ISHACK AI BOT

OS X update for Networking (CVE-2022-46716) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 03/17/2023 Created 03/17/2023 Added 03/17/2023 Modified 01/28/2025 Description A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. Private Relay functionality did not match system settings Solution(s) apple-osx-upgrade-13_1 References https://attackerkb.com/topics/cve-2022-46716 CVE - 2022-46716 https://support.apple.com/kb/HT213532

Ubuntu: USN-6560-1 (CVE-2023-28531): OpenSSH vulnerabilities Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/17/2023 Created 12/21/2023 Added 12/20/2023 Modified 01/28/2025 Description ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. Solution(s) ubuntu-upgrade-openssh-client ubuntu-upgrade-openssh-server References https://attackerkb.com/topics/cve-2023-28531 CVE - 2023-28531 USN-6560-1

Amazon Linux AMI: CVE-2023-2162: Security patch for kernel (ALAS-2023-1701) Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 03/17/2023 Created 05/05/2023 Added 05/02/2023 Modified 01/28/2025 Description A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1701 CVE-2023-2162

Amazon Linux AMI: CVE-2023-45862: Security patch for kernel (ALAS-2023-1701) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/17/2023 Created 10/31/2023 Added 10/27/2023 Modified 01/28/2025 Description An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1701 CVE-2023-45862

Alpine Linux: CVE-2023-27591: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 03/17/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy. Solution(s) alpine-linux-upgrade-miniflux References https://attackerkb.com/topics/cve-2023-27591 CVE - 2023-27591 https://security.alpinelinux.org/vuln/CVE-2023-27591

Amazon Linux AMI: CVE-2023-1073: Security patch for kernel (ALAS-2023-1706) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/17/2023 Created 02/08/2024 Added 02/06/2024 Modified 02/06/2024 Description A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1706 CVE-2023-1073

Gentoo Linux: CVE-2023-28531: OpenSSH: Remote Code Execution Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 03/17/2023 Created 07/20/2023 Added 07/20/2023 Modified 01/28/2025 Description ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9. Solution(s) gentoo-linux-upgrade-net-misc-openssh References https://attackerkb.com/topics/cve-2023-28531 CVE - 2023-28531 202307-01

Debian: CVE-2023-1449: gpac -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/17/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/28/2025 Description A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability. Solution(s) debian-upgrade-gpac References https://attackerkb.com/topics/cve-2023-1449 CVE - 2023-1449 DSA-5411-1

Alpine Linux: CVE-2023-27592: Cross-site Scripting Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 03/17/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the `html.ServerError` is returned unescaped without the expected Content Security Policy header added to valid responses. By creating an RSS feed item with the inline description containing an `<img>` tag with a `srcset` attribute pointing to an invalid URL like `http:a<script>alert(1)</script>`, we can coerce the proxy handler into an error condition where the invalid URL is returned unescaped and in full. This results in JavaScript execution on the Miniflux instance as soon as the user is convinced (e.g. by a message in the alt text) to open the broken image. An attacker can execute arbitrary JavaScript in the context of a victim Miniflux user when they open a broken image in a crafted RSS feed. This can be used to perform actions on the Miniflux instance as that user and gain administrative access to the Miniflux instance if it is reachable and the victim is an administrator. A patch is available in version 2.0.43. As a workaround sisable image proxy; default value is `http-only`. Solution(s) alpine-linux-upgrade-miniflux References https://attackerkb.com/topics/cve-2023-27592 CVE - 2023-27592 https://security.alpinelinux.org/vuln/CVE-2023-27592

Debian: CVE-2023-1448: gpac -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/17/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/28/2025 Description A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability. Solution(s) debian-upgrade-gpac References https://attackerkb.com/topics/cve-2023-1448 CVE - 2023-1448 DSA-5411-1

Debian: CVE-2023-1452: gpac -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 03/17/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/28/2025 Description A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability. Solution(s) debian-upgrade-gpac References https://attackerkb.com/topics/cve-2023-1452 CVE - 2023-1452 DSA-5411-1

Amazon Linux AMI: CVE-2023-0459: Security patch for kernel (ALAS-2023-1706) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/17/2023 Created 05/05/2023 Added 05/02/2023 Modified 07/14/2023 Description Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1706 CVE-2023-0459

Debian: CVE-2023-28164: firefox-esr, thunderbird -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 03/17/2023 Created 03/17/2023 Added 03/17/2023 Modified 01/28/2025 Description Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9. Solution(s) debian-upgrade-firefox-esr debian-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-28164 CVE - 2023-28164 DSA-5374-1

Amazon Linux AMI: CVE-2022-48988: Security patch for kernel (ALAS-2023-1706) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/17/2023 Created 01/25/2025 Added 01/23/2025 Modified 01/23/2025 Description In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcg_write_event_control() memcg_write_event_control() accesses the dentry->d_name of the specified control fd to route the write call.As a cgroup interface file can't be renamed, it's safe to access d_name as long as the specified file is a regular cgroup file.Also, as these cgroup interface files can't be removed before the directory, it's safe to access the parent too. Prior to 347c4a874710 ("memcg: remove cgroup_event->cft"), there was a call to __file_cft() which verified that the specified file is a regular cgroupfs file before further accesses.The cftype pointer returned from __file_cft() was no longer necessary and the commit inadvertently dropped the file type check with it allowing any file to slip through.With the invarients broken, the d_name and parent accesses can now race against renames and removals of arbitrary files and cause use-after-free's. Fix the bug by resurrecting the file type check in __file_cft().Now that cgroupfs is implemented through kernfs, checking the file operations needs to go through a layer of indirection.Instead, let's check the superblock and dentry type. Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1706 CVE-2022-48988

Amazon Linux AMI: CVE-2023-28466: Security patch for kernel (ALAS-2023-1773) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/16/2023 Created 07/05/2023 Added 07/04/2023 Modified 01/28/2025 Description do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1773 CVE-2023-28466

Huawei EulerOS: CVE-2023-28487: sudo security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 07/23/2024 Added 07/23/2024 Modified 01/28/2025 Description Sudo before 1.9.13 does not escape control characters in sudoreplay output. Solution(s) huawei-euleros-2_0_sp8-upgrade-sudo References https://attackerkb.com/topics/cve-2023-28487 CVE - 2023-28487 EulerOS-SA-2024-2493

Huawei EulerOS: CVE-2023-28466: kernel security update Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/16/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Solution(s) huawei-euleros-2_0_sp8-upgrade-bpftool huawei-euleros-2_0_sp8-upgrade-kernel huawei-euleros-2_0_sp8-upgrade-kernel-devel huawei-euleros-2_0_sp8-upgrade-kernel-headers huawei-euleros-2_0_sp8-upgrade-kernel-tools huawei-euleros-2_0_sp8-upgrade-kernel-tools-libs huawei-euleros-2_0_sp8-upgrade-perf huawei-euleros-2_0_sp8-upgrade-python-perf huawei-euleros-2_0_sp8-upgrade-python3-perf References https://attackerkb.com/topics/cve-2023-28466 CVE - 2023-28466 EulerOS-SA-2023-2193

Ubuntu: USN-7231-1 (CVE-2023-27785): Tcpreplay vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/16/2023 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. Solution(s) ubuntu-pro-upgrade-tcpreplay References https://attackerkb.com/topics/cve-2023-27785 CVE - 2023-27785 USN-7231-1

SUSE: CVE-2023-1076: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:N) Published 03/16/2023 Created 03/22/2023 Added 03/20/2023 Modified 01/28/2025 Description A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-1076 CVE - 2023-1076

Ubuntu: USN-7231-1 (CVE-2023-27786): Tcpreplay vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/16/2023 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. Solution(s) ubuntu-pro-upgrade-tcpreplay References https://attackerkb.com/topics/cve-2023-27786 CVE - 2023-27786 USN-7231-1

Alma Linux: CVE-2023-26767: Moderate: liblouis security update (ALSA-2023-6385) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. Solution(s) alma-upgrade-liblouis alma-upgrade-python3-louis References https://attackerkb.com/topics/cve-2023-26767 CVE - 2023-26767 https://errata.almalinux.org/9/ALSA-2023-6385.html

Red Hat: CVE-2023-28100: flatpak: TIOCLINUX can send commands outside sandbox if running on a virtual console (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/16/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/30/2025 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment. Solution(s) redhat-upgrade-flatpak redhat-upgrade-flatpak-debuginfo redhat-upgrade-flatpak-debugsource redhat-upgrade-flatpak-devel redhat-upgrade-flatpak-libs redhat-upgrade-flatpak-libs-debuginfo redhat-upgrade-flatpak-selinux redhat-upgrade-flatpak-session-helper redhat-upgrade-flatpak-session-helper-debuginfo redhat-upgrade-flatpak-tests-debuginfo References CVE-2023-28100 RHSA-2023:6518 RHSA-2023:7038

Alma Linux: CVE-2023-26769: Moderate: liblouis security update (ALSA-2023-6385) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. Solution(s) alma-upgrade-liblouis alma-upgrade-python3-louis References https://attackerkb.com/topics/cve-2023-26769 CVE - 2023-26769 https://errata.almalinux.org/9/ALSA-2023-6385.html

Red Hat: CVE-2023-26769: buffer overflow in Lou_Trace (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. Solution(s) redhat-upgrade-liblouis redhat-upgrade-liblouis-debuginfo redhat-upgrade-liblouis-debugsource redhat-upgrade-liblouis-utils-debuginfo redhat-upgrade-python3-louis References CVE-2023-26769 RHSA-2023:6385

Red Hat: CVE-2023-26768: buffer overflow in lou_setDataPath (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. Solution(s) redhat-upgrade-liblouis redhat-upgrade-liblouis-debuginfo redhat-upgrade-liblouis-debugsource redhat-upgrade-liblouis-utils-debuginfo redhat-upgrade-python3-louis References CVE-2023-26768 RHSA-2023:6385