ISHACK AI BOT

Debian: CVE-2018-17883: otrs2 -- security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 04/16/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS. Solution(s) debian-upgrade-otrs2 References https://attackerkb.com/topics/cve-2018-17883 CVE - 2018-17883

Debian: CVE-2023-24607: qt6-base, qtbase-opensource-src, qtbase-opensource-src-gles -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/15/2023 Created 05/02/2024 Added 05/02/2024 Modified 01/28/2025 Description Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. Solution(s) debian-upgrade-qt6-base debian-upgrade-qtbase-opensource-src debian-upgrade-qtbase-opensource-src-gles References https://attackerkb.com/topics/cve-2023-24607 CVE - 2023-24607 DLA-3805-1

Debian: CVE-2021-34337: mailman3 -- security update Severity 6 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:N) Published 04/15/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces. Solution(s) debian-upgrade-mailman3 References https://attackerkb.com/topics/cve-2021-34337 CVE - 2021-34337

Debian: CVE-2020-17354: lilypond -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/15/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used. Solution(s) debian-upgrade-lilypond References https://attackerkb.com/topics/cve-2020-17354 CVE - 2020-17354

Debian: CVE-2023-26463: strongswan -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/15/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. Solution(s) debian-upgrade-strongswan References https://attackerkb.com/topics/cve-2023-26463 CVE - 2023-26463

Debian: CVE-2021-30153: mediawiki -- security update Severity 4 CVSS (AV:N/AC:L/Au:S/C:P/I:N/A:N) Published 04/15/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor. Solution(s) debian-upgrade-mediawiki References https://attackerkb.com/topics/cve-2021-30153 CVE - 2021-30153

FreeBSD: VID-924CB116-4D35-11EE-8E38-002590C1F29C (CVE-2022-47522): FreeBSD -- Wi-Fi encryption bypass Severity 8 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:C) Published 04/15/2023 Created 09/08/2023 Added 09/07/2023 Modified 01/28/2025 Description The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key. Solution(s) freebsd-upgrade-base-12_4-release-p5 freebsd-upgrade-base-13_2-release-p3 References CVE-2022-47522

Ubuntu: (CVE-2023-26463): strongswan vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/15/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/30/2025 Description strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. Solution(s) ubuntu-upgrade-strongswan References https://attackerkb.com/topics/cve-2023-26463 CVE - 2023-26463 https://www.cve.org/CVERecord?id=CVE-2023-26463 https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html

Oracle Linux: CVE-2023-4133: ELSA-2024-2394:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 04/15/2023 Created 05/21/2024 Added 05/14/2024 Modified 01/07/2025 Description A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-4133 CVE - 2023-4133 ELSA-2024-2394 ELSA-2024-3138

SUSE: CVE-2020-17354: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 04/15/2023 Created 08/16/2024 Added 08/09/2024 Modified 01/28/2025 Description LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used. Solution(s) suse-upgrade-guile1 suse-upgrade-guile1-modules-2_2 suse-upgrade-libguile-2_2-1 suse-upgrade-libguile1-devel suse-upgrade-lilypond suse-upgrade-lilypond-doc suse-upgrade-lilypond-doc-cs suse-upgrade-lilypond-doc-de suse-upgrade-lilypond-doc-es suse-upgrade-lilypond-doc-fr suse-upgrade-lilypond-doc-hu suse-upgrade-lilypond-doc-it suse-upgrade-lilypond-doc-ja suse-upgrade-lilypond-doc-nl suse-upgrade-lilypond-doc-zh suse-upgrade-lilypond-emmentaler-fonts suse-upgrade-lilypond-fonts-common References https://attackerkb.com/topics/cve-2020-17354 CVE - 2020-17354

Amazon Linux AMI 2: CVE-2023-24607: Security patch for qt5-qtbase (ALAS-2023-2036) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/15/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. Solution(s) amazon-linux-ami-2-upgrade-qt5-qtbase amazon-linux-ami-2-upgrade-qt5-qtbase-common amazon-linux-ami-2-upgrade-qt5-qtbase-debuginfo amazon-linux-ami-2-upgrade-qt5-qtbase-devel amazon-linux-ami-2-upgrade-qt5-qtbase-doc amazon-linux-ami-2-upgrade-qt5-qtbase-examples amazon-linux-ami-2-upgrade-qt5-qtbase-gui amazon-linux-ami-2-upgrade-qt5-qtbase-mysql amazon-linux-ami-2-upgrade-qt5-qtbase-odbc amazon-linux-ami-2-upgrade-qt5-qtbase-postgresql amazon-linux-ami-2-upgrade-qt5-qtbase-static amazon-linux-ami-2-upgrade-qt5-rpm-macros References https://attackerkb.com/topics/cve-2023-24607 AL2/ALAS-2023-2036 CVE - 2023-24607

CentOS Linux: CVE-2023-29536: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) centos-upgrade-firefox centos-upgrade-firefox-debuginfo centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-29536

Alma Linux: CVE-2023-29491: Moderate: ncurses security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 09/25/2023 Added 09/25/2023 Modified 01/28/2025 Description ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. Solution(s) alma-upgrade-ncurses alma-upgrade-ncurses-base alma-upgrade-ncurses-c++-libs alma-upgrade-ncurses-compat-libs alma-upgrade-ncurses-devel alma-upgrade-ncurses-libs alma-upgrade-ncurses-term References https://attackerkb.com/topics/cve-2023-29491 CVE - 2023-29491 https://errata.almalinux.org/8/ALSA-2023-5249.html https://errata.almalinux.org/9/ALSA-2023-6698.html

Alma Linux: CVE-2023-29535: Important: firefox security update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29535 CVE - 2023-29535 https://errata.almalinux.org/8/ALSA-2023-1787.html https://errata.almalinux.org/8/ALSA-2023-1802.html https://errata.almalinux.org/9/ALSA-2023-1786.html https://errata.almalinux.org/9/ALSA-2023-1809.html

Alma Linux: CVE-2023-29533: Important: firefox security update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 04/14/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code> calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29533 CVE - 2023-29533 https://errata.almalinux.org/8/ALSA-2023-1787.html https://errata.almalinux.org/8/ALSA-2023-1802.html https://errata.almalinux.org/9/ALSA-2023-1786.html https://errata.almalinux.org/9/ALSA-2023-1809.html

SUSE: CVE-2023-29383: SUSE Linux Security Advisory Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:N) Published 04/14/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. Solution(s) suse-upgrade-login_defs suse-upgrade-shadow References https://attackerkb.com/topics/cve-2023-29383 CVE - 2023-29383

Alma Linux: CVE-2023-29536: Important: firefox security update (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10. Solution(s) alma-upgrade-firefox alma-upgrade-firefox-x11 alma-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-29536 CVE - 2023-29536 https://errata.almalinux.org/8/ALSA-2023-1787.html https://errata.almalinux.org/8/ALSA-2023-1802.html https://errata.almalinux.org/9/ALSA-2023-1786.html https://errata.almalinux.org/9/ALSA-2023-1809.html

Ubuntu: (CVE-2023-2008): linux vulnerability Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-15 ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fde ubuntu-upgrade-linux-azure-fde-5-15 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-5-15 ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gke ubuntu-upgrade-linux-gke-5-15 ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-ibm-5-4 ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-iot ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lowlatency ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-nvidia ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-15 ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 ubuntu-upgrade-linux-realtime ubuntu-upgrade-linux-riscv-5-15 References https://attackerkb.com/topics/cve-2023-2008 CVE - 2023-2008 https://bugzilla.redhat.com/show_bug.cgiid=2186862 https://git.kernel.org/linus/05b252cccb2e5c3f56119d25de684b4f810ba40a https://github.com/torvalds/linux/commit/05b252cccb2e5c3f56119d25de684b4f810ba4 https://www.cve.org/CVERecord?id=CVE-2023-2008 https://www.zerodayinitiative.com/advisories/ZDI-23-441/

Alpine Linux: CVE-2023-29013: Uncontrolled Resource Consumption Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2. Solution(s) alpine-linux-upgrade-traefik References https://attackerkb.com/topics/cve-2023-29013 CVE - 2023-29013 https://security.alpinelinux.org/vuln/CVE-2023-29013

OS X update for ncurses (CVE-2023-29491) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 09/07/2023 Added 09/07/2023 Modified 01/28/2025 Description ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. Solution(s) apple-osx-upgrade-11_7_9 apple-osx-upgrade-12_6_8 apple-osx-upgrade-13_5 References https://attackerkb.com/topics/cve-2023-29491 CVE - 2023-29491 https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845

SUSE: CVE-2023-29491: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 04/14/2023 Created 05/08/2023 Added 05/08/2023 Modified 01/28/2025 Description ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. Solution(s) suse-upgrade-libncurses5 suse-upgrade-libncurses5-32bit suse-upgrade-libncurses6 suse-upgrade-libncurses6-32bit suse-upgrade-ncurses-devel suse-upgrade-ncurses-devel-32bit suse-upgrade-ncurses-utils suse-upgrade-ncurses5-devel suse-upgrade-ncurses5-devel-32bit suse-upgrade-tack suse-upgrade-terminfo suse-upgrade-terminfo-base suse-upgrade-terminfo-iterm suse-upgrade-terminfo-screen References https://attackerkb.com/topics/cve-2023-29491 CVE - 2023-29491

Microsoft Edge Chromium: CVE-2023-2033 Type Confusion in V8 Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-2033 CVE - 2023-2033 https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#april-24-2023 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2033

Red Hat: CVE-2023-1999: Double-free in libwebp (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 04/14/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/28/2025 Description There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. Solution(s) redhat-upgrade-firefox redhat-upgrade-firefox-debuginfo redhat-upgrade-firefox-debugsource redhat-upgrade-firefox-x11 redhat-upgrade-libwebp redhat-upgrade-libwebp-debuginfo redhat-upgrade-libwebp-debugsource redhat-upgrade-libwebp-devel redhat-upgrade-libwebp-java redhat-upgrade-libwebp-java-debuginfo redhat-upgrade-libwebp-tools redhat-upgrade-libwebp-tools-debuginfo redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-1999 RHSA-2023:1785 RHSA-2023:1786 RHSA-2023:1787 RHSA-2023:1788 RHSA-2023:1790 RHSA-2023:1791 RHSA-2023:1802 RHSA-2023:1804 RHSA-2023:1806 RHSA-2023:1809 RHSA-2023:1810 RHSA-2023:1811 RHSA-2023:2075 RHSA-2023:2076 RHSA-2023:2077 RHSA-2023:2078 RHSA-2023:2084 RHSA-2023:2085 View more

Alpine Linux: CVE-2023-26463: NULL Pointer Dereference Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 04/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. Solution(s) alpine-linux-upgrade-strongswan References https://attackerkb.com/topics/cve-2023-26463 CVE - 2023-26463 https://security.alpinelinux.org/vuln/CVE-2023-26463

VMware Photon OS: CVE-2023-29383 Severity 2 CVSS (AV:L/AC:L/Au:S/C:N/I:P/A:N) Published 04/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-29383 CVE - 2023-29383