade-texlive-pstricks centos-upgrade-texlive-pstricks-add centos-upgrade-texlive-ptext centos-upgrade-texlive-pxfonts centos-upgrade-texlive-qstest centos-upgrade-texlive-ragged2e centos-upgrade-texlive-rcs centos-upgrade-texlive-realscripts centos-upgrade-texlive-refcount centos-upgrade-texlive-rerunfilecheck centos-upgrade-texlive-rsfs centos-upgrade-texlive-sansmath centos-upgrade-texlive-sansmathaccent centos-upgrade-texlive-sauerj centos-upgrade-texlive-scheme-basic centos-upgrade-texlive-section centos-upgrade-texlive-sectsty centos-upgrade-texlive-seminar centos-upgrade-texlive-sepnum centos-upgrade-texlive-setspace centos-upgrade-texlive-showexpl centos-upgrade-texlive-soul centos-upgrade-texlive-stackengine centos-upgrade-texlive-stmaryrd centos-upgrade-texlive-stringenc centos-upgrade-texlive-subfig centos-upgrade-texlive-subfigure centos-upgrade-texlive-svn-prov centos-upgrade-texlive-symbol centos-upgrade-texlive-t2 centos-upgrade-texlive-tabu centos-upgrade-texlive-tabulary centos-upgrade-texlive-tetex centos-upgrade-texlive-tex centos-upgrade-texlive-tex-debuginfo centos-upgrade-texlive-tex-gyre centos-upgrade-texlive-tex-gyre-math centos-upgrade-texlive-tex-ini-files centos-upgrade-texlive-tex4ht centos-upgrade-texlive-tex4ht-debuginfo centos-upgrade-texlive-texconfig centos-upgrade-texlive-texlive-common-doc centos-upgrade-texlive-texlive-docindex centos-upgrade-texlive-texlive-en centos-upgrade-texlive-texlive-infra centos-upgrade-texlive-texlive-msg-translations centos-upgrade-texlive-texlive-scripts centos-upgrade-texlive-texlive-scripts-extra centos-upgrade-texlive-textcase centos-upgrade-texlive-textpos centos-upgrade-texlive-threeparttable centos-upgrade-texlive-thumbpdf centos-upgrade-texlive-times centos-upgrade-texlive-tipa centos-upgrade-texlive-titlesec centos-upgrade-texlive-titling centos-upgrade-texlive-tocloft centos-upgrade-texlive-tools centos-upgrade-texlive-translator centos-upgrade-texlive-trimspaces centos-upgrade-texlive-txfonts centos-upgrade-texlive-type1cm centos-upgrade-texlive-typehtml centos-upgrade-texlive-ucharcat centos-upgrade-texlive-ucharclasses centos-upgrade-texlive-ucs centos-upgrade-texlive-uhc centos-upgrade-texlive-ulem centos-upgrade-texlive-underscore centos-upgrade-texlive-unicode-data centos-upgrade-texlive-unicode-math centos-upgrade-texlive-uniquecounter centos-upgrade-texlive-unisugar centos-upgrade-texlive-updmap-map centos-upgrade-texlive-upquote centos-upgrade-texlive-url centos-upgrade-texlive-utopia centos-upgrade-texlive-varwidth centos-upgrade-texlive-wadalab centos-upgrade-texlive-was centos-upgrade-texlive-wasy centos-upgrade-texlive-wasy-type1 centos-upgrade-texlive-wasy2-ps centos-upgrade-texlive-wasysym centos-upgrade-texlive-wrapfig centos-upgrade-texlive-xcolor centos-upgrade-texlive-xdvi centos-upgrade-texlive-xdvi-debuginfo centos-upgrade-texlive-xecjk centos-upgrade-texlive-xecolor centos-upgrade-texlive-xecyr centos-upgrade-texlive-xeindex centos-upgrade-texlive-xepersian centos-upgrade-texlive-xesearch centos-upgrade-texlive-xetex centos-upgrade-texlive-xetex-debuginfo centos-upgrade-texlive-xetex-itrans centos-upgrade-texlive-xetex-pstricks centos-upgrade-texlive-xetex-tibetan centos-upgrade-texlive-xetexconfig centos-upgrade-texlive-xetexfontinfo centos-upgrade-texlive-xifthen centos-upgrade-texlive-xkeyval centos-upgrade-texlive-xltxtra centos-upgrade-texlive-xmltex centos-upgrade-texlive-xmltexconfig centos-upgrade-texlive-xstring centos-upgrade-texlive-xtab centos-upgrade-texlive-xunicode centos-upgrade-texlive-zapfchan centos-upgrade-texlive-zapfding centos-upgrade-texlive-zref References CVE-2023-32700

Ubuntu: (CVE-2020-36694): linux vulnerability Severity 7 CVSS (AV:L/AC:L/Au:M/C:C/I:C/A:C) Published 05/21/2023 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-aws-hwe ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-4-15 ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-dell300x ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-4-15 ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gke ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-hwe ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lts-xenial ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 ubuntu-upgrade-linux-raspi2 ubuntu-upgrade-linux-snapdragon References https://attackerkb.com/topics/cve-2020-36694 CVE - 2020-36694 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10 https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cc00bcaa589914096edef7fb87ca5cee4a166b5c https://syzkaller.appspot.com/bug?id=0c4fd9c6aa04ec116d01e915d3b186f71a212cb2 https://www.cve.org/CVERecord?id=CVE-2020-36694

Gentoo Linux: CVE-2022-41766: MediaWiki: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 05/21/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed). Solution(s) gentoo-linux-upgrade-www-apps-mediawiki References https://attackerkb.com/topics/cve-2022-41766 CVE - 2022-41766 202305-24

Rocky Linux: CVE-2023-32700: texlive (RLSA-2023-3661) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/20/2023 Created 03/07/2024 Added 04/19/2024 Modified 01/28/2025 Description LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Solution(s) rocky-upgrade-texlive rocky-upgrade-texlive-bibtex rocky-upgrade-texlive-bibtex-debuginfo rocky-upgrade-texlive-debuginfo rocky-upgrade-texlive-debugsource rocky-upgrade-texlive-dvipdfmx rocky-upgrade-texlive-dvipng rocky-upgrade-texlive-dvipng-debuginfo rocky-upgrade-texlive-dvips rocky-upgrade-texlive-dvips-debuginfo rocky-upgrade-texlive-dvisvgm rocky-upgrade-texlive-dvisvgm-debuginfo rocky-upgrade-texlive-fontware rocky-upgrade-texlive-fontware-debuginfo rocky-upgrade-texlive-gsftopk rocky-upgrade-texlive-gsftopk-debuginfo rocky-upgrade-texlive-kpathsea rocky-upgrade-texlive-kpathsea-debuginfo rocky-upgrade-texlive-lib rocky-upgrade-texlive-lib-debuginfo rocky-upgrade-texlive-lib-devel rocky-upgrade-texlive-luahbtex rocky-upgrade-texlive-luahbtex-debuginfo rocky-upgrade-texlive-luatex rocky-upgrade-texlive-luatex-debuginfo rocky-upgrade-texlive-makeindex rocky-upgrade-texlive-makeindex-debuginfo rocky-upgrade-texlive-metafont rocky-upgrade-texlive-metafont-debuginfo rocky-upgrade-texlive-metapost rocky-upgrade-texlive-metapost-debuginfo rocky-upgrade-texlive-mfware rocky-upgrade-texlive-mfware-debuginfo rocky-upgrade-texlive-pdftex rocky-upgrade-texlive-pdftex-debuginfo rocky-upgrade-texlive-tex rocky-upgrade-texlive-tex-debuginfo rocky-upgrade-texlive-tex4ht rocky-upgrade-texlive-tex4ht-debuginfo rocky-upgrade-texlive-xdvi rocky-upgrade-texlive-xdvi-debuginfo rocky-upgrade-texlive-xetex rocky-upgrade-texlive-xetex-debuginfo References https://attackerkb.com/topics/cve-2023-32700 CVE - 2023-32700 https://errata.rockylinux.org/RLSA-2023:3661

Ubuntu: USN-6115-1 (CVE-2023-32700): TeX Live vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/20/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/28/2025 Description LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Solution(s) ubuntu-upgrade-texlive-binaries References https://attackerkb.com/topics/cve-2023-32700 CVE - 2023-32700 USN-6115-1

Alma Linux: CVE-2023-32700: Important: texlive security update (ALSA-2023-3661) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/20/2023 Created 06/27/2023 Added 06/27/2023 Modified 01/28/2025 Description LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Solution(s) alma-upgrade-texlive alma-upgrade-texlive-adjustbox alma-upgrade-texlive-ae alma-upgrade-texlive-algorithms alma-upgrade-texlive-alphalph alma-upgrade-texlive-amscls alma-upgrade-texlive-amsfonts alma-upgrade-texlive-amsmath alma-upgrade-texlive-anyfontsize alma-upgrade-texlive-anysize alma-upgrade-texlive-appendix alma-upgrade-texlive-arabxetex alma-upgrade-texlive-arphic alma-upgrade-texlive-atbegshi alma-upgrade-texlive-attachfile alma-upgrade-texlive-attachfile2 alma-upgrade-texlive-atveryend alma-upgrade-texlive-auxhook alma-upgrade-texlive-avantgar alma-upgrade-texlive-awesomebox alma-upgrade-texlive-babel alma-upgrade-texlive-babel-english alma-upgrade-texlive-babelbib alma-upgrade-texlive-base alma-upgrade-texlive-beamer alma-upgrade-texlive-bera alma-upgrade-texlive-beton alma-upgrade-texlive-bibtex alma-upgrade-texlive-bibtopic alma-upgrade-texlive-bidi alma-upgrade-texlive-bigfoot alma-upgrade-texlive-bigintcalc alma-upgrade-texlive-bitset alma-upgrade-texlive-bookman alma-upgrade-texlive-bookmark alma-upgrade-texlive-booktabs alma-upgrade-texlive-breakurl alma-upgrade-texlive-breqn alma-upgrade-texlive-capt-of alma-upgrade-texlive-caption alma-upgrade-texlive-carlisle alma-upgrade-texlive-catchfile alma-upgrade-texlive-changebar alma-upgrade-texlive-changepage alma-upgrade-texlive-charter alma-upgrade-texlive-chngcntr alma-upgrade-texlive-cite alma-upgrade-texlive-cjk alma-upgrade-texlive-classpack alma-upgrade-texlive-cm alma-upgrade-texlive-cm-lgc alma-upgrade-texlive-cm-super alma-upgrade-texlive-cmap alma-upgrade-texlive-cmextra alma-upgrade-texlive-cns alma-upgrade-texlive-collectbox alma-upgrade-texlive-collection-basic alma-upgrade-texlive-collection-fontsrecommended alma-upgrade-texlive-collection-htmlxml alma-upgrade-texlive-collection-latex alma-upgrade-texlive-collection-latexrecommended alma-upgrade-texlive-collection-xetex alma-upgrade-texlive-colorprofiles alma-upgrade-texlive-colortbl alma-upgrade-texlive-context alma-upgrade-texlive-courier alma-upgrade-texlive-crop alma-upgrade-texlive-csquotes alma-upgrade-texlive-ctable alma-upgrade-texlive-ctablestack alma-upgrade-texlive-currfile alma-upgrade-texlive-datetime alma-upgrade-texlive-dehyph alma-upgrade-texlive-dvipdfmx alma-upgrade-texlive-dvipng alma-upgrade-texlive-dvips alma-upgrade-texlive-dvisvgm alma-upgrade-texlive-ec alma-upgrade-texlive-eepic alma-upgrade-texlive-enctex alma-upgrade-texlive-enumitem alma-upgrade-texlive-environ alma-upgrade-texlive-epsf alma-upgrade-texlive-epstopdf alma-upgrade-texlive-epstopdf-pkg alma-upgrade-texlive-eqparbox alma-upgrade-texlive-eso-pic alma-upgrade-texlive-etex alma-upgrade-texlive-etex-pkg alma-upgrade-texlive-etexcmds alma-upgrade-texlive-etoc alma-upgrade-texlive-etoolbox alma-upgrade-texlive-euenc alma-upgrade-texlive-euler alma-upgrade-texlive-euro alma-upgrade-texlive-eurosym alma-upgrade-texlive-extsizes alma-upgrade-texlive-fancybox alma-upgrade-texlive-fancyhdr alma-upgrade-texlive-fancyref alma-upgrade-texlive-fancyvrb alma-upgrade-texlive-filecontents alma-upgrade-texlive-filehook alma-upgrade-texlive-finstrut alma-upgrade-texlive-fix2col alma-upgrade-texlive-fixlatvian alma-upgrade-texlive-float alma-upgrade-texlive-fmtcount alma-upgrade-texlive-fncychap alma-upgrade-texlive-fontawesome alma-upgrade-texlive-fontbook alma-upgrade-texlive-fonts-tlwg alma-upgrade-texlive-fontspec alma-upgrade-texlive-fontware alma-upgrade-texlive-fontwrap alma-upgrade-texlive-footmisc alma-upgrade-texlive-footnotehyper alma-upgrade-texlive-fp alma-upgrade-texlive-fpl alma-upgrade-texlive-framed alma-upgrade-texlive-garuda-c90 alma-upgrade-texlive-geometry alma-upgrade-texlive-gettitlestring alma-upgrade-texlive-glyphlist alma-upgrade-texlive-gnu-freefont alma-upgrade-texlive-graphics alma-upgrade-texlive-graphics-cfg alma-upgrade-texlive-graphics-def alma-upgrade-texlive-grfext alma-upgrade-texlive-grffile alma-upgrade-texlive-gsftopk alma-upgrade-texlive-hanging alma-upgrade-texlive-helvetic alma-upgrade-texlive-hobsub alma-upgrade-texlive-hologo alma-upgrade-texlive-hycolor alma-upgrade-texlive-hyperref alma-upgrade-texlive-hyph-utf8 alma-upgrade-texlive-hyphen-base alma-upgrade-texlive-hyphenat alma-upgrade-texlive-hyphenex alma-upgrade-texlive-ifmtarg alma-upgrade-texlive-ifoddpage alma-upgrade-texlive-ifplatform alma-upgrade-texlive-iftex alma-upgrade-texlive-import alma-upgrade-texlive-index alma-upgrade-texlive-infwarerr alma-upgrade-texlive-intcalc alma-upgrade-texlive-jadetex alma-upgrade-texlive-jknapltx alma-upgrade-texlive-kastrup alma-upgrade-texlive-kerkis alma-upgrade-texlive-knuth-lib alma-upgrade-texlive-knuth-local alma-upgrade-texlive-koma-script alma-upgrade-texlive-kpathsea alma-upgrade-texlive-kvdefinekeys alma-upgrade-texlive-kvoptions alma-upgrade-texlive-kvsetkeys alma-upgrade-texlive-l3backend alma-upgrade-texlive-l3experimental alma-upgrade-texlive-l3kernel alma-upgrade-texlive-l3packages alma-upgrade-texlive-lastpage alma-upgrade-texlive-latex alma-upgrade-texlive-latex-fonts alma-upgrade-texlive-latex2man alma-upgrade-texlive-latexbug alma-upgrade-texlive-latexconfig alma-upgrade-texlive-letltxmacro alma-upgrade-texlive-lettrine alma-upgrade-texlive-lib alma-upgrade-texlive-lib-devel alma-upgrade-texlive-linegoal alma-upgrade-texlive-lineno alma-upgrade-texlive-listings alma-upgrade-texlive-listofitems alma-upgrade-texlive-lm alma-upgrade-texlive-lm-math alma-upgrade-texlive-ltabptch alma-upgrade-texlive-ltxcmds alma-upgrade-texlive-ltxmisc alma-upgrade-texlive-lua-alt-getopt alma-upgrade-texlive-luahbtex alma-upgrade-texlive-lualatex-math alma-upgrade-texlive-lualibs alma-upgrade-texlive-luaotfload alma-upgrade-texlive-luatex alma-upgrade-texlive-luatex85 alma-upgrade-texlive-luatexbase alma-upgrade-texlive-lwarp alma-upgrade-texlive-makecmds alma-upgrade-texlive-makeindex alma-upgrade-texlive-manfnt-font alma-upgrade-texlive-marginnote alma-upgrade-texlive-marvosym alma-upgrade-texlive-mathpazo alma-upgrade-texlive-mathspec alma-upgrade-texlive-mathtools alma-upgrade-texlive-mdwtools alma-upgrade-texlive-memoir alma-upgrade-texlive-metafont alma-upgrade-texlive-metalogo alma-upgrade-texlive-metapost alma-upgrade-texlive-mflogo alma-upgrade-texlive-mflogo-font alma-upgrade-texlive-mfnfss alma-upgrade-texlive-mfware alma-upgrade-texlive-microtype alma-upgrade-texlive-minitoc alma-upgrade-texlive-mnsymbol alma-upgrade-texlive-modes alma-upgrade-texlive-mparhack alma-upgrade-texlive-mptopdf alma-upgrade-texlive-ms alma-upgrade-texlive-multido alma-upgrade-texlive-multirow alma-upgrade-texlive-natbib alma-upgrade-texlive-ncctools alma-upgrade-texlive-ncntrsbk alma-upgrade-texlive-needspace alma-upgrade-texlive-newfloat alma-upgrade-texlive-newunicodechar alma-upgrade-texlive-norasi-c90 alma-upgrade-texlive-notoccite alma-upgrade-texlive-ntgclass alma-upgrade-texlive-oberdiek alma-upgrade-texlive-obsolete alma-upgrade-texlive-overpic alma-upgrade-texlive-palatino alma-upgrade-texlive-paralist alma-upgrade-texlive-parallel alma-upgrade-texlive-parskip alma-upgrade-texlive-passivetex alma-upgrade-texlive-pdfcolmk alma-upgrade-texlive-pdfescape alma-upgrade-texlive-pdflscape alma-upgrade-texlive-pdfpages alma-upgrade-texlive-pdftex alma-upgrade-texlive-pdftexcmds alma-upgrade-texlive-pgf alma-upgrade-texlive-philokalia alma-upgrade-texlive-placeins alma-upgrade-texlive-plain alma-upgrade-texlive-polyglossia alma-upgrade-texlive-powerdot alma-upgrade-texlive-preprint alma-upgrade-texlive-psfrag alma-upgrade-texlive-pslatex alma-upgrade-texlive-psnfss alma-upgrade-texlive-pspicture alma-upgrade-texlive-pst-3d alma-upgrade-texlive-pst-arrow alma-upgrade-texlive-pst-blur alma-upgrade-texlive-pst-coil alma-upgrade-texlive-pst-eps alma-upgrade-texlive-pst-fill alma-upgrade-texlive-pst-grad alma-upgrade-texlive-pst-math alma-upgrade-texlive-pst-node alma-upgrade-texlive-pst-plot alma-upgrade-texlive-pst-slpe alma-upgrade-texlive-pst-text alma-upgrade-texlive-pst-tools alma-upgrade-texlive-pst-tree alma-upgrade-texlive-pstricks alma-upgrade-texlive-pstricks-add alma-upgrade-texlive-ptext alma-upgrade-texlive-pxfonts alma-upgrade-texlive-qstest alma-upgrade-texlive-ragged2e alma-upgrade-texlive-rcs alma-upgrade-texlive-realscripts alma-upgrade-texlive-refcount alma-upgrade-texlive-rerunfilecheck alma-upgrade-texlive-rsfs alma-upgrade-texlive-sansmath alma-upgrade-texlive-sansmathaccent alma-upgrade-texlive-sauerj alma-upgrade-texlive-scheme-basic alma-upgrade-texlive-section alma-upgrade-texlive-sectsty alma-upgrade-texlive-seminar alma-upgrade-texlive-sepnum alma-upgrade-texlive-setspace alma-upgrade-texlive-showexpl alma-upgrade-texlive-soul alma-upgrade-texlive-stackengine alma-upgrade-texlive-stmaryrd alma-upgrade-texlive-stringenc alma-upgrade-texlive-subfig alma-upgrade-texlive-subfigure alma-upgrade-texlive-svn-prov alma-upgrade-texlive-symbol alma-upgrade-texlive-t2 alma-upgrade-texlive-tabu alma-upgrade-texlive-tabulary alma-upgrade-texlive-tex alma-upgrade-texlive-tex-gyre alma-upgrade-texlive-tex-gyre-math alma-upgrade-texlive-tex-ini-files alma-upgrade-texlive-tex4ht alma-upgrade-texlive-texlive-common-doc alma-upgrade-texlive-texlive-docindex alma-upgrade-texlive-texlive-en alma-upgrade-texlive-texlive-msg-translations alma-upgrade-texlive-texlive-scripts alma-upgrade-texlive-texlive-scripts-extra alma-upgrade-texlive-texlive.infra alma-upgrade-texlive-textcase alma-upgrade-texlive-textpos alma-upgrade-texlive-threeparttable alma-upgrade-texlive-thumbpdf alma-upgrade-texlive-times alma-upgrade-texlive-tipa alma-upgrade-texlive-titlesec alma-upgrade-texlive-titling alma-upgrade-texlive-tocloft alma-upgrade-texlive-tools alma-upgrade-texlive-translator alma-upgrade-texlive-trimspaces alma-upgrade-texlive-txfonts alma-upgrade-texlive-type1cm alma-upgrade-texlive-typehtml alma-upgrade-texlive-ucharcat alma-upgrade-texlive-ucharclasses alma-upgrade-texlive-ucs alma-upgrade-texlive-uhc alma-upgrade-texlive-ulem alma-upgrade-texlive-underscore alma-upgrade-texlive-unicode-data alma-upgrade-texlive-unicode-math alma-upgrade-texlive-uniquecounter alma-upgrade-texlive-unisugar alma-upgrade-texlive-updmap-map alma-upgrade-texlive-upquote alma-upgrade-texlive-url alma-upgrade-texlive-utopia alma-upgrade-texlive-varwidth alma-upgrade-texlive-wadalab alma-upgrade-texlive-was alma-upgrade-texlive-wasy alma-upgrade-texlive-wasy-type1 alma-upgrade-texlive-wasysym alma-upgrade-texlive-wrapfig alma-upgrade-texlive-xcolor alma-upgrade-texlive-xdvi alma-upgrade-texlive-xecjk alma-upgrade-texlive-xecolor alma-upgrade-texlive-xecyr alma-upgrade-texlive-xeindex alma-upgrade-texlive-xepersian alma-upgrade-texlive-xesearch alma-upgrade-texlive-xetex alma-upgrade-texlive-xetex-itrans alma-upgrade-texlive-xetex-pstricks alma-upgrade-texlive-xetex-tibetan alma-upgrade-texlive-xetexconfig alma-upgrade-texlive-xetexfontinfo alma-upgrade-texlive-xifthen alma-upgrade-texlive-xkeyval alma-upgrade-texlive-xltxtra alma-upgrade-texlive-xmltex alma-upgrade-texlive-xmltexconfig alma-upgrade-texlive-xstring alma-upgrade-texlive-xtab alma-upgrade-texlive-xunicode alma-upgrade-texlive-zapfchan alma-upgrade-texlive-zapfding alma-upgrade-texlive-zref References https://attackerkb.com/topics/cve-2023-32700 CVE - 2023-32700 https://errata.almalinux.org/9/ALSA-2023-3661.html

Oracle Linux: CVE-2023-32700: ELSA-2023-3661:texlive security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 05/20/2023 Created 06/23/2023 Added 06/21/2023 Modified 01/07/2025 Description LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. An arbitrary code execution vulnerability was found in LuaTeX (TeX Live) that allows any document compiled with older versions of LuaTeX to execute arbitrary shell commands, even with shell escape disabled. Solution(s) oracle-linux-upgrade-texlive oracle-linux-upgrade-texlive-adjustbox oracle-linux-upgrade-texlive-ae oracle-linux-upgrade-texlive-algorithms oracle-linux-upgrade-texlive-alphalph oracle-linux-upgrade-texlive-amscls oracle-linux-upgrade-texlive-amsfonts oracle-linux-upgrade-texlive-amsmath oracle-linux-upgrade-texlive-anyfontsize oracle-linux-upgrade-texlive-anysize oracle-linux-upgrade-texlive-appendix oracle-linux-upgrade-texlive-arabxetex oracle-linux-upgrade-texlive-arphic oracle-linux-upgrade-texlive-atbegshi oracle-linux-upgrade-texlive-attachfile oracle-linux-upgrade-texlive-attachfile2 oracle-linux-upgrade-texlive-atveryend oracle-linux-upgrade-texlive-auxhook oracle-linux-upgrade-texlive-avantgar oracle-linux-upgrade-texlive-awesomebox oracle-linux-upgrade-texlive-babel oracle-linux-upgrade-texlive-babelbib oracle-linux-upgrade-texlive-babel-english oracle-linux-upgrade-texlive-base oracle-linux-upgrade-texlive-beamer oracle-linux-upgrade-texlive-bera oracle-linux-upgrade-texlive-beton oracle-linux-upgrade-texlive-bibtex oracle-linux-upgrade-texlive-bibtopic oracle-linux-upgrade-texlive-bidi oracle-linux-upgrade-texlive-bigfoot oracle-linux-upgrade-texlive-bigintcalc oracle-linux-upgrade-texlive-bitset oracle-linux-upgrade-texlive-bookman oracle-linux-upgrade-texlive-bookmark oracle-linux-upgrade-texlive-booktabs oracle-linux-upgrade-texlive-breakurl oracle-linux-upgrade-texlive-breqn oracle-linux-upgrade-texlive-caption oracle-linux-upgrade-texlive-capt-of oracle-linux-upgrade-texlive-carlisle oracle-linux-upgrade-texlive-catchfile oracle-linux-upgrade-texlive-changebar oracle-linux-upgrade-texlive-changepage oracle-linux-upgrade-texlive-charter oracle-linux-upgrade-texlive-chngcntr oracle-linux-upgrade-texlive-cite oracle-linux-upgrade-texlive-cjk oracle-linux-upgrade-texlive-classpack oracle-linux-upgrade-texlive-cm oracle-linux-upgrade-texlive-cmap oracle-linux-upgrade-texlive-cmextra oracle-linux-upgrade-texlive-cm-lgc oracle-linux-upgrade-texlive-cm-super oracle-linux-upgrade-texlive-cns oracle-linux-upgrade-texlive-collectbox oracle-linux-upgrade-texlive-collection-basic oracle-linux-upgrade-texlive-collection-fontsrecommended oracle-linux-upgrade-texlive-collection-htmlxml oracle-linux-upgrade-texlive-collection-latex oracle-linux-upgrade-texlive-collection-latexrecommended oracle-linux-upgrade-texlive-collection-xetex oracle-linux-upgrade-texlive-colorprofiles oracle-linux-upgrade-texlive-colortbl oracle-linux-upgrade-texlive-context oracle-linux-upgrade-texlive-courier oracle-linux-upgrade-texlive-crop oracle-linux-upgrade-texlive-csquotes oracle-linux-upgrade-texlive-ctable oracle-linux-upgrade-texlive-ctablestack oracle-linux-upgrade-texlive-currfile oracle-linux-upgrade-texlive-datetime oracle-linux-upgrade-texlive-dehyph oracle-linux-upgrade-texlive-dvipdfmx oracle-linux-upgrade-texlive-dvipng oracle-linux-upgrade-texlive-dvips oracle-linux-upgrade-texlive-dvisvgm oracle-linux-upgrade-texlive-ec oracle-linux-upgrade-texlive-eepic oracle-linux-upgrade-texlive-enctex oracle-linux-upgrade-texlive-enumitem oracle-linux-upgrade-texlive-environ oracle-linux-upgrade-texlive-epsf oracle-linux-upgrade-texlive-epstopdf oracle-linux-upgrade-texlive-epstopdf-pkg oracle-linux-upgrade-texlive-eqparbox oracle-linux-upgrade-texlive-eso-pic oracle-linux-upgrade-texlive-etex oracle-linux-upgrade-texlive-etexcmds oracle-linux-upgrade-texlive-etex-pkg oracle-linux-upgrade-texlive-etoc oracle-linux-upgrade-texlive-etoolbox oracle-linux-upgrade-texlive-euenc oracle-linux-upgrade-texlive-euler oracle-linux-upgrade-texlive-euro oracle-linux-upgrade-texlive-eurosym oracle-linux-upgrade-texlive-extsizes oracle-linux-upgrade-texlive-fancybox oracle-linux-upgrade-texlive-fancyhdr oracle-linux-upgrade-texlive-fancyref oracle-linux-upgrade-texlive-fancyvrb oracle-linux-upgrade-texlive-filecontents oracle-linux-upgrade-texlive-filehook oracle-linux-upgrade-texlive-finstrut oracle-linux-upgrade-texlive-fix2col oracle-linux-upgrade-texlive-fixlatvian oracle-linux-upgrade-texlive-float oracle-linux-upgrade-texlive-fmtcount oracle-linux-upgrade-texlive-fncychap oracle-linux-upgrade-texlive-fontawesome oracle-linux-upgrade-texlive-fontbook oracle-linux-upgrade-texlive-fontspec oracle-linux-upgrade-texlive-fonts-tlwg oracle-linux-upgrade-texlive-fontware oracle-linux-upgrade-texlive-fontwrap oracle-linux-upgrade-texlive-footmisc oracle-linux-upgrade-texlive-footnotehyper oracle-linux-upgrade-texlive-fp oracle-linux-upgrade-texlive-fpl oracle-linux-upgrade-texlive-framed oracle-linux-upgrade-texlive-garuda-c90 oracle-linux-upgrade-texlive-geometry oracle-linux-upgrade-texlive-gettitlestring oracle-linux-upgrade-texlive-glyphlist oracle-linux-upgrade-texlive-gnu-freefont oracle-linux-upgrade-texlive-graphics oracle-linux-upgrade-texlive-graphics-cfg oracle-linux-upgrade-texlive-graphics-def oracle-linux-upgrade-texlive-grfext oracle-linux-upgrade-texlive-grffile oracle-linux-upgrade-texlive-gsftopk oracle-linux-upgrade-texlive-hanging oracle-linux-upgrade-texlive-helvetic oracle-linux-upgrade-texlive-hobsub oracle-linux-upgrade-texlive-hologo oracle-linux-upgrade-texlive-hycolor oracle-linux-upgrade-texlive-hyperref oracle-linux-upgrade-texlive-hyphenat oracle-linux-upgrade-texlive-hyphen-base oracle-linux-upgrade-texlive-hyphenex oracle-linux-upgrade-texlive-hyph-utf8 oracle-linux-upgrade-texlive-ifetex oracle-linux-upgrade-texlive-ifluatex oracle-linux-upgrade-texlive-ifmtarg oracle-linux-upgrade-texlive-ifoddpage oracle-linux-upgrade-texlive-ifplatform oracle-linux-upgrade-texlive-iftex oracle-linux-upgrade-texlive-ifxetex oracle-linux-upgrade-texlive-import oracle-linux-upgrade-texlive-index oracle-linux-upgrade-texlive-infwarerr oracle-linux-upgrade-texlive-intcalc oracle-linux-upgrade-texlive-jadetex oracle-linux-upgrade-texlive-jknapltx oracle-linux-upgrade-texlive-kastrup oracle-linux-upgrade-texlive-kerkis oracle-linux-upgrade-texlive-knuth-lib oracle-linux-upgrade-texlive-knuth-local oracle-linux-upgrade-texlive-koma-script oracle-linux-upgrade-texlive-kpathsea oracle-linux-upgrade-texlive-kvdefinekeys oracle-linux-upgrade-texlive-kvoptions oracle-linux-upgrade-texlive-kvsetkeys oracle-linux-upgrade-texlive-l3backend oracle-linux-upgrade-texlive-l3experimental oracle-linux-upgrade-texlive-l3kernel oracle-linux-upgrade-texlive-l3packages oracle-linux-upgrade-texlive-lastpage oracle-linux-upgrade-texlive-latex oracle-linux-upgrade-texlive-latex2man oracle-linux-upgrade-texlive-latexbug oracle-linux-upgrade-texlive-latexconfig oracle-linux-upgrade-texlive-latex-fonts oracle-linux-upgrade-texlive-letltxmacro oracle-linux-upgrade-texlive-lettrine oracle-linux-upgrade-texlive-lib oracle-linux-upgrade-texlive-lib-devel oracle-linux-upgrade-texlive-linegoal oracle-linux-upgrade-texlive-lineno oracle-linux-upgrade-texlive-listings oracle-linux-upgrade-texlive-listofitems oracle-linux-upgrade-texlive-lm oracle-linux-upgrade-texlive-lm-math oracle-linux-upgrade-texlive-ltabptch oracle-linux-upgrade-texlive-ltxcmds oracle-linux-upgrade-texlive-ltxmisc oracle-linux-upgrade-texlive-lua-alt-getopt oracle-linux-upgrade-texlive-luahbtex oracle-linux-upgrade-texlive-lualatex-math oracle-linux-upgrade-texlive-lualibs oracle-linux-upgrade-texlive-luaotfload oracle-linux-upgrade-texlive-luatex oracle-linux-upgrade-texlive-luatex85 oracle-linux-upgrade-texlive-luatexbase oracle-linux-upgrade-texlive-lwarp oracle-linux-upgrade-texlive-makecmds oracle-linux-upgrade-texlive-makeindex oracle-linux-upgrade-texlive-manfnt-font oracle-linux-upgrade-texlive-marginnote oracle-linux-upgrade-texlive-marvosym oracle-linux-upgrade-texlive-mathpazo oracle-linux-upgrade-texlive-mathspec oracle-linux-upgrade-texlive-mathtools oracle-linux-upgrade-texlive-mdwtools oracle-linux-upgrade-texlive-memoir oracle-linux-upgrade-texlive-metafont oracle-linux-upgrade-texlive-metalogo oracle-linux-upgrade-texlive-metapost oracle-linux-upgrade-texlive-mflogo oracle-linux-upgrade-texlive-mflogo-font oracle-linux-upgrade-texlive-mfnfss oracle-linux-upgrade-texlive-mfware oracle-linux-upgrade-texlive-microtype oracle-linux-upgrade-texlive-minitoc oracle-linux-upgrade-texlive-mnsymbol oracle-linux-upgrade-texlive-modes oracle-linux-upgrade-texlive-mparhack oracle-linux-upgrade-texlive-mptopdf oracle-linux-upgrade-texlive-ms oracle-linux-upgrade-texlive-multido oracle-linux-upgrade-texlive-multirow oracle-linux-upgrade-texlive-natbib oracle-linux-upgrade-texlive-ncctools oracle-linux-upgrade-texlive-ncntrsbk oracle-linux-upgrade-texlive-needspace oracle-linux-upgrade-texlive-newfloat oracle-linux-upgrade-texlive-newunicodechar oracle-linux-upgrade-texlive-norasi-c90 oracle-linux-upgrade-texlive-notoccite oracle-linux-upgrade-texlive-ntgclass oracle-linux-upgrade-texlive-oberdiek oracle-linux-upgrade-texlive-obsolete oracle-linux-upgrade-texlive-overpic oracle-linux-upgrade-texlive-palatino oracle-linux-upgrade-texlive-paralist oracle-linux-upgrade-texlive-parallel oracle-linux-upgrade-texlive-parskip oracle-linux-upgrade-texlive-passivetex oracle-linux-upgrade-texlive-pdfcolmk oracle-linux-upgrade-texlive-pdfescape oracle-linux-upgrade-texlive-pdflscape oracle-linux-upgrade-texlive-pdfpages oracle-linux-upgrade-texlive-pdftex oracle-linux-upgrade-texlive-pdftexcmds oracle-linux-upgrade-texlive-pgf oracle-linux-upgrade-texlive-philokalia oracle-linux-upgrade-texlive-placeins oracle-linux-upgrade-texlive-plain oracle-linux-upgrade-texlive-polyglossia oracle-linux-upgrade-texlive-powerdot oracle-linux-upgrade-texlive-preprint oracle-linux-upgrade-texlive-psfrag oracle-linux-upgrade-texlive-pslatex oracle-linux-upgrade-texlive-psnfss oracle-linux-upgrade-texlive-pspicture oracle-linux-upgrade-texlive-pst-3d oracle-linux-upgrade-texlive-pst-arrow oracle-linux-upgrade-texlive-pst-blur oracle-linux-upgrade-texlive-pst-coil oracle-linux-upgrade-texlive-pst-eps oracle-linux-upgrade-texlive-pst-fill oracle-linux-upgrade-texlive-pst-grad oracle-linux-upgrade-texlive-pst-math oracle-linux-upgrade-texlive-pst-node oracle-linux-upgrade-texlive-pst-plot oracle-linux-upgrade-texlive-pstricks oracle-linux-upgrade-texlive-pstricks-add oracle-linux-upgrade-texlive-pst-slpe oracle-linux-upgrade-texlive-pst-text oracle-linux-upgrade-texlive-pst-tools oracle-linux-upgrade-texlive-pst-tree oracle-linux-upgrade-texlive-ptext oracle-linux-upgrade-texlive-pxfonts oracle-linux-upgrade-texlive-qstest oracle-linux-upgrade-texlive-ragged2e oracle-linux-upgrade-texlive-rcs oracle-linux-upgrade-texlive-realscripts oracle-linux-upgrade-texlive-refcount oracle-linux-upgrade-texlive-rerunfilecheck oracle-linux-upgrade-texlive-rsfs oracle-linux-upgrade-texlive-sansmath oracle-linux-upgrade-texlive-sansmathaccent oracle-linux-upgrade-texlive-sauerj oracle-linux-upgrade-texlive-scheme-basic oracle-linux-upgrade-texlive-section oracle-linux-upgrade-texlive-sectsty oracle-linux-upgrade-texlive-seminar oracle-linux-upgrade-texlive-sepnum oracle-linux-upgrade-texlive-setspace oracle-linux-upgrade-texlive-showexpl oracle-linux-upgrade-texlive-soul oracle-linux-upgrade-texlive-stackengine oracle-linux-upgrade-texlive-stmaryrd oracle-linux-upgrade-texlive-stringenc oracle-linux-upgrade-texlive-subfig oracle-linux-upgrade-texlive-subfigure oracle-linux-upgrade-texlive-svn-prov oracle-linux-upgrade-texlive-symbol oracle-linux-upgrade-texlive-t2 oracle-linux-upgrade-texlive-tabu oracle-linux-upgrade-texlive-tabulary oracle-linux-upgrade-texlive-tetex oracle-linux-upgrade-texlive-tex oracle-linux-upgrade-texlive-tex4ht oracle-linux-upgrade-texlive-texconfig oracle-linux-upgrade-texlive-tex-gyre oracle-linux-upgrade-texlive-tex-gyre-math oracle-linux-upgrade-texlive-tex-ini-files oracle-linux-upgrade-texlive-texlive-common-doc oracle-linux-upgrade-texlive-texlive-docindex oracle-linux-upgrade-texlive-texlive-en oracle-linux-upgrade-texlive-texlive-infra oracle-linux-upgrade-texlive-texlive-msg-translations oracle-linux-upgrade-texlive-texlive-scripts oracle-linux-upgrade-texlive-texlive-scripts-extra oracle-linux-upgrade-texlive-textcase oracle-linux-upgrade-texlive-textpos oracle-linux-upgrade-texlive-threeparttable oracle-linux-upgrade-texlive-thumbpdf oracle-linux-upgrade-texlive-times oracle-linux-upgrade-texlive-tipa oracle-linux-upgrade-texlive-titlesec oracle-linux-upgrade-texlive-titling oracle-linux-upgrade-texlive-tocloft oracle-linux-upgrade-texlive-tools oracle-linux-upgrade-texlive-translator oracle-linux-upgrade-texlive-trimspaces oracle-linux-upgrade-texlive-txfonts oracle-linux-upgrade-texlive-type1cm oracle-linux-upgrade-texlive-typehtml oracle-linux-upgrade-texlive-ucharcat oracle-linux-upgrade-texlive-ucharclasses oracle-linux-upgrade-texlive-ucs oracle-linux-upgrade-texlive-uhc oracle-linux-upgrade-texlive-ulem oracle-linux-upgrade-texlive-underscore oracle-linux-upgrade-texlive-unicode-data oracle-linux-upgrade-texlive-unicode-math oracle-linux-upgrade-texlive-uniquecounter oracle-linux-upgrade-texlive-unisugar oracle-linux-upgrade-texlive-updmap-map oracle-linux-upgrade-texlive-upquote oracle-linux-upgrade-texlive-url oracle-linux-upgrade-texlive-utopia oracle-linux-upgrade-texlive-varwidth oracle-linux-upgrade-texlive-wadalab oracle-linux-upgrade-texlive-was oracle-linux-upgrade-texlive-wasy oracle-linux-upgrade-texlive-wasy2-ps oracle-linux-upgrade-texlive-wasysym oracle-linux-upgrade-texlive-wasy-type1 oracle-linux-upgrade-texlive-wrapfig oracle-linux-upgrade-texlive-xcolor oracle-linux-upgrade-texlive-xdvi oracle-linux-upgrade-texlive-xecjk oracle-linux-upgrade-texlive-xecolor oracle-linux-upgrade-texlive-xecyr oracle-linux-upgrade-texlive-xeindex oracle-linux-upgrade-texlive-xepersian oracle-linux-upgrade-texlive-xesearch oracle-linux-upgrade-texlive-xetex oracle-linux-upgrade-texlive-xetexconfig oracle-linux-upgrade-texlive-xetexfontinfo oracle-linux-upgrade-texlive-xetex-itrans oracle-linux-upgrade-texlive-xetex-pstricks oracle-linux-upgrade-texlive-xetex-tibetan oracle-linux-upgrade-texlive-xifthen oracle-linux-upgrade-texlive-xkeyval oracle-linux-upgrade-texlive-xltxtra oracle-linux-upgrade-texlive-xmltex oracle-linux-upgrade-texlive-xmltexconfig oracle-linux-upgrade-texlive-xstring oracle-linux-upgrade-texlive-xtab oracle-linux-upgrade-texlive-xunicode oracle-linux-upgrade-texlive-zapfchan oracle-linux-upgrade-texlive-zapfding oracle-linux-upgrade-texlive-zref References https://attackerkb.com/topics/cve-2023-32700 CVE - 2023-32700 ELSA-2023-3661

Debian: CVE-2023-32700: texlive-bin -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/20/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Solution(s) debian-upgrade-texlive-bin References https://attackerkb.com/topics/cve-2023-32700 CVE - 2023-32700 DLA-3427-1 DSA-5406-1

Red Hat: CVE-2023-32700: arbitrary code execution allows document complied with older version (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/20/2023 Created 06/21/2023 Added 06/20/2023 Modified 01/28/2025 Description LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Solution(s) redhat-upgrade-texlive redhat-upgrade-texlive-adjustbox redhat-upgrade-texlive-ae redhat-upgrade-texlive-algorithms redhat-upgrade-texlive-alphalph redhat-upgrade-texlive-amscls redhat-upgrade-texlive-amsfonts redhat-upgrade-texlive-amsmath redhat-upgrade-texlive-anyfontsize redhat-upgrade-texlive-anysize redhat-upgrade-texlive-appendix redhat-upgrade-texlive-arabxetex redhat-upgrade-texlive-arphic redhat-upgrade-texlive-atbegshi redhat-upgrade-texlive-attachfile redhat-upgrade-texlive-attachfile2 redhat-upgrade-texlive-atveryend redhat-upgrade-texlive-auxhook redhat-upgrade-texlive-avantgar redhat-upgrade-texlive-awesomebox redhat-upgrade-texlive-babel redhat-upgrade-texlive-babel-english redhat-upgrade-texlive-babelbib redhat-upgrade-texlive-base redhat-upgrade-texlive-beamer redhat-upgrade-texlive-bera redhat-upgrade-texlive-beton redhat-upgrade-texlive-bibtex redhat-upgrade-texlive-bibtex-debuginfo redhat-upgrade-texlive-bibtopic redhat-upgrade-texlive-bidi redhat-upgrade-texlive-bigfoot redhat-upgrade-texlive-bigintcalc redhat-upgrade-texlive-bitset redhat-upgrade-texlive-bookman redhat-upgrade-texlive-bookmark redhat-upgrade-texlive-booktabs redhat-upgrade-texlive-breakurl redhat-upgrade-texlive-breqn redhat-upgrade-texlive-capt-of redhat-upgrade-texlive-caption redhat-upgrade-texlive-carlisle redhat-upgrade-texlive-catchfile redhat-upgrade-texlive-changebar redhat-upgrade-texlive-changepage redhat-upgrade-texlive-charter redhat-upgrade-texlive-chngcntr redhat-upgrade-texlive-cite redhat-upgrade-texlive-cjk redhat-upgrade-texlive-classpack redhat-upgrade-texlive-cm redhat-upgrade-texlive-cm-lgc redhat-upgrade-texlive-cm-super redhat-upgrade-texlive-cmap redhat-upgrade-texlive-cmextra redhat-upgrade-texlive-cns redhat-upgrade-texlive-collectbox redhat-upgrade-texlive-collection-basic redhat-upgrade-texlive-collection-fontsrecommended redhat-upgrade-texlive-collection-htmlxml redhat-upgrade-texlive-collection-latex redhat-upgrade-texlive-collection-latexrecommended redhat-upgrade-texlive-collection-xetex redhat-upgrade-texlive-colorprofiles redhat-upgrade-texlive-colortbl redhat-upgrade-texlive-context redhat-upgrade-texlive-courier redhat-upgrade-texlive-crop redhat-upgrade-texlive-csquotes redhat-upgrade-texlive-ctable redhat-upgrade-texlive-ctablestack redhat-upgrade-texlive-currfile redhat-upgrade-texlive-datetime redhat-upgrade-texlive-debuginfo redhat-upgrade-texlive-debugsource redhat-upgrade-texlive-dehyph redhat-upgrade-texlive-dvipdfmx redhat-upgrade-texlive-dvipng redhat-upgrade-texlive-dvipng-debuginfo redhat-upgrade-texlive-dvips redhat-upgrade-texlive-dvips-debuginfo redhat-upgrade-texlive-dvisvgm redhat-upgrade-texlive-dvisvgm-debuginfo redhat-upgrade-texlive-ec redhat-upgrade-texlive-eepic redhat-upgrade-texlive-enctex redhat-upgrade-texlive-enumitem redhat-upgrade-texlive-environ redhat-upgrade-texlive-epsf redhat-upgrade-texlive-epstopdf redhat-upgrade-texlive-epstopdf-pkg redhat-upgrade-texlive-eqparbox redhat-upgrade-texlive-eso-pic redhat-upgrade-texlive-etex redhat-upgrade-texlive-etex-pkg redhat-upgrade-texlive-etexcmds redhat-upgrade-texlive-etoc redhat-upgrade-texlive-etoolbox redhat-upgrade-texlive-euenc redhat-upgrade-texlive-euler redhat-upgrade-texlive-euro redhat-upgrade-texlive-eurosym redhat-upgrade-texlive-extsizes redhat-upgrade-texlive-fancybox redhat-upgrade-texlive-fancyhdr redhat-upgrade-texlive-fancyref redhat-upgrade-texlive-fancyvrb redhat-upgrade-texlive-filecontents redhat-upgrade-texlive-filehook redhat-upgrade-texlive-finstrut redhat-upgrade-texlive-fix2col redhat-upgrade-texlive-fixlatvian redhat-upgrade-texlive-float redhat-upgrade-texlive-fmtcount redhat-upgrade-texlive-fncychap redhat-upgrade-texlive-fontawesome redhat-upgrade-texlive-fontbook redhat-upgrade-texlive-fonts-tlwg redhat-upgrade-texlive-fontspec redhat-upgrade-texlive-fontware redhat-upgrade-texlive-fontware-debuginfo redhat-upgrade-texlive-fontwrap redhat-upgrade-texlive-footmisc redhat-upgrade-texlive-footnotehyper redhat-upgrade-texlive-fp redhat-upgrade-texlive-fpl redhat-upgrade-texlive-framed redhat-upgrade-texlive-garuda-c90 redhat-upgrade-texlive-geometry redhat-upgrade-texlive-gettitlestring redhat-upgrade-texlive-glyphlist redhat-upgrade-texlive-gnu-freefont redhat-upgrade-texlive-graphics redhat-upgrade-texlive-graphics-cfg redhat-upgrade-texlive-graphics-def redhat-upgrade-texlive-grfext redhat-upgrade-texlive-grffile redhat-upgrade-texlive-gsftopk redhat-upgrade-texlive-gsftopk-debuginfo redhat-upgrade-texlive-hanging redhat-upgrade-texlive-helvetic redhat-upgrade-texlive-hobsub redhat-upgrade-texlive-hologo redhat-upgrade-texlive-hycolor redhat-upgrade-texlive-hyperref redhat-upgrade-texlive-hyph-utf8 redhat-upgrade-texlive-hyphen-base redhat-upgrade-texlive-hyphenat redhat-upgrade-texlive-hyphenex redhat-upgrade-texlive-ifetex redhat-upgrade-texlive-ifluatex redhat-upgrade-texlive-ifmtarg redhat-upgrade-texlive-ifoddpage redhat-upgrade-texlive-ifplatform redhat-upgrade-texlive-iftex redhat-upgrade-texlive-ifxetex redhat-upgrade-texlive-import redhat-upgrade-texlive-index redhat-upgrade-texlive-infwarerr redhat-upgrade-texlive-intcalc redhat-upgrade-texlive-jadetex redhat-upgrade-texlive-jknapltx redhat-upgrade-texlive-kastrup redhat-upgrade-texlive-kerkis redhat-upgrade-texlive-knuth-lib redhat-upgrade-texlive-knuth-local redhat-upgrade-texlive-koma-script redhat-upgrade-texlive-kpathsea redhat-upgrade-texlive-kpathsea-debuginfo redhat-upgrade-texlive-kvdefinekeys redhat-upgrade-texlive-kvoptions redhat-upgrade-texlive-kvsetkeys redhat-upgrade-texlive-l3backend redhat-upgrade-texlive-l3experimental redhat-upgrade-texlive-l3kernel redhat-upgrade-texlive-l3packages redhat-upgrade-texlive-lastpage redhat-upgrade-texlive-latex redhat-upgrade-texlive-latex-fonts redhat-upgrade-texlive-latex2man redhat-upgrade-texlive-latexbug redhat-upgrade-texlive-latexconfig redhat-upgrade-texlive-letltxmacro redhat-upgrade-texlive-lettrine redhat-upgrade-texlive-lib redhat-upgrade-texlive-lib-debuginfo redhat-upgrade-texlive-lib-devel redhat-upgrade-texlive-linegoal redhat-upgrade-texlive-lineno redhat-upgrade-texlive-listings redhat-upgrade-texlive-listofitems redhat-upgrade-texlive-lm redhat-upgrade-texlive-lm-math redhat-upgrade-texlive-ltabptch redhat-upgrade-texlive-ltxcmds redhat-upgrade-texlive-ltxmisc redhat-upgrade-texlive-lua-alt-getopt redhat-upgrade-texlive-luahbtex redhat-upgrade-texlive-luahbtex-debuginfo redhat-upgrade-texlive-luajittex-debuginfo redhat-upgrade-texlive-lualatex-math redhat-upgrade-texlive-lualibs redhat-upgrade-texlive-luaotfload redhat-upgrade-texlive-luatex redhat-upgrade-texlive-luatex-debuginfo redhat-upgrade-texlive-luatex85 redhat-upgrade-texlive-luatexbase redhat-upgrade-texlive-lwarp redhat-upgrade-texlive-makecmds redhat-upgrade-texlive-makeindex redhat-upgrade-texlive-makeindex-debuginfo redhat-upgrade-texlive-manfnt-font redhat-upgrade-texlive-marginnote redhat-upgrade-texlive-marvosym redhat-upgrade-texlive-mathpazo redhat-upgrade-texlive-mathspec redhat-upgrade-texlive-mathtools redhat-upgrade-texlive-mdwtools redhat-upgrade-texlive-memoir redhat-upgrade-texlive-metafont redhat-upgrade-texlive-metafont-debuginfo redhat-upgrade-texlive-metalogo redhat-upgrade-texlive-metapost redhat-upgrade-texlive-metapost-debuginfo redhat-upgrade-texlive-mflogo redhat-upgrade-texlive-mflogo-font redhat-upgrade-texlive-mfnfss redhat-upgrade-texlive-mfware redhat-upgrade-texlive-mfware-debuginfo redhat-upgrade-texlive-microtype redhat-upgrade-texlive-minitoc redhat-upgrade-texlive-mnsymbol redhat-upgrade-texlive-modes redhat-upgrade-texlive-mparhack redhat-upgrade-texlive-mptopdf redhat-upgrade-texlive-ms redhat-upgrade-texlive-multido redhat-upgrade-texlive-multirow redhat-upgrade-texlive-natbib redhat-upgrade-texlive-ncctools redhat-upgrade-texlive-ncntrsbk redhat-upgrade-texlive-needspace redhat-upgrade-texlive-newfloat redhat-upgrade-texlive-newunicodechar redhat-upgrade-texlive-norasi-c90 redhat-upgrade-texlive-notoccite redhat-upgrade-texlive-ntgclass redhat-upgrade-texlive-oberdiek redhat-upgrade-texlive-obsolete redhat-upgrade-texlive-overpic redhat-upgrade-texlive-palatino redhat-upgrade-texlive-paralist redhat-upgrade-texlive-parallel redhat-upgrade-texlive-parskip redhat-upgrade-texlive-passivetex redhat-upgrade-texlive-pdfcolmk redhat-upgrade-texlive-pdfescape redhat-upgrade-texlive-pdflscape redhat-upgrade-texlive-pdfpages redhat-upgrade-texlive-pdftex redhat-upgrade-texlive-pdftex-debuginfo redhat-upgrade-texlive-pdftexcmds redhat-upgrade-texlive-pgf redhat-upgrade-texlive-philokalia redhat-upgrade-texlive-placeins redhat-upgrade-texlive-plain redhat-upgrade-texlive-polyglossia redhat-upgrade-texlive-powerdot redhat-upgrade-texlive-preprint redhat-upgrade-texlive-psfrag redhat-upgrade-texlive-pslatex redhat-upgrade-texlive-psnfss redhat-upgrade-texlive-pspicture redhat-upgrade-texlive-pst-3d redhat-upgrade-texlive-pst-arrow redhat-upgrade-texlive-pst-blur redhat-upgrade-texlive-pst-coil redhat-upgrade-texlive-pst-eps redhat-upgrade-texlive-pst-fill redhat-upgrade-texlive-pst-grad redhat-upgrade-texlive-pst-math redhat-upgrade-texlive-pst-node redhat-upgrade-texlive-pst-plot redhat-upgrade-texlive-pst-slpe redhat-upgrade-texlive-pst-text redhat-upgrade-texlive-pst-tools redhat-upgrade-texlive-pst-tree redhat-upgrade-texlive-pstricks redhat-upgrade-texlive-pstricks-add redhat-upgrade-texlive-ptext redhat-upgrade-texlive-pxfonts redhat-upgrade-texlive-qstest redhat-upgrade-texlive-ragged2e redhat-upgrade-texlive-rcs redhat-upgrade-texlive-realscripts redhat-upgrade-texlive-refcount redhat-upgrade-texlive-rerunfilecheck redhat-upgrade-texlive-rsfs redhat-upgrade-texlive-sansmath redhat-upgrade-texlive-sansmathaccent redhat-upgrade-texlive-sauerj redhat-upgrade-texlive-scheme-basic redhat-upgrade-texlive-section redhat-upgrade-texlive-sectsty redhat-upgrade-texlive-seminar redhat-upgrade-texlive-sepnum redhat-upgrade-texlive-setspace redhat-upgrade-texlive-showexpl redhat-upgrade-texlive-soul redhat-upgrade-texlive-stackengine redhat-upgrade-texlive-stmaryrd redhat-upgrade-texlive-stringenc redhat-upgrade-texlive-subfig redhat-upgrade-texlive-subfigure redhat-upgrade-texlive-svn-prov redhat-upgrade-texlive-symbol redhat-upgrade-texlive-t2 redhat-upgrade-texlive-tabu redhat-upgrade-texlive-tabulary redhat-upgrade-texlive-tetex redhat-upgrade-texlive-tex redhat-upgrade-texlive-tex-debuginfo redhat-upgrade-texlive-tex-gyre redhat-upgrade-texlive-tex-gyre-math redhat-upgrade-texlive-tex-ini-files redhat-upgrade-texlive-tex4ht redhat-upgrade-texlive-tex4ht-debuginfo redhat-upgrade-texlive-texconfig redhat-upgrade-texlive-texlive-common-doc redhat-upgrade-texlive-texlive-docindex redhat-upgrade-texlive-texlive-en redhat-upgrade-texlive-texlive-infra redhat-upgrade-texlive-texlive-msg-translations redhat-upgrade-texlive-texlive-scripts redhat-upgrade-texlive-texlive-scripts-extra redhat-upgrade-texlive-textcase redhat-upgrade-texlive-textpos redhat-upgrade-texlive-threeparttable redhat-upgrade-texlive-thumbpdf redhat-upgrade-texlive-times redhat-upgrade-texlive-tipa redhat-upgrade-texlive-titlesec redhat-upgrade-texlive-titling redhat-upgrade-texlive-tocloft redhat-upgrade-texlive-tools redhat-upgrade-texlive-translator redhat-upgrade-texlive-trimspaces redhat-upgrade-texlive-txfonts redhat-upgrade-texlive-type1cm redhat-upgrade-texlive-typehtml redhat-upgrade-texlive-ucharcat redhat-upgrade-texlive-ucharclasses redhat-upgrade-texlive-ucs redhat-upgrade-texlive-uhc redhat-upgrade-texlive-ulem redhat-upgrade-texlive-underscore redhat-upgrade-texlive-unicode-data redhat-upgrade-texlive-unicode-math redhat-upgrade-texlive-uniquecounter redhat-upgrade-texlive-unisugar redhat-upgrade-texlive-updmap-map redhat-upgrade-texlive-upquote redhat-upgrade-texlive-url redhat-upgrade-texlive-utopia redhat-upgrade-texlive-varwidth redhat-upgrade-texlive-wadalab redhat-upgrade-texlive-was redhat-upgrade-texlive-wasy redhat-upgrade-texlive-wasy-type1 redhat-upgrade-texlive-wasy2-ps redhat-upgrade-texlive-wasysym redhat-upgrade-texlive-wrapfig redhat-upgrade-texlive-xcolor redhat-upgrade-texlive-xdvi redhat-upgrade-texlive-xdvi-debuginfo redhat-upgrade-texlive-xecjk redhat-upgrade-texlive-xecolor redhat-upgrade-texlive-xecyr redhat-upgrade-texlive-xeindex redhat-upgrade-texlive-xepersian redhat-upgrade-texlive-xesearch redhat-upgrade-texlive-xetex redhat-upgrade-texlive-xetex-debuginfo redhat-upgrade-texlive-xetex-itrans redhat-upgrade-texlive-xetex-pstricks redhat-upgrade-texlive-xetex-tibetan redhat-upgrade-texlive-xetexconfig redhat-upgrade-texlive-xetexfontinfo redhat-upgrade-texlive-xifthen redhat-upgrade-texlive-xkeyval redhat-upgrade-texlive-xltxtra redhat-upgrade-texlive-xmltex redhat-upgrade-texlive-xmltexconfig redhat-upgrade-texlive-xstring redhat-upgrade-texlive-xtab redhat-upgrade-texlive-xunicode redhat-upgrade-texlive-zapfchan redhat-upgrade-texlive-zapfding redhat-upgrade-texlive-zref References CVE-2023-32700 RHSA-2023:3661

Alpine Linux: CVE-2023-32700: Vulnerability in Multiple Components Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/20/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Solution(s) alpine-linux-upgrade-texlive References https://attackerkb.com/topics/cve-2023-32700 CVE - 2023-32700 https://security.alpinelinux.org/vuln/CVE-2023-32700

SUSE: CVE-2023-32700: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 05/20/2023 Created 05/25/2023 Added 05/25/2023 Modified 01/28/2025 Description LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. Solution(s) suse-upgrade-texlive suse-upgrade-texlive-a2ping-bin suse-upgrade-texlive-accfonts-bin suse-upgrade-texlive-adhocfilelist-bin suse-upgrade-texlive-afm2pl-bin suse-upgrade-texlive-albatross-bin suse-upgrade-texlive-aleph-bin suse-upgrade-texlive-amstex-bin suse-upgrade-texlive-arara-bin suse-upgrade-texlive-asymptote-bin suse-upgrade-texlive-attachfile2-bin suse-upgrade-texlive-authorindex-bin suse-upgrade-texlive-autosp-bin suse-upgrade-texlive-axodraw2-bin suse-upgrade-texlive-bib2gls-bin suse-upgrade-texlive-biber-bin suse-upgrade-texlive-bibexport-bin suse-upgrade-texlive-bibtex-bin suse-upgrade-texlive-bibtex8-bin suse-upgrade-texlive-bibtexu-bin suse-upgrade-texlive-bin-devel suse-upgrade-texlive-bundledoc-bin suse-upgrade-texlive-cachepic-bin suse-upgrade-texlive-checkcites-bin suse-upgrade-texlive-checklistings-bin suse-upgrade-texlive-chklref-bin suse-upgrade-texlive-chktex-bin suse-upgrade-texlive-cjk-gs-integrate-bin suse-upgrade-texlive-cjkutils-bin suse-upgrade-texlive-clojure-pamphlet-bin suse-upgrade-texlive-cluttex-bin suse-upgrade-texlive-context-bin suse-upgrade-texlive-convbkmk-bin suse-upgrade-texlive-crossrefware-bin suse-upgrade-texlive-cslatex-bin suse-upgrade-texlive-csplain-bin suse-upgrade-texlive-ctan-o-mat-bin suse-upgrade-texlive-ctanbib-bin suse-upgrade-texlive-ctanify-bin suse-upgrade-texlive-ctanupload-bin suse-upgrade-texlive-ctie-bin suse-upgrade-texlive-cweb-bin suse-upgrade-texlive-cyrillic-bin-bin suse-upgrade-texlive-de-macro-bin suse-upgrade-texlive-detex-bin suse-upgrade-texlive-diadia-bin suse-upgrade-texlive-dosepsbin-bin suse-upgrade-texlive-dtl-bin suse-upgrade-texlive-dtxgen-bin suse-upgrade-texlive-dviasm-bin suse-upgrade-texlive-dvicopy-bin suse-upgrade-texlive-dvidvi-bin suse-upgrade-texlive-dviinfox-bin suse-upgrade-texlive-dviljk-bin suse-upgrade-texlive-dviout-util-bin suse-upgrade-texlive-dvipdfmx-bin suse-upgrade-texlive-dvipng-bin suse-upgrade-texlive-dvipos-bin suse-upgrade-texlive-dvips-bin suse-upgrade-texlive-dvisvgm-bin suse-upgrade-texlive-ebong-bin suse-upgrade-texlive-eplain-bin suse-upgrade-texlive-epspdf-bin suse-upgrade-texlive-epstopdf-bin suse-upgrade-texlive-exceltex-bin suse-upgrade-texlive-fig4latex-bin suse-upgrade-texlive-findhyph-bin suse-upgrade-texlive-fontinst-bin suse-upgrade-texlive-fontools-bin suse-upgrade-texlive-fontware-bin suse-upgrade-texlive-fragmaster-bin suse-upgrade-texlive-getmap-bin suse-upgrade-texlive-git-latexdiff-bin suse-upgrade-texlive-glossaries-bin suse-upgrade-texlive-gregoriotex-bin suse-upgrade-texlive-gsftopk-bin suse-upgrade-texlive-hyperxmp-bin suse-upgrade-texlive-jadetex-bin suse-upgrade-texlive-jfmutil-bin suse-upgrade-texlive-ketcindy-bin suse-upgrade-texlive-kotex-utils-bin suse-upgrade-texlive-kpathsea-bin suse-upgrade-texlive-kpathsea-devel suse-upgrade-texlive-l3build-bin suse-upgrade-texlive-lacheck-bin suse-upgrade-texlive-latex-bin-bin suse-upgrade-texlive-latex-bin-dev-bin suse-upgrade-texlive-latex-git-log-bin suse-upgrade-texlive-latex-papersize-bin suse-upgrade-texlive-latex2man-bin suse-upgrade-texlive-latex2nemeth-bin suse-upgrade-texlive-latexdiff-bin suse-upgrade-texlive-latexfileversion-bin suse-upgrade-texlive-latexindent-bin suse-upgrade-texlive-latexmk-bin suse-upgrade-texlive-latexpand-bin suse-upgrade-texlive-lcdftypetools-bin suse-upgrade-texlive-light-latex-make-bin suse-upgrade-texlive-lilyglyphs-bin suse-upgrade-texlive-listbib-bin suse-upgrade-texlive-listings-ext-bin suse-upgrade-texlive-lollipop-bin suse-upgrade-texlive-ltxfileinfo-bin suse-upgrade-texlive-ltximg-bin suse-upgrade-texlive-lua2dox-bin suse-upgrade-texlive-luahbtex-bin suse-upgrade-texlive-luajittex-bin suse-upgrade-texlive-luaotfload-bin suse-upgrade-texlive-luatex-bin suse-upgrade-texlive-lwarp-bin suse-upgrade-texlive-m-tx-bin suse-upgrade-texlive-make4ht-bin suse-upgrade-texlive-makedtx-bin suse-upgrade-texlive-makeindex-bin suse-upgrade-texlive-match_parens-bin suse-upgrade-texlive-mathspic-bin suse-upgrade-texlive-metafont-bin suse-upgrade-texlive-metapost-bin suse-upgrade-texlive-mex-bin suse-upgrade-texlive-mf2pt1-bin suse-upgrade-texlive-mflua-bin suse-upgrade-texlive-mfware-bin suse-upgrade-texlive-mkgrkindex-bin suse-upgrade-texlive-mkjobtexmf-bin suse-upgrade-texlive-mkpic-bin suse-upgrade-texlive-mltex-bin suse-upgrade-texlive-mptopdf-bin suse-upgrade-texlive-multibibliography-bin suse-upgrade-texlive-musixtex-bin suse-upgrade-texlive-musixtnt-bin suse-upgrade-texlive-omegaware-bin suse-upgrade-texlive-optex-bin suse-upgrade-texlive-patgen-bin suse-upgrade-texlive-pax-bin suse-upgrade-texlive-pdfbook2-bin suse-upgrade-texlive-pdfcrop-bin suse-upgrade-texlive-pdfjam-bin suse-upgrade-texlive-pdflatexpicscale-bin suse-upgrade-texlive-pdftex-bin suse-upgrade-texlive-pdftex-quiet-bin suse-upgrade-texlive-pdftools-bin suse-upgrade-texlive-pdftosrc-bin suse-upgrade-texlive-pdfxup-bin suse-upgrade-texlive-pedigree-perl-bin suse-upgrade-texlive-perltex-bin suse-upgrade-texlive-petri-nets-bin suse-upgrade-texlive-pfarrei-bin suse-upgrade-texlive-pkfix-bin suse-upgrade-texlive-pkfix-helper-bin suse-upgrade-texlive-platex-bin suse-upgrade-texlive-pmx-bin suse-upgrade-texlive-pmxchords-bin suse-upgrade-texlive-ps2eps-bin suse-upgrade-texlive-ps2pk-bin suse-upgrade-texlive-pst-pdf-bin suse-upgrade-texlive-pst2pdf-bin suse-upgrade-texlive-pstools-bin suse-upgrade-texlive-ptex-bin suse-upgrade-texlive-ptex-fontmaps-bin suse-upgrade-texlive-ptex2pdf-bin suse-upgrade-texlive-ptexenc-devel suse-upgrade-texlive-purifyeps-bin suse-upgrade-texlive-pygmentex-bin suse-upgrade-texlive-pythontex-bin suse-upgrade-texlive-rubik-bin suse-upgrade-texlive-scripts-bin suse-upgrade-texlive-scripts-extra-bin suse-upgrade-texlive-seetexk-bin suse-upgrade-texlive-spix-bin suse-upgrade-texlive-splitindex-bin suse-upgrade-texlive-srcredact-bin suse-upgrade-texlive-sty2dtx-bin suse-upgrade-texlive-svn-multi-bin suse-upgrade-texlive-synctex-bin suse-upgrade-texlive-synctex-devel suse-upgrade-texlive-tetex-bin suse-upgrade-texlive-tex-bin suse-upgrade-texlive-tex4ebook-bin suse-upgrade-texlive-tex4ht-bin suse-upgrade-texlive-texconfig-bin suse-upgrade-texlive-texcount-bin suse-upgrade-texlive-texdef-bin suse-upgrade-texlive-texdiff-bin suse-upgrade-texlive-texdirflatten-bin suse-upgrade-texlive-texdoc-bin suse-upgrade-texlive-texdoctk-bin suse-upgrade-texlive-texfot-bin suse-upgrade-texlive-texliveonfly-bin suse-upgrade-texlive-texloganalyser-bin suse-upgrade-texlive-texlua-devel suse-upgrade-texlive-texluajit-devel suse-upgrade-texlive-texosquery-bin suse-upgrade-texlive-texplate-bin suse-upgrade-texlive-texsis-bin suse-upgrade-texlive-texware-bin suse-upgrade-texlive-thumbpdf-bin suse-upgrade-texlive-tie-bin suse-upgrade-texlive-tikztosvg-bin suse-upgrade-texlive-tpic2pdftex-bin suse-upgrade-texlive-ttfutils-bin suse-upgrade-texlive-typeoutfileinfo-bin suse-upgrade-texlive-ulqda-bin suse-upgrade-texlive-uplatex-bin suse-upgrade-texlive-uptex-bin suse-upgrade-texlive-urlbst-bin suse-upgrade-texlive-velthuis-bin suse-upgrade-texlive-vlna-bin suse-upgrade-texlive-vpe-bin suse-upgrade-texlive-web-bin suse-upgrade-texlive-webquiz-bin suse-upgrade-texlive-wordcount-bin suse-upgrade-texlive-xdvi-bin suse-upgrade-texlive-xelatex-dev-bin suse-upgrade-texlive-xetex-bin suse-upgrade-texlive-xindex-bin suse-upgrade-texlive-xml2pmx-bin suse-upgrade-texlive-xmltex-bin suse-upgrade-texlive-xpdfopen-bin suse-upgrade-texlive-yplan-bin References https://attackerkb.com/topics/cve-2023-32700 CVE - 2023-32700

Apple Safari security update for CVE-2023-32423 Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Solution(s) apple-safari-upgrade-16_5 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-32423 CVE - 2023-32423 http://support.apple.com/kb/HT213762

Ubuntu: (CVE-2023-30774): tiff vulnerability Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 05/19/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. Solution(s) ubuntu-pro-upgrade-tiff References https://attackerkb.com/topics/cve-2023-30774 CVE - 2023-30774 https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 https://gitlab.com/libtiff/libtiff/-/commit/f00484b9519df933723deb38fff943dc291a793d https://gitlab.com/libtiff/libtiff/-/issues/463 https://www.cve.org/CVERecord?id=CVE-2023-30774

Apple Safari security update for CVE-2023-32373 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) apple-safari-upgrade-16_5 apple-safari-windows-uninstall References https://attackerkb.com/topics/cve-2023-32373 CVE - 2023-32373 http://support.apple.com/kb/HT213762

OS X update for AppleMobileFileIntegrity (CVE-2023-32411) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32411 CVE - 2023-32411 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for AppleEvents (CVE-2023-28191) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 References https://attackerkb.com/topics/cve-2023-28191 CVE - 2023-28191 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760

OS X update for LaunchServices (CVE-2023-32352) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 05/19/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper checks. Solution(s) apple-osx-upgrade-11_7_7 apple-osx-upgrade-12_6_6 apple-osx-upgrade-13_4 References https://attackerkb.com/topics/cve-2023-32352 CVE - 2023-32352 https://support.apple.com/kb/HT213758 https://support.apple.com/kb/HT213759 https://support.apple.com/kb/HT213760