ISHACK AI BOT

Foxit Reader: Unspecified Security Vulnerability (CVE-2022-37388) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/29/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/28/2025 Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17516. Solution(s) foxit-reader-upgrade-12_0_1 References https://attackerkb.com/topics/cve-2022-37388 CVE - 2022-37388 https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-22-1060/

Foxit Reader: Unspecified Security Vulnerability (CVE-2022-37390) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/29/2023 Created 05/05/2023 Added 04/20/2023 Modified 01/28/2025 Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17551. Solution(s) foxit-reader-upgrade-12_0_1 References https://attackerkb.com/topics/cve-2022-37390 CVE - 2022-37390 https://www.foxit.com/support/security-bulletins.html https://www.zerodayinitiative.com/advisories/ZDI-22-1062/

JetBrains IntelliJ IDEA: CVE-2022-48430: File content could be disclosed via an external stylesheet path in Markdown preview (IDEA-297583) Severity 4 CVSS (AV:L/AC:H/Au:N/C:C/I:N/A:N) Published 03/29/2023 Created 01/31/2025 Added 01/29/2025 Modified 02/05/2025 Description In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview. Solution(s) jetbrains-intellij-idea-upgrade-latest References https://attackerkb.com/topics/cve-2022-48430 CVE - 2022-48430 https://www.jetbrains.com/privacy-security/issues-fixed/

JetBrains IntelliJ IDEA: CVE-2022-48433: The NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server (IDEA-303249) Severity 5 CVSS (AV:N/AC:H/Au:N/C:C/I:N/A:N) Published 03/29/2023 Created 01/31/2025 Added 01/29/2025 Modified 02/05/2025 Description In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. Solution(s) jetbrains-intellij-idea-upgrade-latest References https://attackerkb.com/topics/cve-2022-48433 CVE - 2022-48433 https://www.jetbrains.com/privacy-security/issues-fixed/

Red Hat: CVE-2023-1652: Kernel: use-after-free in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:C) Published 03/29/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-1652 RHSA-2023:6583

Alma Linux: CVE-2023-28642: Moderate: container-tools:4.0 security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/29/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. Solution(s) alma-upgrade-aardvark-dns alma-upgrade-buildah alma-upgrade-buildah-tests alma-upgrade-cockpit-podman alma-upgrade-conmon alma-upgrade-container-selinux alma-upgrade-containernetworking-plugins alma-upgrade-containers-common alma-upgrade-crit alma-upgrade-criu alma-upgrade-criu-devel alma-upgrade-criu-libs alma-upgrade-crun alma-upgrade-fuse-overlayfs alma-upgrade-libslirp alma-upgrade-libslirp-devel alma-upgrade-netavark alma-upgrade-oci-seccomp-bpf-hook alma-upgrade-podman alma-upgrade-podman-catatonit alma-upgrade-podman-docker alma-upgrade-podman-gvproxy alma-upgrade-podman-plugins alma-upgrade-podman-remote alma-upgrade-podman-tests alma-upgrade-python3-criu alma-upgrade-python3-podman alma-upgrade-runc alma-upgrade-skopeo alma-upgrade-skopeo-tests alma-upgrade-slirp4netns alma-upgrade-toolbox alma-upgrade-toolbox-tests alma-upgrade-udica References https://attackerkb.com/topics/cve-2023-28642 CVE - 2023-28642 https://errata.almalinux.org/8/ALSA-2023-6938.html https://errata.almalinux.org/8/ALSA-2023-6939.html https://errata.almalinux.org/9/ALSA-2023-6380.html

Alma Linux: CVE-2023-0836: Moderate: haproxy security and bug fix update (ALSA-2023-6496) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 03/29/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way. Solution(s) alma-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-0836 CVE - 2023-0836 https://errata.almalinux.org/9/ALSA-2023-6496.html

Ubuntu: (Multiple Advisories) (CVE-2023-25809): runC vulnerabilities Severity 4 CVSS (AV:L/AC:L/Au:S/C:P/I:P/A:P) Published 03/29/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/30/2025 Description runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host . Other users's cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`. Solution(s) ubuntu-pro-upgrade-runc References https://attackerkb.com/topics/cve-2023-25809 CVE - 2023-25809 USN-6088-1 USN-6088-2

Huawei EulerOS: CVE-2023-0664: qemu security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/29/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. Solution(s) huawei-euleros-2_0_sp9-upgrade-qemu-img References https://attackerkb.com/topics/cve-2023-0664 CVE - 2023-0664 EulerOS-SA-2023-2906

Huawei EulerOS: CVE-2023-28642: docker-runc security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/29/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. Solution(s) huawei-euleros-2_0_sp9-upgrade-docker-runc References https://attackerkb.com/topics/cve-2023-28642 CVE - 2023-28642 EulerOS-SA-2023-2611

Ubuntu: (CVE-2022-42432): linux vulnerability Severity 4 CVSS (AV:L/AC:L/Au:M/C:C/I:N/A:N) Published 03/29/2023 Created 11/21/2024 Added 11/19/2024 Modified 02/11/2025 Description This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540. Solution(s) ubuntu-upgrade-linux ubuntu-upgrade-linux-aws ubuntu-upgrade-linux-aws-5-15 ubuntu-upgrade-linux-aws-5-4 ubuntu-upgrade-linux-aws-fips ubuntu-upgrade-linux-azure ubuntu-upgrade-linux-azure-5-15 ubuntu-upgrade-linux-azure-5-4 ubuntu-upgrade-linux-azure-fde ubuntu-upgrade-linux-azure-fde-5-15 ubuntu-upgrade-linux-azure-fips ubuntu-upgrade-linux-bluefield ubuntu-upgrade-linux-fips ubuntu-upgrade-linux-gcp ubuntu-upgrade-linux-gcp-5-4 ubuntu-upgrade-linux-gcp-fips ubuntu-upgrade-linux-gke ubuntu-upgrade-linux-gke-5-15 ubuntu-upgrade-linux-gkeop ubuntu-upgrade-linux-gkeop-5-15 ubuntu-upgrade-linux-hwe-5-15 ubuntu-upgrade-linux-hwe-5-4 ubuntu-upgrade-linux-ibm ubuntu-upgrade-linux-ibm-5-4 ubuntu-upgrade-linux-intel-iotg ubuntu-upgrade-linux-intel-iotg-5-15 ubuntu-upgrade-linux-iot ubuntu-upgrade-linux-kvm ubuntu-upgrade-linux-lowlatency ubuntu-upgrade-linux-lowlatency-hwe-5-15 ubuntu-upgrade-linux-nvidia ubuntu-upgrade-linux-oracle ubuntu-upgrade-linux-oracle-5-15 ubuntu-upgrade-linux-oracle-5-4 ubuntu-upgrade-linux-raspi ubuntu-upgrade-linux-raspi-5-4 ubuntu-upgrade-linux-realtime ubuntu-upgrade-linux-riscv ubuntu-upgrade-linux-riscv-5-15 References https://attackerkb.com/topics/cve-2022-42432 CVE - 2022-42432 https://git.kernel.org/linus/559c36c5a8d730c49ef805a72b213d3bba155cc8 https://patchwork.ozlabs.org/project/netfilter-devel/patch/[email protected]/ https://www.cve.org/CVERecord?id=CVE-2022-42432 https://www.zerodayinitiative.com/advisories/ZDI-22-1457/

SUSE: CVE-2023-0225: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 03/29/2023 Created 03/30/2023 Added 03/30/2023 Modified 01/28/2025 Description A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. Solution(s) suse-upgrade-ctdb suse-upgrade-ctdb-pcp-pmda suse-upgrade-ldb-tools suse-upgrade-libldb-devel suse-upgrade-libldb2 suse-upgrade-libldb2-32bit suse-upgrade-libsamba-policy-devel suse-upgrade-libsamba-policy-python3-devel suse-upgrade-libsamba-policy0-python3 suse-upgrade-libsamba-policy0-python3-32bit suse-upgrade-python3-ldb suse-upgrade-python3-ldb-32bit suse-upgrade-python3-ldb-devel suse-upgrade-samba suse-upgrade-samba-ad-dc suse-upgrade-samba-ad-dc-libs suse-upgrade-samba-ad-dc-libs-32bit suse-upgrade-samba-ceph suse-upgrade-samba-client suse-upgrade-samba-client-32bit suse-upgrade-samba-client-libs suse-upgrade-samba-client-libs-32bit suse-upgrade-samba-devel suse-upgrade-samba-devel-32bit suse-upgrade-samba-doc suse-upgrade-samba-dsdb-modules suse-upgrade-samba-gpupdate suse-upgrade-samba-ldb-ldap suse-upgrade-samba-libs suse-upgrade-samba-libs-32bit suse-upgrade-samba-libs-python3 suse-upgrade-samba-libs-python3-32bit suse-upgrade-samba-python3 suse-upgrade-samba-test suse-upgrade-samba-tool suse-upgrade-samba-winbind suse-upgrade-samba-winbind-libs suse-upgrade-samba-winbind-libs-32bit References https://attackerkb.com/topics/cve-2023-0225 CVE - 2023-0225

SUSE: CVE-2023-0922: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 03/29/2023 Created 03/30/2023 Added 03/30/2023 Modified 01/28/2025 Description The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. Solution(s) suse-upgrade-ctdb suse-upgrade-ctdb-pcp-pmda suse-upgrade-ldb-tools suse-upgrade-libdcerpc-binding0 suse-upgrade-libdcerpc-binding0-32bit suse-upgrade-libdcerpc-devel suse-upgrade-libdcerpc-samr-devel suse-upgrade-libdcerpc-samr0 suse-upgrade-libdcerpc0 suse-upgrade-libdcerpc0-32bit suse-upgrade-libldb-devel suse-upgrade-libldb2 suse-upgrade-libldb2-32bit suse-upgrade-libndr-devel suse-upgrade-libndr-krb5pac-devel suse-upgrade-libndr-krb5pac0 suse-upgrade-libndr-krb5pac0-32bit suse-upgrade-libndr-nbt-devel suse-upgrade-libndr-nbt0 suse-upgrade-libndr-nbt0-32bit suse-upgrade-libndr-standard-devel suse-upgrade-libndr-standard0 suse-upgrade-libndr-standard0-32bit suse-upgrade-libndr0 suse-upgrade-libndr0-32bit suse-upgrade-libnetapi-devel suse-upgrade-libnetapi0 suse-upgrade-libnetapi0-32bit suse-upgrade-libsamba-credentials-devel suse-upgrade-libsamba-credentials0 suse-upgrade-libsamba-credentials0-32bit suse-upgrade-libsamba-errors-devel suse-upgrade-libsamba-errors0 suse-upgrade-libsamba-errors0-32bit suse-upgrade-libsamba-hostconfig-devel suse-upgrade-libsamba-hostconfig0 suse-upgrade-libsamba-hostconfig0-32bit suse-upgrade-libsamba-passdb-devel suse-upgrade-libsamba-passdb0 suse-upgrade-libsamba-passdb0-32bit suse-upgrade-libsamba-policy-devel suse-upgrade-libsamba-policy-python-devel suse-upgrade-libsamba-policy-python3-devel suse-upgrade-libsamba-policy0 suse-upgrade-libsamba-policy0-32bit suse-upgrade-libsamba-policy0-python3 suse-upgrade-libsamba-policy0-python3-32bit suse-upgrade-libsamba-util-devel suse-upgrade-libsamba-util0 suse-upgrade-libsamba-util0-32bit suse-upgrade-libsamdb-devel suse-upgrade-libsamdb0 suse-upgrade-libsamdb0-32bit suse-upgrade-libsmbclient-devel suse-upgrade-libsmbclient0 suse-upgrade-libsmbconf-devel suse-upgrade-libsmbconf0 suse-upgrade-libsmbconf0-32bit suse-upgrade-libsmbldap-devel suse-upgrade-libsmbldap2 suse-upgrade-libsmbldap2-32bit suse-upgrade-libtevent-util-devel suse-upgrade-libtevent-util0 suse-upgrade-libtevent-util0-32bit suse-upgrade-libwbclient-devel suse-upgrade-libwbclient0 suse-upgrade-libwbclient0-32bit suse-upgrade-python3-ldb suse-upgrade-python3-ldb-32bit suse-upgrade-python3-ldb-devel suse-upgrade-samba suse-upgrade-samba-ad-dc suse-upgrade-samba-ad-dc-libs suse-upgrade-samba-ad-dc-libs-32bit suse-upgrade-samba-ceph suse-upgrade-samba-client suse-upgrade-samba-client-32bit suse-upgrade-samba-client-libs suse-upgrade-samba-client-libs-32bit suse-upgrade-samba-core-devel suse-upgrade-samba-devel suse-upgrade-samba-devel-32bit suse-upgrade-samba-doc suse-upgrade-samba-dsdb-modules suse-upgrade-samba-gpupdate suse-upgrade-samba-ldb-ldap suse-upgrade-samba-libs suse-upgrade-samba-libs-32bit suse-upgrade-samba-libs-python suse-upgrade-samba-libs-python-32bit suse-upgrade-samba-libs-python3 suse-upgrade-samba-libs-python3-32bit suse-upgrade-samba-python suse-upgrade-samba-python3 suse-upgrade-samba-test suse-upgrade-samba-tool suse-upgrade-samba-winbind suse-upgrade-samba-winbind-32bit suse-upgrade-samba-winbind-libs suse-upgrade-samba-winbind-libs-32bit References https://attackerkb.com/topics/cve-2023-0922 CVE - 2023-0922

Rocket Software: CVE-2023-28503: Authentication Bypass and Remote Code Execution Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/29/2023 Created 03/29/2023 Added 03/29/2023 Modified 04/10/2023 Description Rapid7 discovered an authentication bypass in the `do_log_on_user()` function in `libunidata.so` that permits a user to authenticate as any Linux user on the target service using a hard-coded username (`:local:`) and a deterministic password. This affects most of the services that UniData ships, and leads directly to shell command execution via the `udadmin` service. Additionally, it allows us to exploit several post-authentication vulnerabilities. Solution(s) rocket-unirpc-server-cve-2023-28503-upgrade References https://attackerkb.com/topics/cve-2023-28503 CVE - 2023-28503 https://www.rapid7.com/blog/post/2023/03/29/multiple-vulnerabilities-in-rocket-software-unirpc-server-fixed/

Amazon Linux AMI 2: CVE-2023-28642: Security patch for runc (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/29/2023 Created 06/07/2023 Added 06/07/2023 Modified 01/28/2025 Description runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. Solution(s) amazon-linux-ami-2-upgrade-runc amazon-linux-ami-2-upgrade-runc-debuginfo References https://attackerkb.com/topics/cve-2023-28642 AL2/ALASDOCKER-2023-025 AL2/ALASECS-2023-004 AL2/ALASNITRO-ENCLAVES-2023-024 CVE - 2023-28642

Red Hat: CVE-2023-28642: runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/29/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-debuginfo redhat-upgrade-skopeo-debugsource redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2023-28642 RHSA-2023:6380 RHSA-2023:6938 RHSA-2023:6939

Oracle Linux: CVE-2023-28642: ELSA-2023-6380:runc security update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/29/2023 Created 07/21/2023 Added 07/20/2023 Modified 01/07/2025 Description runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. A flaw was found in runc. This vulnerability could allow a remote attacker to bypass security restrictions and create a symbolic link inside a container to the /proc directory, bypassing AppArmor and SELinux protections. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-catatonit oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-gvproxy oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-runc oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns oracle-linux-upgrade-udica References https://attackerkb.com/topics/cve-2023-28642 CVE - 2023-28642 ELSA-2023-6380 ELSA-2023-6938 ELSA-2023-12579 ELSA-2023-12578 ELSA-2023-6939

SUSE: CVE-2023-28642: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/29/2023 Created 05/05/2023 Added 04/04/2023 Modified 01/28/2025 Description runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. Solution(s) suse-upgrade-runc References https://attackerkb.com/topics/cve-2023-28642 CVE - 2023-28642

Gentoo Linux: CVE-2023-28642: runc: Multiple Vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/29/2023 Created 08/13/2024 Added 08/12/2024 Modified 01/28/2025 Description runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. Solution(s) gentoo-linux-upgrade-app-containers-runc References https://attackerkb.com/topics/cve-2023-28642 CVE - 2023-28642 202408-25

SUSE: CVE-2023-27539: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/29/2023 Created 03/30/2023 Added 03/30/2023 Modified 04/18/2023 Description This CVE is addressed in the SUSE advisories SUSE-SU-2023:1685-1, SUSE-SU-2023:1869-1, CVE-2023-27539. Solution(s) suse-upgrade-ruby2-5-rubygem-rack suse-upgrade-ruby2-5-rubygem-rack-doc suse-upgrade-ruby2-5-rubygem-rack-testsuite References https://attackerkb.com/topics/cve-2023-27539 CVE - 2023-27539 SUSE-SU-2023:1685-1 SUSE-SU-2023:1869-1

Huawei EulerOS: CVE-2023-28642: docker-runc security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/29/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. Solution(s) huawei-euleros-2_0_sp11-upgrade-docker-runc References https://attackerkb.com/topics/cve-2023-28642 CVE - 2023-28642 EulerOS-SA-2023-2680

Gentoo Linux: CVE-2022-48434: FFmpeg: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/29/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). Solution(s) gentoo-linux-upgrade-media-video-ffmpeg References https://attackerkb.com/topics/cve-2022-48434 CVE - 2022-48434 202312-14

FFmpeg: CVE-2022-48434: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/29/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used). Solution(s) ffmpeg-upgrade-4_3_7 ffmpeg-upgrade-4_4_3 ffmpeg-upgrade-5_0_1 ffmpeg-upgrade-5_1_2 ffmpeg-upgrade-6_0 References https://attackerkb.com/topics/cve-2022-48434 CVE - 2022-48434

Ubuntu: (Multiple Advisories) (CVE-2023-28642): runC vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/29/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/28/2025 Description runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. Solution(s) ubuntu-pro-upgrade-runc References https://attackerkb.com/topics/cve-2023-28642 CVE - 2023-28642 USN-6088-1 USN-6088-2

OS X update for Model I/O (CVE-2023-27949) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/28/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. Solution(s) apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-27949 CVE - 2023-27949 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213677