ISHACK AI BOT

FreeBSD: VID-3D73E384-AD1F-11ED-983C-83FE35862E3A (CVE-2022-41722): go -- multiple vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 02/22/2023 Added 02/17/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-3D73E384-AD1F-11ED-983C-83FE35862E3A: The Go project reports: path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. The filepath.Clean function will now transform this path into the relative (but still invalid) path .\c:\b. net/http, mime/multipart: denial of service from excessive resource consumption Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. crypto/tls: large handshake records may cause panics Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. net/http: avoid quadratic complexity in HPACK decoding A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Solution(s) freebsd-upgrade-package-go119 freebsd-upgrade-package-go120 References CVE-2022-41722

FreeBSD: VID-3D73E384-AD1F-11ED-983C-83FE35862E3A (CVE-2022-41724): go -- multiple vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/17/2023 Modified 01/28/2025 Description Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below. From VID-3D73E384-AD1F-11ED-983C-83FE35862E3A: The Go project reports: path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. The filepath.Clean function will now transform this path into the relative (but still invalid) path .\c:\b. net/http, mime/multipart: denial of service from excessive resource consumption Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. crypto/tls: large handshake records may cause panics Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. net/http: avoid quadratic complexity in HPACK decoding A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. Solution(s) freebsd-upgrade-package-go119 freebsd-upgrade-package-go120 References CVE-2022-41724

CentOS Linux: CVE-2023-25567: Moderate: gssntlmssp security update (CESA-2023:3097) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0. Solution(s) centos-upgrade-gssntlmssp centos-upgrade-gssntlmssp-debuginfo centos-upgrade-gssntlmssp-debugsource References CVE-2023-25567

CentOS Linux: CVE-2023-25564: Moderate: gssntlmssp security update (CESA-2023:3097) Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 02/14/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0. Solution(s) centos-upgrade-gssntlmssp centos-upgrade-gssntlmssp-debuginfo centos-upgrade-gssntlmssp-debugsource References CVE-2023-25564

FreeBSD: VID-9548D6ED-B1DA-11ED-B0F4-002590F2A714 (CVE-2023-22490): git -- Local clone-based data exfiltration with non-local transports Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 02/23/2023 Added 02/22/2023 Modified 01/28/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. Solution(s) freebsd-upgrade-package-git References CVE-2023-22490

SUSE: CVE-2022-41862: SUSE Linux Security Advisory Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. Solution(s) suse-upgrade-libecpg6 suse-upgrade-libecpg6-32bit suse-upgrade-libpq5 suse-upgrade-libpq5-32bit suse-upgrade-postgresql12 suse-upgrade-postgresql12-contrib suse-upgrade-postgresql12-devel suse-upgrade-postgresql12-docs suse-upgrade-postgresql12-llvmjit suse-upgrade-postgresql12-llvmjit-devel suse-upgrade-postgresql12-plperl suse-upgrade-postgresql12-plpython suse-upgrade-postgresql12-pltcl suse-upgrade-postgresql12-server suse-upgrade-postgresql12-server-devel suse-upgrade-postgresql12-test suse-upgrade-postgresql13 suse-upgrade-postgresql13-contrib suse-upgrade-postgresql13-devel suse-upgrade-postgresql13-docs suse-upgrade-postgresql13-llvmjit suse-upgrade-postgresql13-llvmjit-devel suse-upgrade-postgresql13-plperl suse-upgrade-postgresql13-plpython suse-upgrade-postgresql13-pltcl suse-upgrade-postgresql13-server suse-upgrade-postgresql13-server-devel suse-upgrade-postgresql13-test suse-upgrade-postgresql14 suse-upgrade-postgresql14-contrib suse-upgrade-postgresql14-devel suse-upgrade-postgresql14-docs suse-upgrade-postgresql14-llvmjit suse-upgrade-postgresql14-llvmjit-devel suse-upgrade-postgresql14-plperl suse-upgrade-postgresql14-plpython suse-upgrade-postgresql14-pltcl suse-upgrade-postgresql14-server suse-upgrade-postgresql14-server-devel suse-upgrade-postgresql14-test suse-upgrade-postgresql15 suse-upgrade-postgresql15-contrib suse-upgrade-postgresql15-devel suse-upgrade-postgresql15-docs suse-upgrade-postgresql15-llvmjit suse-upgrade-postgresql15-llvmjit-devel suse-upgrade-postgresql15-plperl suse-upgrade-postgresql15-plpython suse-upgrade-postgresql15-pltcl suse-upgrade-postgresql15-server suse-upgrade-postgresql15-server-devel suse-upgrade-postgresql15-test References https://attackerkb.com/topics/cve-2022-41862 CVE - 2022-41862

Red Hat: CVE-2023-22490: data exfiltration with maliciously crafted repository (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/30/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. Solution(s) redhat-upgrade-git redhat-upgrade-git-all redhat-upgrade-git-core redhat-upgrade-git-core-debuginfo redhat-upgrade-git-core-doc redhat-upgrade-git-credential-libsecret redhat-upgrade-git-credential-libsecret-debuginfo redhat-upgrade-git-daemon redhat-upgrade-git-daemon-debuginfo redhat-upgrade-git-debuginfo redhat-upgrade-git-debugsource redhat-upgrade-git-email redhat-upgrade-git-gui redhat-upgrade-git-instaweb redhat-upgrade-git-subtree redhat-upgrade-git-svn redhat-upgrade-gitk redhat-upgrade-gitweb redhat-upgrade-perl-git redhat-upgrade-perl-git-svn References CVE-2023-22490 RHSA-2023:3245 RHSA-2023:3246 RHSA-2024:0407

Alpine Linux: CVE-2023-25149: Improper Privilege Management Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 02/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run with a locked down `search_path`, allowing malicious users to create functions that would be executed by the telemetry job, leading to privilege escalation. In order to be able to take advantage of this vulnerability, a user would need to be able to create objects in a database and then get a superuser to install TimescaleDB into their database. When TimescaleDB is installed as trusted extension, non-superusers can install the extension without help from a superuser. Version 2.9.3 fixes this issue. As a mitigation, the `search_path` of the user running the telemetry job can be locked down to not include schemas writable by other users. The vulnerability is not exploitable on instances in Timescale Cloud and Managed Service for TimescaleDB due to additional security provisions in place on those platforms. Solution(s) alpine-linux-upgrade-postgresql-timescaledb References https://attackerkb.com/topics/cve-2023-25149 CVE - 2023-25149 https://security.alpinelinux.org/vuln/CVE-2023-25149

Huawei EulerOS: CVE-2023-23934: python-werkzeug security update Severity 3 CVSS (AV:A/AC:M/Au:N/C:N/I:P/A:N) Published 02/14/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/30/2025 Description Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3. Solution(s) huawei-euleros-2_0_sp5-upgrade-python-werkzeug References https://attackerkb.com/topics/cve-2023-23934 CVE - 2023-23934 EulerOS-SA-2023-2167

Microsoft Windows: CVE-2023-21690: Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022858 microsoft-windows-windows_10-1607-kb5022838 microsoft-windows-windows_10-1809-kb5022840 microsoft-windows-windows_10-20h2-kb5022834 microsoft-windows-windows_10-21h2-kb5022834 microsoft-windows-windows_10-22h2-kb5022834 microsoft-windows-windows_11-21h2-kb5022836 microsoft-windows-windows_11-22h2-kb5022845 microsoft-windows-windows_server_2012-kb5022895 microsoft-windows-windows_server_2012_r2-kb5022894 microsoft-windows-windows_server_2016-1607-kb5022838 microsoft-windows-windows_server_2019-1809-kb5022840 microsoft-windows-windows_server_2022-21h2-kb5022842 microsoft-windows-windows_server_2022-22h2-kb5022842 msft-kb5022874-0383d529-d089-4f99-ac79-731e39cee496 msft-kb5022874-6867c9a3-6d5d-4fb0-8483-1050cf1508c9 msft-kb5022874-9c39e57c-7f23-49ee-bf4a-4a5aaa678856 msft-kb5022895-2ab7ff3f-f8a8-4880-8b7b-70240b5bdd3b msft-kb5022895-8d99d9eb-7053-4bb2-aac2-f76d82115692 References https://attackerkb.com/topics/cve-2023-21690 CVE - 2023-21690 https://support.microsoft.com/help/5022834 https://support.microsoft.com/help/5022836 https://support.microsoft.com/help/5022838 https://support.microsoft.com/help/5022840 https://support.microsoft.com/help/5022842 https://support.microsoft.com/help/5022845 https://support.microsoft.com/help/5022858 https://support.microsoft.com/help/5022894 https://support.microsoft.com/help/5022895 https://support.microsoft.com/help/5022899 View more

Microsoft CVE-2023-21710: Microsoft Exchange Server Remote Code Execution Vulnerability Severity 8 CVSS (AV:N/AC:L/Au:M/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Microsoft CVE-2023-21710: Microsoft Exchange Server Remote Code Execution Vulnerability Solution(s) msft-kb5023038-0114c451-a5b6-4e1a-8da5-f20a2bc43f10 References https://attackerkb.com/topics/cve-2023-21710 CVE - 2023-21710 5023038

Alma Linux: CVE-2023-25725: Moderate: haproxy security update (ALSA-2023-1696) Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 02/14/2023 Created 05/05/2023 Added 04/21/2023 Modified 01/30/2025 Description HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. Solution(s) alma-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-25725 CVE - 2023-25725 https://errata.almalinux.org/9/ALSA-2023-1696.html

Alma Linux: CVE-2023-22490: Important: git security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 05/24/2023 Added 05/24/2023 Modified 01/30/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. Solution(s) alma-upgrade-git alma-upgrade-git-all alma-upgrade-git-core alma-upgrade-git-core-doc alma-upgrade-git-credential-libsecret alma-upgrade-git-daemon alma-upgrade-git-email alma-upgrade-git-gui alma-upgrade-git-instaweb alma-upgrade-git-subtree alma-upgrade-git-svn alma-upgrade-gitk alma-upgrade-gitweb alma-upgrade-perl-git alma-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2023-22490 CVE - 2023-22490 https://errata.almalinux.org/8/ALSA-2023-3246.html https://errata.almalinux.org/9/ALSA-2023-3245.html

Alma Linux: CVE-2023-25563: Moderate: gssntlmssp security update (ALSA-2023-3097) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. Version 1.2.0 contains a patch for the out-of-bounds reads. Solution(s) alma-upgrade-gssntlmssp References https://attackerkb.com/topics/cve-2023-25563 CVE - 2023-25563 https://errata.almalinux.org/8/ALSA-2023-3097.html

SUSE: CVE-2023-25567: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0. Solution(s) suse-upgrade-gssntlmssp suse-upgrade-gssntlmssp-devel References https://attackerkb.com/topics/cve-2023-25567 CVE - 2023-25567

Red Hat: CVE-2023-23946: a path outside the working tree can be overwritten with crafted input (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/14/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. Solution(s) redhat-upgrade-git redhat-upgrade-git-all redhat-upgrade-git-core redhat-upgrade-git-core-debuginfo redhat-upgrade-git-core-doc redhat-upgrade-git-credential-libsecret redhat-upgrade-git-credential-libsecret-debuginfo redhat-upgrade-git-daemon redhat-upgrade-git-daemon-debuginfo redhat-upgrade-git-debuginfo redhat-upgrade-git-debugsource redhat-upgrade-git-email redhat-upgrade-git-gui redhat-upgrade-git-instaweb redhat-upgrade-git-subtree redhat-upgrade-git-svn redhat-upgrade-gitk redhat-upgrade-gitweb redhat-upgrade-perl-git redhat-upgrade-perl-git-svn References CVE-2023-23946 RHSA-2023:3245 RHSA-2023:3246 RHSA-2024:0407

Alma Linux: CVE-2023-25566: Moderate: gssntlmssp security update (ALSA-2023-3097) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0. Solution(s) alma-upgrade-gssntlmssp References https://attackerkb.com/topics/cve-2023-25566 CVE - 2023-25566 https://errata.almalinux.org/8/ALSA-2023-3097.html

Joomla!: [20240201] - Core - Insufficient session expiration in MFA management views (CVE-2024-21722) Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 02/14/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/30/2025 Description The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified. Solution(s) joomla-upgrade-3_10_15 joomla-upgrade-4_4_3 joomla-upgrade-5_0_3 References https://attackerkb.com/topics/cve-2024-21722 CVE - 2024-21722 http://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html

Amazon Linux AMI 2: CVE-2023-25725: Security patch for haproxy2 (ALASHAPROXY2-2023-003) Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 02/14/2023 Created 09/28/2023 Added 09/28/2023 Modified 01/30/2025 Description HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. Solution(s) amazon-linux-ami-2-upgrade-haproxy2 amazon-linux-ami-2-upgrade-haproxy2-debuginfo References https://attackerkb.com/topics/cve-2023-25725 AL2/ALASHAPROXY2-2023-003 CVE - 2023-25725

Huawei EulerOS: CVE-2023-22490: git security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/30/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. Solution(s) huawei-euleros-2_0_sp9-upgrade-git huawei-euleros-2_0_sp9-upgrade-git-help huawei-euleros-2_0_sp9-upgrade-perl-git References https://attackerkb.com/topics/cve-2023-22490 CVE - 2023-22490 EulerOS-SA-2023-1866

Red Hat: CVE-2023-25563: multiple out-of-bounds read when decoding NTLM fields (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. Version 1.2.0 contains a patch for the out-of-bounds reads. Solution(s) redhat-upgrade-gssntlmssp redhat-upgrade-gssntlmssp-debuginfo redhat-upgrade-gssntlmssp-debugsource References CVE-2023-25563 RHSA-2023:3097

Huawei EulerOS: CVE-2023-23946: git security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/14/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/28/2025 Description Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. Solution(s) huawei-euleros-2_0_sp10-upgrade-git huawei-euleros-2_0_sp10-upgrade-git-help References https://attackerkb.com/topics/cve-2023-23946 CVE - 2023-23946 EulerOS-SA-2023-1973

Alma Linux: CVE-2023-25565: Moderate: gssntlmssp security update (ALSA-2023-3097) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0. Solution(s) alma-upgrade-gssntlmssp References https://attackerkb.com/topics/cve-2023-25565 CVE - 2023-25565 https://errata.almalinux.org/8/ALSA-2023-3097.html

Amazon Linux AMI 2: CVE-2023-22490: Security patch for git (ALAS-2023-1984) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/30/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. Solution(s) amazon-linux-ami-2-upgrade-git amazon-linux-ami-2-upgrade-git-all amazon-linux-ami-2-upgrade-git-core amazon-linux-ami-2-upgrade-git-core-doc amazon-linux-ami-2-upgrade-git-credential-libsecret amazon-linux-ami-2-upgrade-git-cvs amazon-linux-ami-2-upgrade-git-daemon amazon-linux-ami-2-upgrade-git-debuginfo amazon-linux-ami-2-upgrade-git-email amazon-linux-ami-2-upgrade-git-gui amazon-linux-ami-2-upgrade-git-instaweb amazon-linux-ami-2-upgrade-git-p4 amazon-linux-ami-2-upgrade-git-subtree amazon-linux-ami-2-upgrade-git-svn amazon-linux-ami-2-upgrade-gitk amazon-linux-ami-2-upgrade-gitweb amazon-linux-ami-2-upgrade-perl-git amazon-linux-ami-2-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2023-22490 AL2/ALAS-2023-1984 CVE - 2023-22490

Amazon Linux AMI 2: CVE-2023-23946: Security patch for git (ALAS-2023-1984) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/14/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. Solution(s) amazon-linux-ami-2-upgrade-git amazon-linux-ami-2-upgrade-git-all amazon-linux-ami-2-upgrade-git-core amazon-linux-ami-2-upgrade-git-core-doc amazon-linux-ami-2-upgrade-git-credential-libsecret amazon-linux-ami-2-upgrade-git-cvs amazon-linux-ami-2-upgrade-git-daemon amazon-linux-ami-2-upgrade-git-debuginfo amazon-linux-ami-2-upgrade-git-email amazon-linux-ami-2-upgrade-git-gui amazon-linux-ami-2-upgrade-git-instaweb amazon-linux-ami-2-upgrade-git-p4 amazon-linux-ami-2-upgrade-git-subtree amazon-linux-ami-2-upgrade-git-svn amazon-linux-ami-2-upgrade-gitk amazon-linux-ami-2-upgrade-gitweb amazon-linux-ami-2-upgrade-perl-git amazon-linux-ami-2-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2023-23946 AL2/ALAS-2023-1984 CVE - 2023-23946