ISHACK AI BOT

Red Hat: CVE-2023-28466: race condition in do_tls_getsockopt may lead to use-after-free or NULL pointer dereference (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/16/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-28466 RHSA-2023:3708 RHSA-2023:3723 RHSA-2023:3819 RHSA-2023:3847 RHSA-2023:4789 RHSA-2023:4801 RHSA-2023:4814 View more

Ubuntu: USN-7231-1 (CVE-2023-27787): Tcpreplay vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/16/2023 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint. Solution(s) ubuntu-pro-upgrade-tcpreplay References https://attackerkb.com/topics/cve-2023-27787 CVE - 2023-27787 USN-7231-1

Red Hat: CVE-2023-28101: flatpak: Metadata with ANSI control codes can cause misleading terminal output (Multiple Advisories) Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 03/16/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust. Solution(s) redhat-upgrade-flatpak redhat-upgrade-flatpak-debuginfo redhat-upgrade-flatpak-debugsource redhat-upgrade-flatpak-devel redhat-upgrade-flatpak-libs redhat-upgrade-flatpak-libs-debuginfo redhat-upgrade-flatpak-selinux redhat-upgrade-flatpak-session-helper redhat-upgrade-flatpak-session-helper-debuginfo redhat-upgrade-flatpak-tests-debuginfo References CVE-2023-28101 RHSA-2023:6518 RHSA-2023:7038

Ubuntu: USN-7231-1 (CVE-2023-27783): Tcpreplay vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/16/2023 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. Solution(s) ubuntu-pro-upgrade-tcpreplay References https://attackerkb.com/topics/cve-2023-27783 CVE - 2023-27783 USN-7231-1

Ubuntu: (Multiple Advisories) (CVE-2023-28466): Linux kernel (OEM) vulnerabilities Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). Solution(s) ubuntu-upgrade-linux-image-5-15-0-1025-gkeop ubuntu-upgrade-linux-image-5-15-0-1030-nvidia ubuntu-upgrade-linux-image-5-15-0-1030-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1035-ibm ubuntu-upgrade-linux-image-5-15-0-1035-raspi ubuntu-upgrade-linux-image-5-15-0-1037-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1039-gcp ubuntu-upgrade-linux-image-5-15-0-1039-gke ubuntu-upgrade-linux-image-5-15-0-1039-kvm ubuntu-upgrade-linux-image-5-15-0-1040-oracle ubuntu-upgrade-linux-image-5-15-0-1041-aws ubuntu-upgrade-linux-image-5-15-0-1042-aws ubuntu-upgrade-linux-image-5-15-0-1043-azure-fde ubuntu-upgrade-linux-image-5-15-0-1045-azure ubuntu-upgrade-linux-image-5-15-0-1045-azure-fde ubuntu-upgrade-linux-image-5-15-0-79-generic ubuntu-upgrade-linux-image-5-15-0-79-generic-64k ubuntu-upgrade-linux-image-5-15-0-79-generic-lpae ubuntu-upgrade-linux-image-5-15-0-79-lowlatency ubuntu-upgrade-linux-image-5-15-0-79-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1019-iot ubuntu-upgrade-linux-image-5-4-0-1027-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1054-ibm ubuntu-upgrade-linux-image-5-4-0-1068-bluefield ubuntu-upgrade-linux-image-5-4-0-1074-gkeop ubuntu-upgrade-linux-image-5-4-0-1091-raspi ubuntu-upgrade-linux-image-5-4-0-1096-kvm ubuntu-upgrade-linux-image-5-4-0-1105-gke ubuntu-upgrade-linux-image-5-4-0-1106-oracle ubuntu-upgrade-linux-image-5-4-0-1107-aws ubuntu-upgrade-linux-image-5-4-0-1110-gcp ubuntu-upgrade-linux-image-5-4-0-1113-azure ubuntu-upgrade-linux-image-5-4-0-1114-azure ubuntu-upgrade-linux-image-5-4-0-156-generic ubuntu-upgrade-linux-image-5-4-0-156-generic-lpae ubuntu-upgrade-linux-image-5-4-0-156-lowlatency ubuntu-upgrade-linux-image-6-0-0-1021-oem ubuntu-upgrade-linux-image-6-1-0-1009-oem ubuntu-upgrade-linux-image-6-2-0-1003-ibm ubuntu-upgrade-linux-image-6-2-0-1005-aws ubuntu-upgrade-linux-image-6-2-0-1005-azure ubuntu-upgrade-linux-image-6-2-0-1005-lowlatency ubuntu-upgrade-linux-image-6-2-0-1005-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1005-oracle ubuntu-upgrade-linux-image-6-2-0-1006-kvm ubuntu-upgrade-linux-image-6-2-0-1006-raspi ubuntu-upgrade-linux-image-6-2-0-1006-raspi-nolpae ubuntu-upgrade-linux-image-6-2-0-1007-gcp ubuntu-upgrade-linux-image-6-2-0-23-generic ubuntu-upgrade-linux-image-6-2-0-23-generic-64k ubuntu-upgrade-linux-image-6-2-0-23-generic-lpae ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-18-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gke-5-4 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-28466 CVE - 2023-28466 USN-6033-1 USN-6175-1 USN-6186-1 USN-6284-1 USN-6300-1 USN-6301-1 USN-6311-1 USN-6312-1 USN-6314-1 USN-6331-1 USN-6332-1 USN-6337-1 USN-6347-1 USN-6385-1 View more

Ubuntu: USN-7231-1 (CVE-2023-27784): Tcpreplay vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/16/2023 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. Solution(s) ubuntu-pro-upgrade-tcpreplay References https://attackerkb.com/topics/cve-2023-27784 CVE - 2023-27784 USN-7231-1

Ubuntu: USN-7231-1 (CVE-2023-27789): Tcpreplay vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 03/16/2023 Created 01/31/2025 Added 01/30/2025 Modified 01/30/2025 Description An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. Solution(s) ubuntu-pro-upgrade-tcpreplay References https://attackerkb.com/topics/cve-2023-27789 CVE - 2023-27789 USN-7231-1

Ubuntu: (Multiple Advisories) (CVE-2023-26769): Liblouis vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. Solution(s) ubuntu-pro-upgrade-liblouis-bin ubuntu-pro-upgrade-liblouis20 ubuntu-pro-upgrade-liblouis9 ubuntu-pro-upgrade-python-louis References https://attackerkb.com/topics/cve-2023-26769 CVE - 2023-26769 USN-5996-1 USN-5996-2

Ubuntu: (Multiple Advisories) (CVE-2023-28487): Sudo vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 05/05/2023 Added 04/17/2023 Modified 01/28/2025 Description Sudo before 1.9.13 does not escape control characters in sudoreplay output. Solution(s) ubuntu-pro-upgrade-sudo ubuntu-pro-upgrade-sudo-ldap References https://attackerkb.com/topics/cve-2023-28487 CVE - 2023-28487 USN-6005-1 USN-6005-2

Oracle Linux: CVE-2023-28101: ELSA-2023-6518:flatpak security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 03/16/2023 Created 11/24/2023 Added 11/22/2023 Modified 11/28/2024 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust. A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. Suppose an attacker publishes a Flatpak app with elevated permissions. In that case, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC.` Solution(s) oracle-linux-upgrade-flatpak oracle-linux-upgrade-flatpak-devel oracle-linux-upgrade-flatpak-libs oracle-linux-upgrade-flatpak-selinux oracle-linux-upgrade-flatpak-session-helper References https://attackerkb.com/topics/cve-2023-28101 CVE - 2023-28101 ELSA-2023-6518 ELSA-2023-7038

Oracle Linux: CVE-2023-28100: ELSA-2023-6518:flatpak security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/16/2023 Created 11/24/2023 Added 11/22/2023 Modified 11/28/2024 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment. A flaw was found in Flatpak, a system for building, distributing, and running sandboxed desktop applications on Linux. It contains a vulnerability similar to CVE-2017-5226 but using the `TIOCLINUX` ioctl command instead of `TIOCSTI.` If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal, and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2`, and others. Solution(s) oracle-linux-upgrade-flatpak oracle-linux-upgrade-flatpak-devel oracle-linux-upgrade-flatpak-libs oracle-linux-upgrade-flatpak-selinux oracle-linux-upgrade-flatpak-session-helper References https://attackerkb.com/topics/cve-2023-28100 CVE - 2023-28100 ELSA-2023-6518 ELSA-2023-7038

Ubuntu: (Multiple Advisories) (CVE-2023-26768): Liblouis vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. Solution(s) ubuntu-pro-upgrade-liblouis-bin ubuntu-pro-upgrade-liblouis20 ubuntu-pro-upgrade-liblouis9 ubuntu-pro-upgrade-python-louis References https://attackerkb.com/topics/cve-2023-26768 CVE - 2023-26768 USN-5996-1 USN-5996-2

SUSE: CVE-2023-28487: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 03/30/2023 Added 03/30/2023 Modified 01/28/2025 Description Sudo before 1.9.13 does not escape control characters in sudoreplay output. Solution(s) suse-upgrade-sudo suse-upgrade-sudo-devel suse-upgrade-sudo-plugin-python suse-upgrade-sudo-test References https://attackerkb.com/topics/cve-2023-28487 CVE - 2023-28487

Ubuntu: (Multiple Advisories) (CVE-2023-26767): Liblouis vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/10/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. Solution(s) ubuntu-pro-upgrade-liblouis-bin ubuntu-pro-upgrade-liblouis20 ubuntu-pro-upgrade-liblouis9 ubuntu-pro-upgrade-python-louis References https://attackerkb.com/topics/cve-2023-26767 CVE - 2023-26767 USN-5996-1 USN-5996-2

Gentoo Linux: CVE-2023-26769: liblouis: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 09/24/2024 Added 09/23/2024 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. Solution(s) gentoo-linux-upgrade-dev-libs-liblouis References https://attackerkb.com/topics/cve-2023-26769 CVE - 2023-26769 202409-18

SUSE: CVE-2023-26769: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. Solution(s) suse-upgrade-liblouis-data suse-upgrade-liblouis-devel suse-upgrade-liblouis-doc suse-upgrade-liblouis-tools suse-upgrade-liblouis14 suse-upgrade-liblouis19 suse-upgrade-liblouis20 suse-upgrade-liblouis9 suse-upgrade-python-louis suse-upgrade-python3-louis References https://attackerkb.com/topics/cve-2023-26769 CVE - 2023-26769

Gentoo Linux: CVE-2023-28101: Flatpak: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:L/Au:S/C:N/I:P/A:N) Published 03/16/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/28/2025 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust. Solution(s) gentoo-linux-upgrade-sys-apps-flatpak References https://attackerkb.com/topics/cve-2023-28101 CVE - 2023-28101 202312-12

SUSE: CVE-2023-27783: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. Solution(s) suse-upgrade-tcpreplay References https://attackerkb.com/topics/cve-2023-27783 CVE - 2023-27783

CentOS Linux: CVE-2023-26769: Moderate: liblouis security update (CESA-2023:6385) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 11/09/2023 Added 11/08/2023 Modified 01/28/2025 Description Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. Solution(s) centos-upgrade-liblouis centos-upgrade-liblouis-debuginfo centos-upgrade-liblouis-debugsource centos-upgrade-liblouis-utils-debuginfo centos-upgrade-python3-louis References CVE-2023-26769

SUSE: CVE-2023-27786: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 09/28/2023 Added 09/27/2023 Modified 01/28/2025 Description An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. Solution(s) suse-upgrade-tcpreplay References https://attackerkb.com/topics/cve-2023-27786 CVE - 2023-27786

Rocky Linux: CVE-2023-28100: flatpak (RLSA-2023-6518) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 03/16/2023 Created 05/13/2024 Added 05/13/2024 Modified 01/30/2025 Description Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment. Solution(s) rocky-upgrade-flatpak rocky-upgrade-flatpak-debuginfo rocky-upgrade-flatpak-debugsource rocky-upgrade-flatpak-devel rocky-upgrade-flatpak-libs rocky-upgrade-flatpak-libs-debuginfo rocky-upgrade-flatpak-session-helper rocky-upgrade-flatpak-session-helper-debuginfo References https://attackerkb.com/topics/cve-2023-28100 CVE - 2023-28100 https://errata.rockylinux.org/RLSA-2023:6518

Oracle Linux: CVE-2023-28486: ELSA-2024-0811:sudo security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 02/16/2024 Added 02/14/2024 Modified 12/18/2024 Description Sudo before 1.9.13 does not escape control characters in log messages. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information. Solution(s) oracle-linux-upgrade-sudo oracle-linux-upgrade-sudo-python-plugin References https://attackerkb.com/topics/cve-2023-28486 CVE - 2023-28486 ELSA-2024-0811

Oracle Linux: CVE-2023-28487: ELSA-2024-0811:sudo security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 03/16/2023 Created 02/16/2024 Added 02/14/2024 Modified 12/18/2024 Description Sudo before 1.9.13 does not escape control characters in sudoreplay output. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information. Solution(s) oracle-linux-upgrade-sudo oracle-linux-upgrade-sudo-python-plugin References https://attackerkb.com/topics/cve-2023-28487 CVE - 2023-28487 ELSA-2024-0811

SUSE: CVE-2023-1390: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. Solution(s) suse-upgrade-dtb-al suse-upgrade-dtb-zte suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-debug-base suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-man suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-docs suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2023-1390 CVE - 2023-1390

Oracle Linux: CVE-2023-22652: ELSA-2023-4347:libeconf security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 03/16/2023 Created 08/04/2023 Added 08/03/2023 Modified 12/01/2024 Description A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2. A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow, resulting in a denial of service. Solution(s) oracle-linux-upgrade-libeconf References https://attackerkb.com/topics/cve-2023-22652 CVE - 2023-22652 ELSA-2023-4347