ISHACK AI BOT

Huawei EulerOS: CVE-2023-28755: ruby security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. Solution(s) huawei-euleros-2_0_sp11-upgrade-ruby huawei-euleros-2_0_sp11-upgrade-ruby-help huawei-euleros-2_0_sp11-upgrade-ruby-irb References https://attackerkb.com/topics/cve-2023-28755 CVE - 2023-28755 EulerOS-SA-2023-2708

Huawei EulerOS: CVE-2023-28756: ruby security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. Solution(s) huawei-euleros-2_0_sp11-upgrade-ruby huawei-euleros-2_0_sp11-upgrade-ruby-help huawei-euleros-2_0_sp11-upgrade-ruby-irb References https://attackerkb.com/topics/cve-2023-28756 CVE - 2023-28756 EulerOS-SA-2023-2708

CentOS Linux: CVE-2023-28756: Moderate: ruby:2.7 security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 06/28/2023 Added 06/28/2023 Modified 01/28/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. Solution(s) centos-upgrade-ruby centos-upgrade-ruby-debuginfo centos-upgrade-ruby-debugsource centos-upgrade-ruby-default-gems centos-upgrade-ruby-devel centos-upgrade-ruby-doc centos-upgrade-ruby-irb centos-upgrade-ruby-libs centos-upgrade-ruby-libs-debuginfo centos-upgrade-rubygem-abrt centos-upgrade-rubygem-abrt-doc centos-upgrade-rubygem-bigdecimal centos-upgrade-rubygem-bigdecimal-debuginfo centos-upgrade-rubygem-bson centos-upgrade-rubygem-bson-debuginfo centos-upgrade-rubygem-bson-debugsource centos-upgrade-rubygem-bson-doc centos-upgrade-rubygem-bundler centos-upgrade-rubygem-bundler-doc centos-upgrade-rubygem-did_you_mean centos-upgrade-rubygem-io-console centos-upgrade-rubygem-io-console-debuginfo centos-upgrade-rubygem-irb centos-upgrade-rubygem-json centos-upgrade-rubygem-json-debuginfo centos-upgrade-rubygem-minitest centos-upgrade-rubygem-mongo centos-upgrade-rubygem-mongo-doc centos-upgrade-rubygem-mysql2 centos-upgrade-rubygem-mysql2-debuginfo centos-upgrade-rubygem-mysql2-debugsource centos-upgrade-rubygem-mysql2-doc centos-upgrade-rubygem-net-telnet centos-upgrade-rubygem-openssl centos-upgrade-rubygem-openssl-debuginfo centos-upgrade-rubygem-pg centos-upgrade-rubygem-pg-debuginfo centos-upgrade-rubygem-pg-debugsource centos-upgrade-rubygem-pg-doc centos-upgrade-rubygem-power_assert centos-upgrade-rubygem-psych centos-upgrade-rubygem-psych-debuginfo centos-upgrade-rubygem-rake centos-upgrade-rubygem-rdoc centos-upgrade-rubygem-test-unit centos-upgrade-rubygem-xmlrpc centos-upgrade-rubygems centos-upgrade-rubygems-devel References CVE-2023-28756

Amazon Linux AMI 2: CVE-2023-28755: Security patch for ruby (ALASRUBY3.0-2023-001) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. Solution(s) amazon-linux-ami-2-upgrade-ruby amazon-linux-ami-2-upgrade-ruby-debuginfo amazon-linux-ami-2-upgrade-ruby-default-gems amazon-linux-ami-2-upgrade-ruby-devel amazon-linux-ami-2-upgrade-ruby-doc amazon-linux-ami-2-upgrade-ruby-libs amazon-linux-ami-2-upgrade-rubygem-bigdecimal amazon-linux-ami-2-upgrade-rubygem-bundler amazon-linux-ami-2-upgrade-rubygem-io-console amazon-linux-ami-2-upgrade-rubygem-irb amazon-linux-ami-2-upgrade-rubygem-json amazon-linux-ami-2-upgrade-rubygem-minitest amazon-linux-ami-2-upgrade-rubygem-power_assert amazon-linux-ami-2-upgrade-rubygem-psych amazon-linux-ami-2-upgrade-rubygem-rake amazon-linux-ami-2-upgrade-rubygem-rbs amazon-linux-ami-2-upgrade-rubygem-rdoc amazon-linux-ami-2-upgrade-rubygem-rexml amazon-linux-ami-2-upgrade-rubygem-rss amazon-linux-ami-2-upgrade-rubygem-test-unit amazon-linux-ami-2-upgrade-rubygem-typeprof amazon-linux-ami-2-upgrade-rubygems amazon-linux-ami-2-upgrade-rubygems-devel References https://attackerkb.com/topics/cve-2023-28755 AL2/ALASRUBY3.0-2023-001 CVE - 2023-28755

Amazon Linux AMI 2: CVE-2022-4899: Security patch for zstd (ALAS-2023-2140) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/31/2023 Created 07/21/2023 Added 07/21/2023 Modified 01/28/2025 Description A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. Solution(s) amazon-linux-ami-2-upgrade-libzstd amazon-linux-ami-2-upgrade-libzstd-devel amazon-linux-ami-2-upgrade-libzstd-static amazon-linux-ami-2-upgrade-zstd amazon-linux-ami-2-upgrade-zstd-debuginfo References https://attackerkb.com/topics/cve-2022-4899 AL2/ALAS-2023-2140 CVE - 2022-4899

VMware Photon OS: CVE-2023-28755 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-28755 CVE - 2023-28755

Amazon Linux AMI 2: CVE-2023-28756: Security patch for ruby (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. Solution(s) amazon-linux-ami-2-upgrade-ruby amazon-linux-ami-2-upgrade-ruby-debuginfo amazon-linux-ami-2-upgrade-ruby-default-gems amazon-linux-ami-2-upgrade-ruby-devel amazon-linux-ami-2-upgrade-ruby-doc amazon-linux-ami-2-upgrade-ruby-irb amazon-linux-ami-2-upgrade-ruby-libs amazon-linux-ami-2-upgrade-ruby-tcltk amazon-linux-ami-2-upgrade-rubygem-bigdecimal amazon-linux-ami-2-upgrade-rubygem-bundler amazon-linux-ami-2-upgrade-rubygem-io-console amazon-linux-ami-2-upgrade-rubygem-irb amazon-linux-ami-2-upgrade-rubygem-json amazon-linux-ami-2-upgrade-rubygem-minitest amazon-linux-ami-2-upgrade-rubygem-power_assert amazon-linux-ami-2-upgrade-rubygem-psych amazon-linux-ami-2-upgrade-rubygem-rake amazon-linux-ami-2-upgrade-rubygem-rbs amazon-linux-ami-2-upgrade-rubygem-rdoc amazon-linux-ami-2-upgrade-rubygem-rexml amazon-linux-ami-2-upgrade-rubygem-rss amazon-linux-ami-2-upgrade-rubygem-test-unit amazon-linux-ami-2-upgrade-rubygem-typeprof amazon-linux-ami-2-upgrade-rubygems amazon-linux-ami-2-upgrade-rubygems-devel References https://attackerkb.com/topics/cve-2023-28756 AL2/ALAS-2023-2084 AL2/ALASRUBY3.0-2023-001 CVE - 2023-28756

VMware Photon OS: CVE-2023-28464 Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/31/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-28464 CVE - 2023-28464

Alma Linux: CVE-2023-28464: Moderate: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/31/2023 Created 06/01/2024 Added 05/31/2024 Modified 01/28/2025 Description hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-headers alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-libperf alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla alma-upgrade-rv References https://attackerkb.com/topics/cve-2023-28464 CVE - 2023-28464 https://errata.almalinux.org/8/ALSA-2024-2950.html https://errata.almalinux.org/8/ALSA-2024-3138.html https://errata.almalinux.org/9/ALSA-2024-2394.html

Gentoo Linux: CVE-2023-28755: Ruby: Multiple vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 01/26/2024 Added 01/25/2024 Modified 01/28/2025 Description A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. Solution(s) gentoo-linux-upgrade-dev-lang-ruby References https://attackerkb.com/topics/cve-2023-28755 CVE - 2023-28755 202401-27

Gentoo Linux: CVE-2023-28879: GPL Ghostscript: Multiple Vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/31/2023 Created 09/18/2023 Added 09/18/2023 Modified 01/28/2025 Description In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. Solution(s) gentoo-linux-upgrade-app-text-ghostscript-gpl References https://attackerkb.com/topics/cve-2023-28879 CVE - 2023-28879 202309-03

Gentoo Linux: CVE-2023-28756: Ruby: Multiple vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 01/26/2024 Added 01/25/2024 Modified 01/28/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. Solution(s) gentoo-linux-upgrade-dev-lang-ruby References https://attackerkb.com/topics/cve-2023-28756 CVE - 2023-28756 202401-27

Ubuntu: (Multiple Advisories) (CVE-2023-28756): Ruby vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 05/05/2023 Added 05/05/2023 Modified 01/28/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. Solution(s) ubuntu-pro-upgrade-libruby2-3 ubuntu-pro-upgrade-libruby2-5 ubuntu-pro-upgrade-libruby2-7 ubuntu-pro-upgrade-libruby3-1 ubuntu-pro-upgrade-ruby2-3 ubuntu-pro-upgrade-ruby2-5 ubuntu-pro-upgrade-ruby2-7 ubuntu-pro-upgrade-ruby3-1 References https://attackerkb.com/topics/cve-2023-28756 CVE - 2023-28756 USN-6055-1 USN-6087-1 USN-6181-1

VMware Photon OS: CVE-2022-4899 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/31/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-4899 CVE - 2022-4899

Red Hat: CVE-2023-28755: ReDoS vulnerability in URI (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 06/28/2023 Added 06/28/2023 Modified 02/10/2025 Description A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. Solution(s) redhat-upgrade-ruby redhat-upgrade-ruby-bundled-gems redhat-upgrade-ruby-bundled-gems-debuginfo redhat-upgrade-ruby-debuginfo redhat-upgrade-ruby-debugsource redhat-upgrade-ruby-default-gems redhat-upgrade-ruby-devel redhat-upgrade-ruby-doc redhat-upgrade-ruby-irb redhat-upgrade-ruby-libs redhat-upgrade-ruby-libs-debuginfo redhat-upgrade-rubygem-abrt redhat-upgrade-rubygem-abrt-doc redhat-upgrade-rubygem-bigdecimal redhat-upgrade-rubygem-bigdecimal-debuginfo redhat-upgrade-rubygem-bson redhat-upgrade-rubygem-bson-debuginfo redhat-upgrade-rubygem-bson-debugsource redhat-upgrade-rubygem-bson-doc redhat-upgrade-rubygem-bundler redhat-upgrade-rubygem-bundler-doc redhat-upgrade-rubygem-did_you_mean redhat-upgrade-rubygem-io-console redhat-upgrade-rubygem-io-console-debuginfo redhat-upgrade-rubygem-irb redhat-upgrade-rubygem-json redhat-upgrade-rubygem-json-debuginfo redhat-upgrade-rubygem-minitest redhat-upgrade-rubygem-mongo redhat-upgrade-rubygem-mongo-doc redhat-upgrade-rubygem-mysql2 redhat-upgrade-rubygem-mysql2-debuginfo redhat-upgrade-rubygem-mysql2-debugsource redhat-upgrade-rubygem-mysql2-doc redhat-upgrade-rubygem-net-telnet redhat-upgrade-rubygem-openssl redhat-upgrade-rubygem-openssl-debuginfo redhat-upgrade-rubygem-pg redhat-upgrade-rubygem-pg-debuginfo redhat-upgrade-rubygem-pg-debugsource redhat-upgrade-rubygem-pg-doc redhat-upgrade-rubygem-power_assert redhat-upgrade-rubygem-psych redhat-upgrade-rubygem-psych-debuginfo redhat-upgrade-rubygem-rake redhat-upgrade-rubygem-rbs redhat-upgrade-rubygem-rbs-debuginfo redhat-upgrade-rubygem-rdoc redhat-upgrade-rubygem-rexml redhat-upgrade-rubygem-rss redhat-upgrade-rubygem-test-unit redhat-upgrade-rubygem-typeprof redhat-upgrade-rubygem-xmlrpc redhat-upgrade-rubygems redhat-upgrade-rubygems-devel References CVE-2023-28755 RHSA-2023:3821 RHSA-2023:7025 RHSA-2024:1431 RHSA-2024:1576 RHSA-2024:3500 RHSA-2024:3838 View more

Alma Linux: CVE-2022-4899: Moderate: mysql:8.0 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/31/2023 Created 03/01/2024 Added 02/29/2024 Modified 01/28/2025 Description A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. Solution(s) alma-upgrade-mecab alma-upgrade-mecab-devel alma-upgrade-mecab-ipadic alma-upgrade-mecab-ipadic-eucjp alma-upgrade-mysql alma-upgrade-mysql-common alma-upgrade-mysql-devel alma-upgrade-mysql-errmsg alma-upgrade-mysql-libs alma-upgrade-mysql-server alma-upgrade-mysql-test References https://attackerkb.com/topics/cve-2022-4899 CVE - 2022-4899 https://errata.almalinux.org/8/ALSA-2024-0894.html https://errata.almalinux.org/9/ALSA-2024-1141.html

Alma Linux: CVE-2023-28756: Moderate: ruby:2.7 security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 07/04/2023 Added 07/04/2023 Modified 01/28/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. Solution(s) alma-upgrade-ruby alma-upgrade-ruby-bundled-gems alma-upgrade-ruby-default-gems alma-upgrade-ruby-devel alma-upgrade-ruby-doc alma-upgrade-ruby-irb alma-upgrade-ruby-libs alma-upgrade-rubygem-abrt alma-upgrade-rubygem-abrt-doc alma-upgrade-rubygem-bigdecimal alma-upgrade-rubygem-bson alma-upgrade-rubygem-bson-doc alma-upgrade-rubygem-bundler alma-upgrade-rubygem-bundler-doc alma-upgrade-rubygem-did_you_mean alma-upgrade-rubygem-io-console alma-upgrade-rubygem-irb alma-upgrade-rubygem-json alma-upgrade-rubygem-minitest alma-upgrade-rubygem-mongo alma-upgrade-rubygem-mongo-doc alma-upgrade-rubygem-mysql2 alma-upgrade-rubygem-mysql2-doc alma-upgrade-rubygem-net-telnet alma-upgrade-rubygem-openssl alma-upgrade-rubygem-pg alma-upgrade-rubygem-pg-doc alma-upgrade-rubygem-power_assert alma-upgrade-rubygem-psych alma-upgrade-rubygem-rake alma-upgrade-rubygem-rbs alma-upgrade-rubygem-rdoc alma-upgrade-rubygem-rexml alma-upgrade-rubygem-rss alma-upgrade-rubygem-test-unit alma-upgrade-rubygem-typeprof alma-upgrade-rubygem-xmlrpc alma-upgrade-rubygems alma-upgrade-rubygems-devel References https://attackerkb.com/topics/cve-2023-28756 CVE - 2023-28756 https://errata.almalinux.org/8/ALSA-2023-3821.html https://errata.almalinux.org/8/ALSA-2023-7025.html https://errata.almalinux.org/8/ALSA-2024-1431.html https://errata.almalinux.org/8/ALSA-2024-3500.html https://errata.almalinux.org/9/ALSA-2024-1576.html https://errata.almalinux.org/9/ALSA-2024-3838.html View more

Red Hat: CVE-2023-28879: ghostscript: buffer overflow in base/sbcp.c leading to data corruption (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/31/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. Solution(s) redhat-upgrade-ghostscript redhat-upgrade-ghostscript-debuginfo redhat-upgrade-ghostscript-debugsource redhat-upgrade-ghostscript-doc redhat-upgrade-ghostscript-gtk-debuginfo redhat-upgrade-ghostscript-tools-dvipdf redhat-upgrade-ghostscript-tools-fonts redhat-upgrade-ghostscript-tools-printing redhat-upgrade-ghostscript-x11 redhat-upgrade-ghostscript-x11-debuginfo redhat-upgrade-libgs redhat-upgrade-libgs-debuginfo redhat-upgrade-libgs-devel References CVE-2023-28879 RHSA-2023:6544 RHSA-2023:7053

CentOS Linux: CVE-2023-28879: Moderate: ghostscript security and bug fix update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/31/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. Solution(s) centos-upgrade-ghostscript centos-upgrade-ghostscript-debuginfo centos-upgrade-ghostscript-debugsource centos-upgrade-ghostscript-doc centos-upgrade-ghostscript-gtk-debuginfo centos-upgrade-ghostscript-tools-dvipdf centos-upgrade-ghostscript-tools-fonts centos-upgrade-ghostscript-tools-printing centos-upgrade-ghostscript-x11 centos-upgrade-ghostscript-x11-debuginfo centos-upgrade-libgs centos-upgrade-libgs-debuginfo References DSA-5383 CVE-2023-28879

MediaWiki: Unspecified Security Vulnerability (CVE-2023-29140) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/31/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted. Solution(s) mediawiki-upgrade-latest References https://attackerkb.com/topics/cve-2023-29140 CVE - 2023-29140 https://phabricator.wikimedia.org/T327613

CentOS Linux: CVE-2023-28755: Moderate: ruby:2.7 security, bug fix, and enhancement update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 06/28/2023 Added 06/28/2023 Modified 01/28/2025 Description A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. Solution(s) centos-upgrade-ruby centos-upgrade-ruby-debuginfo centos-upgrade-ruby-debugsource centos-upgrade-ruby-default-gems centos-upgrade-ruby-devel centos-upgrade-ruby-doc centos-upgrade-ruby-irb centos-upgrade-ruby-libs centos-upgrade-ruby-libs-debuginfo centos-upgrade-rubygem-abrt centos-upgrade-rubygem-abrt-doc centos-upgrade-rubygem-bigdecimal centos-upgrade-rubygem-bigdecimal-debuginfo centos-upgrade-rubygem-bson centos-upgrade-rubygem-bson-debuginfo centos-upgrade-rubygem-bson-debugsource centos-upgrade-rubygem-bson-doc centos-upgrade-rubygem-bundler centos-upgrade-rubygem-bundler-doc centos-upgrade-rubygem-did_you_mean centos-upgrade-rubygem-io-console centos-upgrade-rubygem-io-console-debuginfo centos-upgrade-rubygem-irb centos-upgrade-rubygem-json centos-upgrade-rubygem-json-debuginfo centos-upgrade-rubygem-minitest centos-upgrade-rubygem-mongo centos-upgrade-rubygem-mongo-doc centos-upgrade-rubygem-mysql2 centos-upgrade-rubygem-mysql2-debuginfo centos-upgrade-rubygem-mysql2-debugsource centos-upgrade-rubygem-mysql2-doc centos-upgrade-rubygem-net-telnet centos-upgrade-rubygem-openssl centos-upgrade-rubygem-openssl-debuginfo centos-upgrade-rubygem-pg centos-upgrade-rubygem-pg-debuginfo centos-upgrade-rubygem-pg-debugsource centos-upgrade-rubygem-pg-doc centos-upgrade-rubygem-power_assert centos-upgrade-rubygem-psych centos-upgrade-rubygem-psych-debuginfo centos-upgrade-rubygem-rake centos-upgrade-rubygem-rdoc centos-upgrade-rubygem-test-unit centos-upgrade-rubygem-xmlrpc centos-upgrade-rubygems centos-upgrade-rubygems-devel References CVE-2023-28755

MediaWiki: Unspecified Security Vulnerability (CVE-2023-29139) Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 03/31/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout). Solution(s) mediawiki-upgrade-latest References https://attackerkb.com/topics/cve-2023-29139 CVE - 2023-29139 https://phabricator.wikimedia.org/T326293

Red Hat: CVE-2023-28756: ReDoS vulnerability in Time (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/31/2023 Created 06/28/2023 Added 06/28/2023 Modified 02/10/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. Solution(s) redhat-upgrade-ruby redhat-upgrade-ruby-bundled-gems redhat-upgrade-ruby-bundled-gems-debuginfo redhat-upgrade-ruby-debuginfo redhat-upgrade-ruby-debugsource redhat-upgrade-ruby-default-gems redhat-upgrade-ruby-devel redhat-upgrade-ruby-doc redhat-upgrade-ruby-irb redhat-upgrade-ruby-libs redhat-upgrade-ruby-libs-debuginfo redhat-upgrade-rubygem-abrt redhat-upgrade-rubygem-abrt-doc redhat-upgrade-rubygem-bigdecimal redhat-upgrade-rubygem-bigdecimal-debuginfo redhat-upgrade-rubygem-bson redhat-upgrade-rubygem-bson-debuginfo redhat-upgrade-rubygem-bson-debugsource redhat-upgrade-rubygem-bson-doc redhat-upgrade-rubygem-bundler redhat-upgrade-rubygem-bundler-doc redhat-upgrade-rubygem-did_you_mean redhat-upgrade-rubygem-io-console redhat-upgrade-rubygem-io-console-debuginfo redhat-upgrade-rubygem-irb redhat-upgrade-rubygem-json redhat-upgrade-rubygem-json-debuginfo redhat-upgrade-rubygem-minitest redhat-upgrade-rubygem-mongo redhat-upgrade-rubygem-mongo-doc redhat-upgrade-rubygem-mysql2 redhat-upgrade-rubygem-mysql2-debuginfo redhat-upgrade-rubygem-mysql2-debugsource redhat-upgrade-rubygem-mysql2-doc redhat-upgrade-rubygem-net-telnet redhat-upgrade-rubygem-openssl redhat-upgrade-rubygem-openssl-debuginfo redhat-upgrade-rubygem-pg redhat-upgrade-rubygem-pg-debuginfo redhat-upgrade-rubygem-pg-debugsource redhat-upgrade-rubygem-pg-doc redhat-upgrade-rubygem-power_assert redhat-upgrade-rubygem-psych redhat-upgrade-rubygem-psych-debuginfo redhat-upgrade-rubygem-rake redhat-upgrade-rubygem-rbs redhat-upgrade-rubygem-rbs-debuginfo redhat-upgrade-rubygem-rdoc redhat-upgrade-rubygem-rexml redhat-upgrade-rubygem-rss redhat-upgrade-rubygem-test-unit redhat-upgrade-rubygem-typeprof redhat-upgrade-rubygem-xmlrpc redhat-upgrade-rubygems redhat-upgrade-rubygems-devel References CVE-2023-28756 RHSA-2023:3821 RHSA-2023:7025 RHSA-2024:1431 RHSA-2024:1576 RHSA-2024:3500 RHSA-2024:3838 View more

Artifex Ghostscript: (CVE-2023-28879) Buffer Overflow in s_xBCPE_process Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/31/2023 Created 05/31/2023 Added 05/25/2023 Modified 01/28/2025 Description In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. Solution(s) ghostscript-upgrade-10_01_1 References https://attackerkb.com/topics/cve-2023-28879 CVE - 2023-28879 https://bugs.ghostscript.com/show_bug.cgi?id=706494

Huawei EulerOS: CVE-2023-28879: ghostscript security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/31/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. Solution(s) huawei-euleros-2_0_sp8-upgrade-ghostscript huawei-euleros-2_0_sp8-upgrade-libgs References https://attackerkb.com/topics/cve-2023-28879 CVE - 2023-28879 EulerOS-SA-2023-3126