ISHACK AI BOT

Alpine Linux: CVE-2022-0194: Out-of-bounds Write Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/28/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876. Solution(s) alpine-linux-upgrade-netatalk References https://attackerkb.com/topics/cve-2022-0194 CVE - 2022-0194 https://security.alpinelinux.org/vuln/CVE-2022-0194

Red Hat: CVE-2023-28427: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 03/28/2023 Created 05/05/2023 Added 04/18/2023 Modified 01/30/2025 Description matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) redhat-upgrade-thunderbird redhat-upgrade-thunderbird-debuginfo redhat-upgrade-thunderbird-debugsource References CVE-2023-28427 RHSA-2023:1802 RHSA-2023:1804 RHSA-2023:1806 RHSA-2023:1809 RHSA-2023:1810 RHSA-2023:1811 View more

Ubuntu: (Multiple Advisories) (CVE-2023-28447): PostfixAdmin vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 03/28/2023 Created 12/14/2023 Added 12/13/2023 Modified 01/30/2025 Description Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability. Solution(s) ubuntu-pro-upgrade-postfixadmin ubuntu-pro-upgrade-smarty3 References https://attackerkb.com/topics/cve-2023-28447 CVE - 2023-28447 USN-6550-1 USN-7158-1

Amazon Linux 2023: CVE-2023-0466: Medium priority package update for openssl Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. Solution(s) amazon-linux-2023-upgrade-openssl amazon-linux-2023-upgrade-openssl-debuginfo amazon-linux-2023-upgrade-openssl-debugsource amazon-linux-2023-upgrade-openssl-devel amazon-linux-2023-upgrade-openssl-libs amazon-linux-2023-upgrade-openssl-libs-debuginfo amazon-linux-2023-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-0466 CVE - 2023-0466 https://alas.aws.amazon.com/AL2023/ALAS-2023-181.html

Ubuntu: USN-6146-1 (CVE-2022-23124): Netatalk vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/28/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870. Solution(s) ubuntu-upgrade-netatalk References https://attackerkb.com/topics/cve-2022-23124 CVE - 2022-23124 DSA-5503 USN-6146-1

Amazon Linux AMI: CVE-2023-0465: Security patch for openssl (ALAS-2023-1762) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 06/12/2023 Added 06/09/2023 Modified 01/28/2025 Description Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) amazon-linux-upgrade-openssl References ALAS-2023-1762 CVE-2023-0465

VMware Photon OS: CVE-2023-0466 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0466 CVE - 2023-0466

Amazon Linux AMI: CVE-2023-0466: Security patch for openssl (ALAS-2023-1762) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 06/12/2023 Added 06/09/2023 Modified 01/28/2025 Description The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. Solution(s) amazon-linux-upgrade-openssl References ALAS-2023-1762 CVE-2023-0466

Gentoo Linux: CVE-2023-28427: Mozilla Thunderbird: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 03/28/2023 Created 05/31/2023 Added 05/31/2023 Modified 01/30/2025 Description matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) gentoo-linux-upgrade-mail-client-thunderbird gentoo-linux-upgrade-mail-client-thunderbird-bin References https://attackerkb.com/topics/cve-2023-28427 CVE - 2023-28427 202305-36

Gentoo Linux: CVE-2023-0466: OpenSSL: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/28/2025 Description The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. Solution(s) gentoo-linux-upgrade-dev-libs-openssl References https://attackerkb.com/topics/cve-2023-0466 CVE - 2023-0466 202402-08

Gentoo Linux: CVE-2023-0465: OpenSSL: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 02/06/2024 Added 02/05/2024 Modified 01/30/2025 Description Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) gentoo-linux-upgrade-dev-libs-openssl References https://attackerkb.com/topics/cve-2023-0465 CVE - 2023-0465 202402-08

OS X update for Sandbox (CVE-2023-23533) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 03/28/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system. Solution(s) apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-23533 CVE - 2023-23533 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213677

Alma Linux: CVE-2023-0466: Moderate: openssl security and bug fix update (ALSA-2023-3722) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 06/27/2023 Added 06/27/2023 Modified 01/28/2025 Description The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. Solution(s) alma-upgrade-openssl alma-upgrade-openssl-devel alma-upgrade-openssl-libs alma-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-0466 CVE - 2023-0466 https://errata.almalinux.org/9/ALSA-2023-3722.html

CentOS Linux: CVE-2023-28427: Important: thunderbird security update (CESA-2023:1806) Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 03/28/2023 Created 05/05/2023 Added 04/18/2023 Modified 01/28/2025 Description matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) centos-upgrade-thunderbird centos-upgrade-thunderbird-debuginfo References CVE-2023-28427

FreeBSD: VID-5B0AE405-CDC7-11ED-BB39-901B0E9408DC (CVE-2023-28103): Matrix clients -- Prototype pollution in matrix-js-sdk Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 03/28/2023 Created 04/01/2023 Added 03/30/2023 Modified 01/28/2025 Description matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the `Object.prototype`, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is fixed in matrix-react-sdk 3.69.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Note this advisory is distinct from GHSA-2x9c-qwgf-94xr which refers to a similar issue. Solution(s) freebsd-upgrade-package-cinny freebsd-upgrade-package-element-web References CVE-2023-28103

Debian: CVE-2023-28447: smarty3, smarty4 -- security update Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 03/28/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability. Solution(s) debian-upgrade-smarty3 debian-upgrade-smarty4 References https://attackerkb.com/topics/cve-2023-28447 CVE - 2023-28447 DLA-3956-1

MFSA2023-12 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.9.1 (CVE-2023-28427) Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 03/28/2023 Created 03/30/2023 Added 03/30/2023 Modified 01/30/2025 Description matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) mozilla-thunderbird-upgrade-102_9_1 References https://attackerkb.com/topics/cve-2023-28427 CVE - 2023-28427 http://www.mozilla.org/security/announce/2023/mfsa2023-12.html

Debian: CVE-2022-23122: netatalk -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/28/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/28/2025 Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837. Solution(s) debian-upgrade-netatalk References https://attackerkb.com/topics/cve-2022-23122 CVE - 2022-23122 DLA-3426-1 DSA-5503

Debian: CVE-2022-23123: netatalk -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/28/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/28/2025 Description This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830. Solution(s) debian-upgrade-netatalk References https://attackerkb.com/topics/cve-2022-23123 CVE - 2022-23123 DLA-3426-1 DSA-5503

Rocky Linux: CVE-2023-0466: openssl (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 07/19/2024 Added 07/16/2024 Modified 01/28/2025 Description The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. Solution(s) rocky-upgrade-openssl rocky-upgrade-openssl-debuginfo rocky-upgrade-openssl-debugsource rocky-upgrade-openssl-devel rocky-upgrade-openssl-fips-provider rocky-upgrade-openssl-fips-provider-debuginfo rocky-upgrade-openssl-fips-provider-debugsource rocky-upgrade-openssl-libs rocky-upgrade-openssl-libs-debuginfo rocky-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-0466 CVE - 2023-0466 https://access.redhat.com/errata/RHSA-2023:3722

Alma Linux: CVE-2023-0465: Moderate: openssl security and bug fix update (ALSA-2023-3722) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 06/27/2023 Added 06/27/2023 Modified 01/30/2025 Description Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) alma-upgrade-openssl alma-upgrade-openssl-devel alma-upgrade-openssl-libs alma-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-0465 CVE - 2023-0465 https://errata.almalinux.org/9/ALSA-2023-3722.html

OS X update for Find My (CVE-2023-23537) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 03/28/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, watchOS 9.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information. Solution(s) apple-osx-upgrade-11_7_5 apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-23537 CVE - 2023-23537 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677

OS X update for Archive Utility (CVE-2023-27951) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:C/A:N) Published 03/28/2023 Created 03/28/2023 Added 03/28/2023 Modified 01/28/2025 Description The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper. Solution(s) apple-osx-upgrade-11_7_5 apple-osx-upgrade-12_6_4 apple-osx-upgrade-13_3 References https://attackerkb.com/topics/cve-2023-27951 CVE - 2023-27951 https://support.apple.com/kb/HT213670 https://support.apple.com/kb/HT213675 https://support.apple.com/kb/HT213677

Gentoo Linux: CVE-2022-0194: Netatalk: Multiple Vulnerabilities including root remote code execution Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/28/2023 Created 11/02/2023 Added 11/02/2023 Modified 01/28/2025 Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876. Solution(s) gentoo-linux-upgrade-net-fs-netatalk References https://attackerkb.com/topics/cve-2022-0194 CVE - 2022-0194 202311-02

IBM AIX: openssl_advisory39 (CVE-2023-0466): Vulnerability in openssl affects AIX Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 03/28/2023 Created 09/13/2023 Added 09/12/2023 Modified 01/28/2025 Description The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. Solution(s) ibm-aix-openssl_advisory39 References https://attackerkb.com/topics/cve-2023-0466 CVE - 2023-0466 https://aix.software.ibm.com/aix/efixes/security/openssl_advisory39.asc