ISHACK AI BOT

CentOS Linux: CVE-2023-1095: Moderate: kernel-rt security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 02/28/2023 Created 03/07/2023 Added 03/06/2023 Modified 01/28/2025 Description In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-1095

Aruba AOS-8: CVE-2023-22772: Authenticated Path Traversal in ArubaOS Web-based Management Interface Allows for Arbitrary File Deletion. Severity 8 CVSS (AV:N/AC:L/Au:M/C:N/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Successful exploitation of this vulnerability results in the ability to delete arbitrary files in the underlying operating system. Solution(s) aruba-aos-8-cve-2023-22772 References https://attackerkb.com/topics/cve-2023-22772 CVE - 2023-22772 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Debian: CVE-2022-41727: golang-golang-x-image -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service. Solution(s) debian-upgrade-golang-golang-x-image References https://attackerkb.com/topics/cve-2022-41727 CVE - 2022-41727

Aruba AOS-8: CVE-2023-22767: Authenticated Remote Command Execution in the ArubaOS Command Line Interface Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 01/16/2025 Added 01/14/2025 Modified 02/04/2025 Description Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. Solution(s) aruba-aos-8-cve-2023-22767 References https://attackerkb.com/topics/cve-2023-22767 CVE - 2023-22767 https://csaf.arubanetworks.com/2023/hpe_aruba_networking_-_2023-002.json

Debian: CVE-2022-41725: golang-1.19 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. Solution(s) debian-upgrade-golang-1-19 References https://attackerkb.com/topics/cve-2022-41725 CVE - 2022-41725

Debian: CVE-2022-41724: golang-1.19 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). Solution(s) debian-upgrade-golang-1-19 References https://attackerkb.com/topics/cve-2022-41724 CVE - 2022-41724

Red Hat: CVE-2022-41725: denial of service from excessive resource consumption (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/30/2025 Description A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-delve redhat-upgrade-delve-debuginfo redhat-upgrade-delve-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-go-toolset redhat-upgrade-golang redhat-upgrade-golang-bin redhat-upgrade-golang-docs redhat-upgrade-golang-misc redhat-upgrade-golang-race redhat-upgrade-golang-src redhat-upgrade-golang-tests redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-debuginfo redhat-upgrade-skopeo-debugsource redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2022-41725 RHSA-2023:3083 RHSA-2023:6346 RHSA-2023:6363 RHSA-2023:6402 RHSA-2023:6473 RHSA-2023:6474 RHSA-2023:6938 RHSA-2023:6939 View more

Amazon Linux 2023: CVE-2023-27320: Important priority package update for sudo (Multiple Advisories) Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Sudo before 1.9.13p2 has a double free in the per-command chroot feature. A double-free vulnerability was found in Sudo in the per-command chroot feature. This flaw exists due to a boundary error when matching a sudoer rule that contains a per-command chroot directive (CHROOT=dir). By sending a specially-crafted request, a local privileged attacker can elevate privileges and execute arbitrary code on the system. Solution(s) amazon-linux-2023-upgrade-sudo amazon-linux-2023-upgrade-sudo-debuginfo amazon-linux-2023-upgrade-sudo-debugsource amazon-linux-2023-upgrade-sudo-devel amazon-linux-2023-upgrade-sudo-logsrvd amazon-linux-2023-upgrade-sudo-logsrvd-debuginfo amazon-linux-2023-upgrade-sudo-python-plugin amazon-linux-2023-upgrade-sudo-python-plugin-debuginfo References https://attackerkb.com/topics/cve-2023-27320 CVE - 2023-27320 https://alas.aws.amazon.com/AL2023/ALAS-2023-133.html https://alas.aws.amazon.com/AL2023/ALAS-2023-135.html

Alma Linux: CVE-2023-1017: Moderate: libtpms security update (ALSA-2023-2453) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/28/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/30/2025 Description An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. Solution(s) alma-upgrade-libtpms References https://attackerkb.com/topics/cve-2023-1017 CVE - 2023-1017 https://errata.almalinux.org/9/ALSA-2023-2453.html

SUSE: CVE-2022-41725: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 03/15/2023 Added 03/15/2023 Modified 01/28/2025 Description A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. Solution(s) suse-upgrade-container-suseconnect suse-upgrade-go1-18 suse-upgrade-go1-18-doc suse-upgrade-go1-18-openssl suse-upgrade-go1-18-openssl-doc suse-upgrade-go1-18-openssl-race suse-upgrade-go1-18-race suse-upgrade-go1-19 suse-upgrade-go1-19-doc suse-upgrade-go1-19-race suse-upgrade-go1-20 suse-upgrade-go1-20-doc suse-upgrade-go1-20-race References https://attackerkb.com/topics/cve-2022-41725 CVE - 2022-41725

Amazon Linux 2023: CVE-2023-25155: Medium priority package update for redis6 Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/28/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. A vulnerability was found in Redis. This flaw allows authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands to trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. Solution(s) amazon-linux-2023-upgrade-redis6 amazon-linux-2023-upgrade-redis6-debuginfo amazon-linux-2023-upgrade-redis6-debugsource amazon-linux-2023-upgrade-redis6-devel amazon-linux-2023-upgrade-redis6-doc References https://attackerkb.com/topics/cve-2023-25155 CVE - 2023-25155 https://alas.aws.amazon.com/AL2023/ALAS-2023-154.html

FreeBSD: VID-B17BCE48-B7C6-11ED-B304-080027F5FEC9 (CVE-2023-25155): redis -- multiple vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/28/2023 Created 03/04/2023 Added 03/02/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. Solution(s) freebsd-upgrade-package-redis freebsd-upgrade-package-redis-devel freebsd-upgrade-package-redis6 freebsd-upgrade-package-redis62 References CVE-2023-25155

Red Hat OpenShift: CVE-2022-41722: golang: path/filepath: path-filepath filepath.Clean path traversal Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 02/28/2023 Created 06/08/2023 Added 06/08/2023 Modified 01/30/2025 Description A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b". Solution(s) linuxrpm-upgrade-cri-o linuxrpm-upgrade-cri-tools linuxrpm-upgrade-openshift linuxrpm-upgrade-openshift-clients References https://attackerkb.com/topics/cve-2022-41722 CVE - 2022-41722 RHSA-2023:1325 RHSA-2023:3304 RHSA-2023:3366

CentOS Linux: CVE-2023-22998: Important: kernel-rt security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 02/28/2023 Created 07/13/2023 Added 07/13/2023 Modified 01/28/2025 Description In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-22998

FreeBSD: VID-B17BCE48-B7C6-11ED-B304-080027F5FEC9 (CVE-2022-36021): redis -- multiple vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 02/28/2023 Created 03/04/2023 Added 03/02/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. Authenticated users can use string matching commands (like `SCAN` or `KEYS`) with a specially crafted pattern to trigger a denial-of-service attack on Redis, causing it to hang and consume 100% CPU time. The problem is fixed in Redis versions 6.0.18, 6.2.11, 7.0.9. Solution(s) freebsd-upgrade-package-redis freebsd-upgrade-package-redis-devel freebsd-upgrade-package-redis6 freebsd-upgrade-package-redis62 References CVE-2022-36021

Huawei EulerOS: CVE-2022-41723: docker-engine security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Solution(s) huawei-euleros-2_0_sp11-upgrade-docker-engine huawei-euleros-2_0_sp11-upgrade-docker-engine-selinux References https://attackerkb.com/topics/cve-2022-41723 CVE - 2022-41723 EulerOS-SA-2024-1797

Huawei EulerOS: CVE-2023-27320: sudo security update Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description Sudo before 1.9.13p2 has a double free in the per-command chroot feature. Solution(s) huawei-euleros-2_0_sp11-upgrade-sudo References https://attackerkb.com/topics/cve-2023-27320 CVE - 2023-27320 EulerOS-SA-2023-2302

Red Hat OpenShift: CVE-2022-41725: golang: net/http, mime/multipart: denial of service from excessive resource consumption Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 05/19/2023 Added 05/19/2023 Modified 01/30/2025 Description A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. Solution(s) linuxrpm-upgrade-conmon linuxrpm-upgrade-openshift-clients linuxrpm-upgrade-podman linuxrpm-upgrade-skopeo References https://attackerkb.com/topics/cve-2022-41725 CVE - 2022-41725 RHSA-2023:0584 RHSA-2023:1325 RHSA-2023:1326 RHSA-2023:1639 RHSA-2023:1817 RHSA-2023:2107 RHSA-2023:3083 RHSA-2023:3167 RHSA-2023:3445 RHSA-2023:3450 RHSA-2023:3455 RHSA-2023:3612 RHSA-2023:3742 RHSA-2023:4003 RHSA-2023:4335 RHSA-2023:4470 RHSA-2023:4627 RHSA-2023:5935 RHSA-2023:5964 RHSA-2023:6346 RHSA-2023:6363 RHSA-2023:6402 RHSA-2023:6473 RHSA-2023:6474 RHSA-2023:6817 RHSA-2023:6938 RHSA-2023:6939 RHSA-2023:7672 RHSA-2024:2944 View more

SUSE: CVE-2019-14560: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/28/2023 Created 08/16/2024 Added 08/09/2024 Modified 08/09/2024 Description Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none. Solution(s) suse-upgrade-ovmf suse-upgrade-ovmf-tools suse-upgrade-qemu-ovmf-ia32 suse-upgrade-qemu-ovmf-x86_64 suse-upgrade-qemu-ovmf-x86_64-debug suse-upgrade-qemu-uefi-aarch32 suse-upgrade-qemu-uefi-aarch64 References https://attackerkb.com/topics/cve-2019-14560 CVE - 2019-14560

Ubuntu: USN-5933-1 (CVE-2023-1017): Libtpms vulnerabilities Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/28/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/30/2025 Description An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. Solution(s) ubuntu-upgrade-libtpms0 References https://attackerkb.com/topics/cve-2023-1017 CVE - 2023-1017 USN-5933-1

Red Hat: CVE-2022-41724: large handshake records may cause panics (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert). Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-delve redhat-upgrade-delve-debuginfo redhat-upgrade-delve-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-go-toolset redhat-upgrade-golang redhat-upgrade-golang-bin redhat-upgrade-golang-docs redhat-upgrade-golang-misc redhat-upgrade-golang-race redhat-upgrade-golang-src redhat-upgrade-golang-tests redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-debuginfo redhat-upgrade-skopeo-debugsource redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2022-41724 RHSA-2023:3083 RHSA-2023:6363 RHSA-2023:6380 RHSA-2023:6402 RHSA-2023:6473 RHSA-2023:6474 RHSA-2023:6938 RHSA-2023:6939 View more

Red Hat: CVE-2022-41723: net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/28/2025 Description A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Solution(s) redhat-upgrade-aardvark-dns redhat-upgrade-buildah redhat-upgrade-buildah-debuginfo redhat-upgrade-buildah-debugsource redhat-upgrade-buildah-tests redhat-upgrade-buildah-tests-debuginfo redhat-upgrade-cockpit-podman redhat-upgrade-conmon redhat-upgrade-conmon-debuginfo redhat-upgrade-conmon-debugsource redhat-upgrade-container-selinux redhat-upgrade-containernetworking-plugins redhat-upgrade-containernetworking-plugins-debuginfo redhat-upgrade-containernetworking-plugins-debugsource redhat-upgrade-containers-common redhat-upgrade-crit redhat-upgrade-criu redhat-upgrade-criu-debuginfo redhat-upgrade-criu-debugsource redhat-upgrade-criu-devel redhat-upgrade-criu-libs redhat-upgrade-criu-libs-debuginfo redhat-upgrade-crun redhat-upgrade-crun-debuginfo redhat-upgrade-crun-debugsource redhat-upgrade-delve redhat-upgrade-delve-debuginfo redhat-upgrade-delve-debugsource redhat-upgrade-fuse-overlayfs redhat-upgrade-fuse-overlayfs-debuginfo redhat-upgrade-fuse-overlayfs-debugsource redhat-upgrade-go-toolset redhat-upgrade-golang redhat-upgrade-golang-bin redhat-upgrade-golang-docs redhat-upgrade-golang-misc redhat-upgrade-golang-race redhat-upgrade-golang-src redhat-upgrade-golang-tests redhat-upgrade-libslirp redhat-upgrade-libslirp-debuginfo redhat-upgrade-libslirp-debugsource redhat-upgrade-libslirp-devel redhat-upgrade-netavark redhat-upgrade-oci-seccomp-bpf-hook redhat-upgrade-oci-seccomp-bpf-hook-debuginfo redhat-upgrade-oci-seccomp-bpf-hook-debugsource redhat-upgrade-podman redhat-upgrade-podman-catatonit redhat-upgrade-podman-catatonit-debuginfo redhat-upgrade-podman-debuginfo redhat-upgrade-podman-debugsource redhat-upgrade-podman-docker redhat-upgrade-podman-gvproxy redhat-upgrade-podman-gvproxy-debuginfo redhat-upgrade-podman-plugins redhat-upgrade-podman-plugins-debuginfo redhat-upgrade-podman-remote redhat-upgrade-podman-remote-debuginfo redhat-upgrade-podman-tests redhat-upgrade-python3-criu redhat-upgrade-python3-podman redhat-upgrade-rhc redhat-upgrade-rhc-debuginfo redhat-upgrade-rhc-debugsource redhat-upgrade-runc redhat-upgrade-runc-debuginfo redhat-upgrade-runc-debugsource redhat-upgrade-skopeo redhat-upgrade-skopeo-debuginfo redhat-upgrade-skopeo-debugsource redhat-upgrade-skopeo-tests redhat-upgrade-slirp4netns redhat-upgrade-slirp4netns-debuginfo redhat-upgrade-slirp4netns-debugsource redhat-upgrade-toolbox redhat-upgrade-toolbox-debuginfo redhat-upgrade-toolbox-debugsource redhat-upgrade-toolbox-tests redhat-upgrade-udica References CVE-2022-41723 RHSA-2023:3083 RHSA-2023:6346 RHSA-2023:6363 RHSA-2023:6402 RHSA-2023:6473 RHSA-2023:6474 RHSA-2023:6938 RHSA-2023:6939 RHSA-2023:7058 View more

Alpine Linux: CVE-2023-27320: Double Free Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/28/2023 Created 03/22/2024 Added 03/21/2024 Modified 10/02/2024 Description Sudo before 1.9.13p2 has a double free in the per-command chroot feature. Solution(s) alpine-linux-upgrade-sudo References https://attackerkb.com/topics/cve-2023-27320 CVE - 2023-27320 https://security.alpinelinux.org/vuln/CVE-2023-27320

Alma Linux: CVE-2023-0461: Important: kernel security, bug fix, and enhancement update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 02/28/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c Solution(s) alma-upgrade-bpftool alma-upgrade-kernel alma-upgrade-kernel-64k alma-upgrade-kernel-64k-core alma-upgrade-kernel-64k-debug alma-upgrade-kernel-64k-debug-core alma-upgrade-kernel-64k-debug-devel alma-upgrade-kernel-64k-debug-devel-matched alma-upgrade-kernel-64k-debug-modules alma-upgrade-kernel-64k-debug-modules-core alma-upgrade-kernel-64k-debug-modules-extra alma-upgrade-kernel-64k-devel alma-upgrade-kernel-64k-devel-matched alma-upgrade-kernel-64k-modules alma-upgrade-kernel-64k-modules-core alma-upgrade-kernel-64k-modules-extra alma-upgrade-kernel-abi-stablelists alma-upgrade-kernel-core alma-upgrade-kernel-cross-headers alma-upgrade-kernel-debug alma-upgrade-kernel-debug-core alma-upgrade-kernel-debug-devel alma-upgrade-kernel-debug-devel-matched alma-upgrade-kernel-debug-modules alma-upgrade-kernel-debug-modules-core alma-upgrade-kernel-debug-modules-extra alma-upgrade-kernel-debug-uki-virt alma-upgrade-kernel-devel alma-upgrade-kernel-devel-matched alma-upgrade-kernel-doc alma-upgrade-kernel-modules alma-upgrade-kernel-modules-core alma-upgrade-kernel-modules-extra alma-upgrade-kernel-rt alma-upgrade-kernel-rt-core alma-upgrade-kernel-rt-debug alma-upgrade-kernel-rt-debug-core alma-upgrade-kernel-rt-debug-devel alma-upgrade-kernel-rt-debug-kvm alma-upgrade-kernel-rt-debug-modules alma-upgrade-kernel-rt-debug-modules-core alma-upgrade-kernel-rt-debug-modules-extra alma-upgrade-kernel-rt-devel alma-upgrade-kernel-rt-kvm alma-upgrade-kernel-rt-modules alma-upgrade-kernel-rt-modules-core alma-upgrade-kernel-rt-modules-extra alma-upgrade-kernel-tools alma-upgrade-kernel-tools-libs alma-upgrade-kernel-tools-libs-devel alma-upgrade-kernel-uki-virt alma-upgrade-kernel-zfcpdump alma-upgrade-kernel-zfcpdump-core alma-upgrade-kernel-zfcpdump-devel alma-upgrade-kernel-zfcpdump-devel-matched alma-upgrade-kernel-zfcpdump-modules alma-upgrade-kernel-zfcpdump-modules-core alma-upgrade-kernel-zfcpdump-modules-extra alma-upgrade-perf alma-upgrade-python3-perf alma-upgrade-rtla References https://attackerkb.com/topics/cve-2023-0461 CVE - 2023-0461 https://errata.almalinux.org/8/ALSA-2023-2736.html https://errata.almalinux.org/8/ALSA-2023-2951.html https://errata.almalinux.org/9/ALSA-2023-2148.html https://errata.almalinux.org/9/ALSA-2023-2458.html

Gentoo Linux: CVE-2022-41723: Go: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/28/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Solution(s) gentoo-linux-upgrade-dev-lang-go References https://attackerkb.com/topics/cve-2022-41723 CVE - 2022-41723 202311-09