ISHACK AI BOT

Ubuntu: (Multiple Advisories) (CVE-2023-0386): Linux kernel vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/22/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1018-gkeop ubuntu-upgrade-linux-image-5-15-0-1027-raspi ubuntu-upgrade-linux-image-5-15-0-1027-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1028-ibm ubuntu-upgrade-linux-image-5-15-0-1028-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1030-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1031-gke ubuntu-upgrade-linux-image-5-15-0-1031-kvm ubuntu-upgrade-linux-image-5-15-0-1032-gcp ubuntu-upgrade-linux-image-5-15-0-1033-oracle ubuntu-upgrade-linux-image-5-15-0-1034-aws ubuntu-upgrade-linux-image-5-15-0-1036-azure ubuntu-upgrade-linux-image-5-15-0-1036-azure-fde ubuntu-upgrade-linux-image-5-15-0-70-generic ubuntu-upgrade-linux-image-5-15-0-70-generic-64k ubuntu-upgrade-linux-image-5-15-0-70-generic-lpae ubuntu-upgrade-linux-image-5-15-0-70-lowlatency ubuntu-upgrade-linux-image-5-15-0-70-lowlatency-64k ubuntu-upgrade-linux-image-5-17-0-1031-oem ubuntu-upgrade-linux-image-5-19-0-1017-raspi ubuntu-upgrade-linux-image-5-19-0-1017-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1021-ibm ubuntu-upgrade-linux-image-5-19-0-1022-gcp ubuntu-upgrade-linux-image-5-19-0-1022-kvm ubuntu-upgrade-linux-image-5-19-0-1022-oracle ubuntu-upgrade-linux-image-5-19-0-1023-lowlatency ubuntu-upgrade-linux-image-5-19-0-1023-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1024-aws ubuntu-upgrade-linux-image-5-19-0-1025-azure ubuntu-upgrade-linux-image-5-19-0-41-generic ubuntu-upgrade-linux-image-5-19-0-41-generic-64k ubuntu-upgrade-linux-image-5-19-0-41-generic-lpae ubuntu-upgrade-linux-image-6-0-0-1015-oem ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-0386 CVE - 2023-0386 DSA-5402 USN-6025-1 USN-6040-1 USN-6043-1 USN-6057-1 USN-6071-1 USN-6072-1 USN-6134-1 View more

Ubuntu: USN-6039-1 (CVE-2023-0464): OpenSSL vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 05/05/2023 Added 05/01/2023 Modified 01/30/2025 Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) ubuntu-pro-upgrade-libssl-doc ubuntu-pro-upgrade-libssl1-0-0 ubuntu-pro-upgrade-libssl1-1 ubuntu-pro-upgrade-libssl3 ubuntu-pro-upgrade-openssl ubuntu-pro-upgrade-openssl1-0 References https://attackerkb.com/topics/cve-2023-0464 CVE - 2023-0464 USN-6039-1

Ubuntu: USN-6011-1 (CVE-2023-1370): Json-smart vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. Solution(s) ubuntu-upgrade-libjson-smart-java References https://attackerkb.com/topics/cve-2023-1370 CVE - 2023-1370 USN-6011-1

Red Hat: CVE-2023-1281: use-after-free vulnerability in traffic control index filter allows privilege escalation (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/22/2023 Created 07/19/2023 Added 07/19/2023 Modified 01/30/2025 Description Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-1281 RHSA-2023:4130 RHSA-2023:4145 RHSA-2023:4517 RHSA-2023:4531 RHSA-2023:4541

Red Hat: CVE-2023-0386: FUSE filesystem low-privileged user privileges escalation (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/22/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-0386 RHSA-2023:1554 RHSA-2023:1566 RHSA-2023:1584 RHSA-2023:1659 RHSA-2023:1660 RHSA-2023:1681 RHSA-2023:1691 RHSA-2023:1703 RHSA-2023:1970 RHSA-2023:1980 RHSA-2023:1984 View more

Alma Linux: CVE-2023-0464: Moderate: openssl security and bug fix update (ALSA-2023-3722) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 06/27/2023 Added 06/27/2023 Modified 01/30/2025 Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) alma-upgrade-openssl alma-upgrade-openssl-devel alma-upgrade-openssl-libs alma-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-0464 CVE - 2023-0464 https://errata.almalinux.org/9/ALSA-2023-3722.html

Wordpress Plugin WooCommerce Payments Unauthenticated Admin Creation Disclosed 03/22/2023 Created 07/11/2023 Description WooCommerce-Payments plugin for Wordpress versions 4.8', '4.8.2, 4.9', '4.9.1, 5.0', '5.0.4, 5.1', '5.1.3, 5.2', '5.2.2, 5.3', '5.3.1, 5.4', '5.4.1, 5.5', '5.5.2, and 5.6', '5.6.2 contain an authentication bypass by specifying a valid user ID number within the X-WCPAY-PLATFORM-CHECKOUT-USER header. With this authentication bypass, a user can then use the API to create a new user with administrative privileges on the target WordPress site IF the user ID selected corresponds to an administrator account. Author(s) h00die Michael Mazzolini Julien Ahrens Development Source Code History

Cisco ASA: CVE-2023-20081: Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service Vulnerability Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 04/04/2023 Added 04/03/2023 Modified 01/22/2025 Description A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of DHCPv6 messages. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To successfully exploit this vulnerability, the attacker would need to either control the DHCPv6 server or be in a man-in-the-middle position. Solution(s) cisco-asa-update-latest References https://attackerkb.com/topics/cve-2023-20081 CVE - 2023-20081 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdios-dhcpv6-cli-Zf3zTv cisco-sa-asaftdios-dhcpv6-cli-Zf3zTv

SUSE: CVE-2023-0464: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 04/01/2023 Added 03/31/2023 Modified 01/28/2025 Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) suse-upgrade-libopenssl-1_0_0-devel suse-upgrade-libopenssl-1_0_0-devel-32bit suse-upgrade-libopenssl-1_1-devel suse-upgrade-libopenssl-1_1-devel-32bit suse-upgrade-libopenssl-3-devel suse-upgrade-libopenssl-3-devel-32bit suse-upgrade-libopenssl-devel suse-upgrade-libopenssl0_9_8 suse-upgrade-libopenssl0_9_8-32bit suse-upgrade-libopenssl0_9_8-hmac suse-upgrade-libopenssl0_9_8-hmac-32bit suse-upgrade-libopenssl1-devel suse-upgrade-libopenssl10 suse-upgrade-libopenssl1_0_0 suse-upgrade-libopenssl1_0_0-32bit suse-upgrade-libopenssl1_0_0-hmac suse-upgrade-libopenssl1_0_0-hmac-32bit suse-upgrade-libopenssl1_0_0-steam suse-upgrade-libopenssl1_0_0-steam-32bit suse-upgrade-libopenssl1_1 suse-upgrade-libopenssl1_1-32bit suse-upgrade-libopenssl1_1-hmac suse-upgrade-libopenssl1_1-hmac-32bit suse-upgrade-libopenssl3 suse-upgrade-libopenssl3-32bit suse-upgrade-openssl suse-upgrade-openssl-1_0_0 suse-upgrade-openssl-1_0_0-cavs suse-upgrade-openssl-1_0_0-doc suse-upgrade-openssl-1_1 suse-upgrade-openssl-1_1-doc suse-upgrade-openssl-3 suse-upgrade-openssl-3-doc suse-upgrade-openssl-doc suse-upgrade-openssl1 suse-upgrade-openssl1-doc References https://attackerkb.com/topics/cve-2023-0464 CVE - 2023-0464

SUSE: CVE-2023-0386: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/22/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-optional suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-0386 CVE - 2023-0386 DSA-5402

CentOS Linux: CVE-2023-28708: Moderate: tomcat security and bug fix update (Multiple Advisories) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/22/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description When using the RemoteIpFilter with requests received from areverse proxy via HTTP that include the X-Forwarded-Protoheader set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Solution(s) centos-upgrade-tomcat centos-upgrade-tomcat-admin-webapps centos-upgrade-tomcat-docs-webapp centos-upgrade-tomcat-el-3-0-api centos-upgrade-tomcat-jsp-2-3-api centos-upgrade-tomcat-lib centos-upgrade-tomcat-servlet-4-0-api centos-upgrade-tomcat-webapps References CVE-2023-28708

Debian: CVE-2023-28708: tomcat10, tomcat9 -- security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 03/22/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description When using the RemoteIpFilter with requests received from areverse proxy via HTTP that include the X-Forwarded-Protoheader set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. Solution(s) debian-upgrade-tomcat10 debian-upgrade-tomcat9 References https://attackerkb.com/topics/cve-2023-28708 CVE - 2023-28708 DLA-3384-1 DSA-5381-1

CentOS Linux: CVE-2023-1281: Important: kernel security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/22/2023 Created 08/10/2023 Added 08/09/2023 Modified 01/28/2025 Description Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt centos-upgrade-kpatch-patch-4_18_0-477_10_1 centos-upgrade-kpatch-patch-4_18_0-477_10_1-debuginfo centos-upgrade-kpatch-patch-4_18_0-477_10_1-debugsource centos-upgrade-kpatch-patch-4_18_0-477_13_1 centos-upgrade-kpatch-patch-4_18_0-477_13_1-debuginfo centos-upgrade-kpatch-patch-4_18_0-477_13_1-debugsource centos-upgrade-kpatch-patch-4_18_0-477_15_1 centos-upgrade-kpatch-patch-4_18_0-477_15_1-debuginfo centos-upgrade-kpatch-patch-4_18_0-477_15_1-debugsource References CVE-2023-1281

F5 Networks: CVE-2023-0464: K000133706: OpenSSL vulnerability CVE-2023-0464 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 12/09/2023 Added 12/08/2023 Modified 01/28/2025 Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2023-0464 CVE - 2023-0464 https://my.f5.com/manage/s/article/K000133706

Amazon Linux AMI: CVE-2023-27534: Security patch for curl (ALAS-2023-1729) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 03/21/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Solution(s) amazon-linux-upgrade-curl References ALAS-2023-1729 CVE-2023-27534

SUSE: CVE-2023-27533: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. Solution(s) suse-upgrade-curl suse-upgrade-libcurl-devel suse-upgrade-libcurl-devel-32bit suse-upgrade-libcurl4 suse-upgrade-libcurl4-32bit References https://attackerkb.com/topics/cve-2023-27533 CVE - 2023-27533

Amazon Linux 2023: CVE-2023-28755: Important priority package update for ruby3.2 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/21/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. A flaw was found in the rubygem URI. The URI parser mishandles invalid URLs that have specific characters, which causes an increase in execution time parsing strings to URI objects. This may result in a regular expression denial of service (ReDoS). Solution(s) amazon-linux-2023-upgrade-ruby3-2 amazon-linux-2023-upgrade-ruby3-2-bundled-gems amazon-linux-2023-upgrade-ruby3-2-bundled-gems-debuginfo amazon-linux-2023-upgrade-ruby3-2-debuginfo amazon-linux-2023-upgrade-ruby3-2-debugsource amazon-linux-2023-upgrade-ruby3-2-default-gems amazon-linux-2023-upgrade-ruby3-2-devel amazon-linux-2023-upgrade-ruby3-2-doc amazon-linux-2023-upgrade-ruby3-2-libs amazon-linux-2023-upgrade-ruby3-2-libs-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-bigdecimal amazon-linux-2023-upgrade-ruby3-2-rubygem-bigdecimal-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-bundler amazon-linux-2023-upgrade-ruby3-2-rubygem-io-console amazon-linux-2023-upgrade-ruby3-2-rubygem-io-console-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-irb amazon-linux-2023-upgrade-ruby3-2-rubygem-json amazon-linux-2023-upgrade-ruby3-2-rubygem-json-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-minitest amazon-linux-2023-upgrade-ruby3-2-rubygem-power-assert amazon-linux-2023-upgrade-ruby3-2-rubygem-psych amazon-linux-2023-upgrade-ruby3-2-rubygem-psych-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-rake amazon-linux-2023-upgrade-ruby3-2-rubygem-rbs amazon-linux-2023-upgrade-ruby3-2-rubygem-rbs-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-rdoc amazon-linux-2023-upgrade-ruby3-2-rubygem-rexml amazon-linux-2023-upgrade-ruby3-2-rubygem-rss amazon-linux-2023-upgrade-ruby3-2-rubygems amazon-linux-2023-upgrade-ruby3-2-rubygems-devel amazon-linux-2023-upgrade-ruby3-2-rubygem-test-unit amazon-linux-2023-upgrade-ruby3-2-rubygem-typeprof References https://attackerkb.com/topics/cve-2023-28755 CVE - 2023-28755 https://alas.aws.amazon.com/AL2023/ALAS-2023-158.html

SUSE: CVE-2023-27534: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 03/21/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Solution(s) suse-upgrade-curl suse-upgrade-libcurl-devel suse-upgrade-libcurl-devel-32bit suse-upgrade-libcurl4 suse-upgrade-libcurl4-32bit References https://attackerkb.com/topics/cve-2023-27534 CVE - 2023-27534

Amazon Linux 2023: CVE-2023-28756: Important priority package update for ruby3.2 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 03/21/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. A flaw was found in the Time gem and Time library of Ruby. The Time parser mishandles invalid strings with specific characters and causes an increase in execution time for parsing strings to Time objects. This issue may result in a Regular expression denial of service (ReDoS). Solution(s) amazon-linux-2023-upgrade-ruby3-2 amazon-linux-2023-upgrade-ruby3-2-bundled-gems amazon-linux-2023-upgrade-ruby3-2-bundled-gems-debuginfo amazon-linux-2023-upgrade-ruby3-2-debuginfo amazon-linux-2023-upgrade-ruby3-2-debugsource amazon-linux-2023-upgrade-ruby3-2-default-gems amazon-linux-2023-upgrade-ruby3-2-devel amazon-linux-2023-upgrade-ruby3-2-doc amazon-linux-2023-upgrade-ruby3-2-libs amazon-linux-2023-upgrade-ruby3-2-libs-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-bigdecimal amazon-linux-2023-upgrade-ruby3-2-rubygem-bigdecimal-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-bundler amazon-linux-2023-upgrade-ruby3-2-rubygem-io-console amazon-linux-2023-upgrade-ruby3-2-rubygem-io-console-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-irb amazon-linux-2023-upgrade-ruby3-2-rubygem-json amazon-linux-2023-upgrade-ruby3-2-rubygem-json-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-minitest amazon-linux-2023-upgrade-ruby3-2-rubygem-power-assert amazon-linux-2023-upgrade-ruby3-2-rubygem-psych amazon-linux-2023-upgrade-ruby3-2-rubygem-psych-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-rake amazon-linux-2023-upgrade-ruby3-2-rubygem-rbs amazon-linux-2023-upgrade-ruby3-2-rubygem-rbs-debuginfo amazon-linux-2023-upgrade-ruby3-2-rubygem-rdoc amazon-linux-2023-upgrade-ruby3-2-rubygem-rexml amazon-linux-2023-upgrade-ruby3-2-rubygem-rss amazon-linux-2023-upgrade-ruby3-2-rubygems amazon-linux-2023-upgrade-ruby3-2-rubygems-devel amazon-linux-2023-upgrade-ruby3-2-rubygem-test-unit amazon-linux-2023-upgrade-ruby3-2-rubygem-typeprof References https://attackerkb.com/topics/cve-2023-28756 CVE - 2023-28756 https://alas.aws.amazon.com/AL2023/ALAS-2023-158.html

SUSE: CVE-2023-27538: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 03/21/2023 Created 03/23/2023 Added 03/22/2023 Modified 01/28/2025 Description An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. Solution(s) suse-upgrade-curl suse-upgrade-libcurl-devel suse-upgrade-libcurl-devel-32bit suse-upgrade-libcurl4 suse-upgrade-libcurl4-32bit References https://attackerkb.com/topics/cve-2023-27538 CVE - 2023-27538

Microsoft Edge Chromium: CVE-2023-1528 Use after free in Passwords Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) microsoft-edge-upgrade-latest References https://attackerkb.com/topics/cve-2023-1528 CVE - 2023-1528 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-1528

Debian: CVE-2022-42332: xen -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated. Solution(s) debian-upgrade-xen References https://attackerkb.com/topics/cve-2022-42332 CVE - 2022-42332 DSA-5378 DSA-5378-1

Debian: CVE-2022-42333: xen -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/21/2023 Created 03/27/2023 Added 03/27/2023 Modified 01/28/2025 Description x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334). Solution(s) debian-upgrade-xen References https://attackerkb.com/topics/cve-2022-42333 CVE - 2022-42333 DSA-5378 DSA-5378-1

Red Hat: CVE-2023-0464: Denial of service by excessive resource usage in verifying X509 policy constraints (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/30/2025 Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) redhat-upgrade-openssl redhat-upgrade-openssl-debuginfo redhat-upgrade-openssl-debugsource redhat-upgrade-openssl-devel redhat-upgrade-openssl-libs redhat-upgrade-openssl-libs-debuginfo redhat-upgrade-openssl-perl References CVE-2023-0464 RHSA-2023:3722

FreeBSD: (Multiple Advisories) (CVE-2023-0464): OpenSSL -- Excessive Resource Usage Verifying X.509 Policy Constraints Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/22/2023 Created 03/27/2023 Added 03/24/2023 Modified 01/28/2025 Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Solution(s) freebsd-upgrade-package-openssl freebsd-upgrade-package-openssl-quic freebsd-upgrade-package-openssl30 freebsd-upgrade-package-openssl31 freebsd-upgrade-package-python310 freebsd-upgrade-package-python311 freebsd-upgrade-package-python37 freebsd-upgrade-package-python38 freebsd-upgrade-package-python39 freebsd-upgrade-package-virtualbox-ose References CVE-2023-0464