ISHACK AI BOT

pfSense: pfSense-SA-23_05.webgui: Anti-brute force protection bypass Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/15/2023 Created 02/17/2023 Added 02/16/2023 Modified 02/16/2023 Description The authentication system attempts to be informative and print extra information along with IP addresses to completely identify where a user logs in from when they login using the GUI. This includes the authentication source (e.g. local database, LDAP or RADIUS, authentication server name), plus contents of proxy headers X-Forwarded-For and Client-IP to further clarify the exact user location. This extra information is printed after the IP address of the remote user in various places, including log messages for authentication. In the case of GUI login failures, the log entries included the contents of the proxy headers (X-Forwarded-For or Client-IP) submitted by the client. This extra information confused the sshguard authentication log parser which made it fail to recognize the client IP address in authentication error messages. Login protection managed by sshguard, such as preventing brute force attempts, may not be enforced depending on the content of the request headers in GUI authentication attempts, which may allow an attacker to continue GUI login attempts indefinitely. Solution(s) pfsense-upgrade-latest References https://docs.netgate.com/downloads/pfSense-SA-23_05.webgui.asc https://docs.netgate.com/pfsense/en/latest/development/system-patches.html https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html https://redmine.pfsense.org/issues/13574

MFSA2023-07 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.8 (CVE-2023-25742) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/28/2025 Description When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-thunderbird-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-25742 CVE - 2023-25742 http://www.mozilla.org/security/announce/2023/mfsa2023-07.html

MFSA2023-07 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.8 (CVE-2023-25738) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/30/2025 Description Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-thunderbird-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-25738 CVE - 2023-25738 http://www.mozilla.org/security/announce/2023/mfsa2023-07.html

MFSA2023-07 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.8 (CVE-2023-25737) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/15/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/28/2025 Description An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-thunderbird-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-25737 CVE - 2023-25737 http://www.mozilla.org/security/announce/2023/mfsa2023-07.html

MFSA2023-07 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.8 (CVE-2023-25735) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/15/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/28/2025 Description Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-thunderbird-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-25735 CVE - 2023-25735 http://www.mozilla.org/security/announce/2023/mfsa2023-07.html

MFSA2023-07 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.8 (CVE-2023-25734) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 02/15/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/28/2025 Description After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-thunderbird-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-25734 CVE - 2023-25734 http://www.mozilla.org/security/announce/2023/mfsa2023-07.html

MFSA2023-07 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.8 (CVE-2023-25732) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/15/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/28/2025 Description When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-thunderbird-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-25732 CVE - 2023-25732 http://www.mozilla.org/security/announce/2023/mfsa2023-07.html

MFSA2023-07 Thunderbird: Security Vulnerabilities fixed in Thunderbird 102.8 (CVE-2023-25730) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 02/15/2023 Created 02/18/2023 Added 02/17/2023 Modified 01/28/2025 Description A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-thunderbird-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-25730 CVE - 2023-25730 http://www.mozilla.org/security/announce/2023/mfsa2023-07.html

Red Hat: CVE-2023-0361: timing side-channel in the TLS RSA key exchange code (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 02/15/2023 Created 03/10/2023 Added 03/09/2023 Modified 01/28/2025 Description A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. Solution(s) redhat-upgrade-gnutls redhat-upgrade-gnutls-c redhat-upgrade-gnutls-c-debuginfo redhat-upgrade-gnutls-dane redhat-upgrade-gnutls-dane-debuginfo redhat-upgrade-gnutls-debuginfo redhat-upgrade-gnutls-debugsource redhat-upgrade-gnutls-devel redhat-upgrade-gnutls-utils redhat-upgrade-gnutls-utils-debuginfo References CVE-2023-0361 RHSA-2023:1141 RHSA-2023:1200 RHSA-2023:1569 RHSA-2023:3361

Rocky Linux: CVE-2023-24580: Satellite 6.13 Release (RLSA-2023-2097) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. Solution(s) rocky-upgrade-libdb-cxx rocky-upgrade-libdb-cxx-debuginfo rocky-upgrade-libdb-debuginfo rocky-upgrade-libdb-debugsource rocky-upgrade-libdb-sql-debuginfo rocky-upgrade-libdb-sql-devel-debuginfo rocky-upgrade-libdb-utils-debuginfo References https://attackerkb.com/topics/cve-2023-24580 CVE - 2023-24580 https://errata.rockylinux.org/RLSA-2023:2097

Oracle Linux: CVE-2023-0662: ELSA-2023-5927:php:8.0 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/08/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. A vulnerability was found in PHP. This security flaw occurs when the request body parsing in PHP allows any unauthenticated attacker to consume a large amount of CPU time and trigger excessive logging. A large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow the processing of legitimate user requests. The large volume of warning messages can wear down the disk and fill it up. A complete denial of service is achievable by sending many concurrent multipart requests in a loop. PHP parses the request body before invoking any application scripts. This vulnerability affects all PHP websites that accept POST request bodies (post_max_size set to a value greater than zero, the default value is 8MB). Solution(s) oracle-linux-upgrade-apcu-panel oracle-linux-upgrade-libzip oracle-linux-upgrade-libzip-devel oracle-linux-upgrade-libzip-tools oracle-linux-upgrade-php oracle-linux-upgrade-php-bcmath oracle-linux-upgrade-php-cli oracle-linux-upgrade-php-common oracle-linux-upgrade-php-dba oracle-linux-upgrade-php-dbg oracle-linux-upgrade-php-devel oracle-linux-upgrade-php-embedded oracle-linux-upgrade-php-enchant oracle-linux-upgrade-php-ffi oracle-linux-upgrade-php-fpm oracle-linux-upgrade-php-gd oracle-linux-upgrade-php-gmp oracle-linux-upgrade-php-intl oracle-linux-upgrade-php-ldap oracle-linux-upgrade-php-mbstring oracle-linux-upgrade-php-mysqlnd oracle-linux-upgrade-php-odbc oracle-linux-upgrade-php-opcache oracle-linux-upgrade-php-pdo oracle-linux-upgrade-php-pear oracle-linux-upgrade-php-pecl-apcu oracle-linux-upgrade-php-pecl-apcu-devel oracle-linux-upgrade-php-pecl-rrd oracle-linux-upgrade-php-pecl-xdebug3 oracle-linux-upgrade-php-pecl-zip oracle-linux-upgrade-php-pgsql oracle-linux-upgrade-php-process oracle-linux-upgrade-php-snmp oracle-linux-upgrade-php-soap oracle-linux-upgrade-php-xml References https://attackerkb.com/topics/cve-2023-0662 CVE - 2023-0662 ELSA-2023-5927 ELSA-2023-5926 ELSA-2024-0387

Amazon Linux AMI: CVE-2023-20052: Security patch for clamav (ALAS-2023-1694) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 02/15/2023 Created 02/24/2023 Added 02/23/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From ALAS-2023-1694: Possible remote code execution vulnerability in the ClamAV HFS+ file parser. The issue affects ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. (CVE-2023-20032) A possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. (CVE-2023-20052) Solution(s) amazon-linux-upgrade-clamav References ALAS-2023-1694 CVE-2023-20052

Huawei EulerOS: CVE-2023-0361: gnutls security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 02/15/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/28/2025 Description A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. Solution(s) huawei-euleros-2_0_sp11-upgrade-gnutls huawei-euleros-2_0_sp11-upgrade-gnutls-utils References https://attackerkb.com/topics/cve-2023-0361 CVE - 2023-0361 EulerOS-SA-2023-2291

SUSE: CVE-2023-23915: SUSE Linux Security Advisory Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 02/15/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS. Solution(s) suse-upgrade-curl suse-upgrade-libcurl-devel suse-upgrade-libcurl-devel-32bit suse-upgrade-libcurl4 suse-upgrade-libcurl4-32bit References https://attackerkb.com/topics/cve-2023-23915 CVE - 2023-23915

VMware Photon OS: CVE-2023-0361 Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 02/15/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0361 CVE - 2023-0361

pfSense: pfSense-SA-22_05.webgui: XSS vulnerability in the WebGUI Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/15/2023 Created 02/17/2023 Added 02/16/2023 Modified 02/17/2023 Description A Cross-Site Scripting (XSS) vulnerability was found in firewall_aliases.php, a component of the pfSense Plus and pfSense CE software GUI. This problem is present on pfSense Plus version 22.05, pfSense CE version 2.6.0, and earlier versions of both. The page did not sanitize the contents of URL Table Alias URL parameters nor did it encode the output when it included the value of that parameter in the page when viewing the list of aliases on the URL or All tabs, leading to a possible XSS. Due to the lack of proper encoding on the affected parameters susceptible to XSS, arbitrary JavaScript could be executed in the user's browser. The user's session cookie or other information from the session may be compromised. Solution(s) pfsense-upgrade-latest References https://docs.netgate.com/downloads/pfSense-SA-22_05.webgui.asc https://docs.netgate.com/pfsense/en/latest/development/system-patches.html https://docs.netgate.com/pfsense/en/latest/install/upgrade-guide.html https://redmine.pfsense.org/issues/13060

Rocky Linux: CVE-2023-0361: gnutls (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 02/15/2023 Created 03/13/2024 Added 03/12/2024 Modified 01/28/2025 Description A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. Solution(s) rocky-upgrade-gnutls rocky-upgrade-gnutls-c++ rocky-upgrade-gnutls-c++-debuginfo rocky-upgrade-gnutls-dane rocky-upgrade-gnutls-dane-debuginfo rocky-upgrade-gnutls-debuginfo rocky-upgrade-gnutls-debugsource rocky-upgrade-gnutls-devel rocky-upgrade-gnutls-utils rocky-upgrade-gnutls-utils-debuginfo References https://attackerkb.com/topics/cve-2023-0361 CVE - 2023-0361 https://errata.rockylinux.org/RLSA-2023:1141 https://errata.rockylinux.org/RLSA-2023:1569

Amazon Linux AMI: CVE-2023-20032: Security patch for clamav (ALAS-2023-1694) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/15/2023 Created 02/24/2023 Added 02/23/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From ALAS-2023-1694: Possible remote code execution vulnerability in the ClamAV HFS+ file parser. The issue affects ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. (CVE-2023-20032) A possible remote information leak vulnerability in the DMG file parser. The issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. (CVE-2023-20052) Solution(s) amazon-linux-upgrade-clamav References ALAS-2023-1694 CVE-2023-20032

SUSE: CVE-2023-0361: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 02/15/2023 Created 02/23/2023 Added 02/23/2023 Modified 01/28/2025 Description A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. Solution(s) suse-upgrade-gnutls suse-upgrade-gnutls-guile suse-upgrade-libgnutls-devel suse-upgrade-libgnutls-devel-32bit suse-upgrade-libgnutls30 suse-upgrade-libgnutls30-32bit suse-upgrade-libgnutls30-hmac suse-upgrade-libgnutls30-hmac-32bit suse-upgrade-libgnutlsxx-devel suse-upgrade-libgnutlsxx28 References https://attackerkb.com/topics/cve-2023-0361 CVE - 2023-0361

Oracle Linux: CVE-2023-25173: ELSA-2023-6474:podman security, bug fix, and enhancement update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:P) Published 02/15/2023 Created 11/18/2023 Added 11/16/2023 Modified 01/07/2025 Description containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd&apos;s client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `&quot;USER $USERNAME&quot;` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT [&quot;su&quot;, &quot;-&quot;, &quot;user&quot;]` to allow `su` to properly set up supplementary groups. A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases. This issue can allow access to sensitive information or gain the ability to execute code in that container. Solution(s) oracle-linux-upgrade-aardvark-dns oracle-linux-upgrade-buildah oracle-linux-upgrade-buildah-tests oracle-linux-upgrade-cockpit-podman oracle-linux-upgrade-conmon oracle-linux-upgrade-containernetworking-plugins oracle-linux-upgrade-containers-common oracle-linux-upgrade-container-selinux oracle-linux-upgrade-crit oracle-linux-upgrade-criu oracle-linux-upgrade-criu-devel oracle-linux-upgrade-criu-libs oracle-linux-upgrade-crun oracle-linux-upgrade-fuse-overlayfs oracle-linux-upgrade-libslirp oracle-linux-upgrade-libslirp-devel oracle-linux-upgrade-netavark oracle-linux-upgrade-oci-seccomp-bpf-hook oracle-linux-upgrade-podman oracle-linux-upgrade-podman-catatonit oracle-linux-upgrade-podman-docker oracle-linux-upgrade-podman-gvproxy oracle-linux-upgrade-podman-plugins oracle-linux-upgrade-podman-remote oracle-linux-upgrade-podman-tests oracle-linux-upgrade-python3-criu oracle-linux-upgrade-python3-podman oracle-linux-upgrade-runc oracle-linux-upgrade-skopeo oracle-linux-upgrade-skopeo-tests oracle-linux-upgrade-slirp4netns oracle-linux-upgrade-udica References https://attackerkb.com/topics/cve-2023-25173 CVE - 2023-25173 ELSA-2023-6474 ELSA-2023-6473 ELSA-2023-6939

SUSE: CVE-2023-23916: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. Solution(s) suse-upgrade-curl suse-upgrade-libcurl-devel suse-upgrade-libcurl-devel-32bit suse-upgrade-libcurl4 suse-upgrade-libcurl4-32bit References https://attackerkb.com/topics/cve-2023-23916 CVE - 2023-23916 DSA-5365

Oracle Linux: CVE-2023-26545: ELSA-2023-7077:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:S/C:N/I:N/A:C) Published 02/15/2023 Created 05/05/2023 Added 05/03/2023 Modified 01/23/2025 Description In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. A double-free flaw was found in the Linux kernel when the MPLS implementation handled sysctl allocation failures. This issue could allow a local user to cause a denial of service or possibly execute arbitrary code. Solution(s) oracle-linux-upgrade-kernel oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2023-26545 CVE - 2023-26545 ELSA-2023-7077 ELSA-2023-12323 ELSA-2023-6583

Oracle Linux: CVE-2023-23916: ELSA-2023-1140:curl security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 03/10/2023 Added 03/08/2023 Modified 01/07/2025 Description An allocation of resources without limits or throttling vulnerability exists in curl &lt;v7.88.0 based on the &quot;chained&quot; HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable &quot;links&quot; in this &quot;decompression chain&quot; wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a &quot;malloc bomb&quot;, making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors. Solution(s) oracle-linux-upgrade-curl oracle-linux-upgrade-curl-minimal oracle-linux-upgrade-libcurl oracle-linux-upgrade-libcurl-devel oracle-linux-upgrade-libcurl-minimal References https://attackerkb.com/topics/cve-2023-23916 CVE - 2023-23916 ELSA-2023-1140 ELSA-2023-1701

Oracle Linux: CVE-2023-26966: ELSA-2023-6575:libtiff security update (MODERATE) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 02/15/2023 Created 11/18/2023 Added 11/16/2023 Modified 11/22/2024 Description libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-26966 CVE - 2023-26966 ELSA-2023-6575

Oracle Linux: CVE-2023-0568: ELSA-2023-5927:php:8.0 security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 02/15/2023 Created 10/24/2023 Added 10/23/2023 Modified 01/08/2025 Description In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths with lengths close to the system MAXPATHLEN setting may lead to the byte after the allocated buffer being overwritten with a NULL value, which might lead to unauthorized data access or modification. Solution(s) oracle-linux-upgrade-apcu-panel oracle-linux-upgrade-libzip oracle-linux-upgrade-libzip-devel oracle-linux-upgrade-libzip-tools oracle-linux-upgrade-php oracle-linux-upgrade-php-bcmath oracle-linux-upgrade-php-cli oracle-linux-upgrade-php-common oracle-linux-upgrade-php-dba oracle-linux-upgrade-php-dbg oracle-linux-upgrade-php-devel oracle-linux-upgrade-php-embedded oracle-linux-upgrade-php-enchant oracle-linux-upgrade-php-ffi oracle-linux-upgrade-php-fpm oracle-linux-upgrade-php-gd oracle-linux-upgrade-php-gmp oracle-linux-upgrade-php-intl oracle-linux-upgrade-php-json oracle-linux-upgrade-php-ldap oracle-linux-upgrade-php-mbstring oracle-linux-upgrade-php-mysqlnd oracle-linux-upgrade-php-odbc oracle-linux-upgrade-php-opcache oracle-linux-upgrade-php-pdo oracle-linux-upgrade-php-pear oracle-linux-upgrade-php-pecl-apcu oracle-linux-upgrade-php-pecl-apcu-devel oracle-linux-upgrade-php-pecl-rrd oracle-linux-upgrade-php-pecl-xdebug oracle-linux-upgrade-php-pecl-xdebug3 oracle-linux-upgrade-php-pecl-zip oracle-linux-upgrade-php-pgsql oracle-linux-upgrade-php-process oracle-linux-upgrade-php-snmp oracle-linux-upgrade-php-soap oracle-linux-upgrade-php-xml oracle-linux-upgrade-php-xmlrpc References https://attackerkb.com/topics/cve-2023-0568 CVE - 2023-0568 ELSA-2023-5927 ELSA-2023-5926 ELSA-2024-0387 ELSA-2024-10952