ISHACK AI BOT

Oracle Linux: CVE-2023-25563: ELSA-2023-3097:gssntlmssp security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/29/2023 Added 05/25/2023 Modified 12/05/2024 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. Version 1.2.0 contains a patch for the out-of-bounds reads. A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. Multiple out-of-bounds reads occur when decoding NTLM fields and can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of the consistency of the length of internal buffers. Although most applications will error out before accepting a single input buffer of 4GB in length, this issue can happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the application allows tokens greater than 4GB in length, leading to a large, up to 65KB, out-of-bounds read, which could cause a denial of service if it reads from unmapped memory. Solution(s) oracle-linux-upgrade-gssntlmssp References https://attackerkb.com/topics/cve-2023-25563 CVE - 2023-25563 ELSA-2023-3097

Oracle Linux: CVE-2022-27672: ELSA-2023-12256:Unbreakable Enterprise kernel-container security update (IMPORTANT) (Multiple Advisories) Severity 4 CVSS (AV:L/AC:H/Au:S/C:C/I:N/A:N) Published 02/14/2023 Created 05/05/2023 Added 04/18/2023 Modified 01/23/2025 Description When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure. Solution(s) oracle-linux-upgrade-kernel-uek References https://attackerkb.com/topics/cve-2022-27672 CVE - 2022-27672 ELSA-2023-12256 ELSA-2023-12255

OS X update for WebKit (CVE-2023-23529) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Solution(s) apple-osx-upgrade-13_2_1 References https://attackerkb.com/topics/cve-2023-23529 CVE - 2023-23529 https://support.apple.com/kb/HT213633

Gentoo Linux: CVE-2023-23374: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-23374 CVE - 2023-23374 202309-17

Gentoo Linux: CVE-2023-21794: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 02/14/2023 Created 10/03/2023 Added 10/02/2023 Modified 01/28/2025 Description Microsoft Edge (Chromium-based) Spoofing Vulnerability Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-chromium-bin gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-21794 CVE - 2023-21794 202309-17

Red Hat: CVE-2023-25565: incorrect free when decoding target information (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0. Solution(s) redhat-upgrade-gssntlmssp redhat-upgrade-gssntlmssp-debuginfo redhat-upgrade-gssntlmssp-debugsource References CVE-2023-25565 RHSA-2023:3097

Ubuntu: (Multiple Advisories) (CVE-2023-25725): HAProxy vulnerability Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 02/14/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/30/2025 Description HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. Solution(s) ubuntu-pro-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-25725 CVE - 2023-25725 DSA-5348 USN-5869-1 USN-7135-1

OS X update for Shortcuts (CVE-2023-23522) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data. Solution(s) apple-osx-upgrade-13_2_1 References https://attackerkb.com/topics/cve-2023-23522 CVE - 2023-23522 https://support.apple.com/kb/HT213633

Red Hat OpenShift: CVE-2023-25577: python-werkzeug: high resource usage when parsing multipart form data with many fields Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/05/2023 Added 04/06/2023 Modified 01/30/2025 Description Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue. Solution(s) linuxrpm-upgrade-python-werkzeug References https://attackerkb.com/topics/cve-2023-25577 CVE - 2023-25577 RHSA-2023:1018 RHSA-2023:1281 RHSA-2023:1325 RHSA-2023:7341 RHSA-2023:7473

Amazon Linux 2023: CVE-2023-0767: Important priority package update for nss Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. Solution(s) amazon-linux-2023-upgrade-nspr amazon-linux-2023-upgrade-nspr-debuginfo amazon-linux-2023-upgrade-nspr-devel amazon-linux-2023-upgrade-nss amazon-linux-2023-upgrade-nss-debuginfo amazon-linux-2023-upgrade-nss-debugsource amazon-linux-2023-upgrade-nss-devel amazon-linux-2023-upgrade-nss-pkcs11-devel amazon-linux-2023-upgrade-nss-softokn amazon-linux-2023-upgrade-nss-softokn-debuginfo amazon-linux-2023-upgrade-nss-softokn-devel amazon-linux-2023-upgrade-nss-softokn-freebl amazon-linux-2023-upgrade-nss-softokn-freebl-debuginfo amazon-linux-2023-upgrade-nss-softokn-freebl-devel amazon-linux-2023-upgrade-nss-sysinit amazon-linux-2023-upgrade-nss-sysinit-debuginfo amazon-linux-2023-upgrade-nss-tools amazon-linux-2023-upgrade-nss-tools-debuginfo amazon-linux-2023-upgrade-nss-util amazon-linux-2023-upgrade-nss-util-debuginfo amazon-linux-2023-upgrade-nss-util-devel References https://attackerkb.com/topics/cve-2023-0767 CVE - 2023-0767 https://alas.aws.amazon.com/AL2023/ALAS-2023-124.html

Amazon Linux 2023: CVE-2022-27672: Important priority package update for kernel Severity 4 CVSS (AV:L/AC:H/Au:S/C:C/I:N/A:N) Published 02/14/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure. Solution(s) amazon-linux-2023-upgrade-bpftool amazon-linux-2023-upgrade-bpftool-debuginfo amazon-linux-2023-upgrade-kernel amazon-linux-2023-upgrade-kernel-debuginfo amazon-linux-2023-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-2023-upgrade-kernel-debuginfo-common-x86-64 amazon-linux-2023-upgrade-kernel-devel amazon-linux-2023-upgrade-kernel-headers amazon-linux-2023-upgrade-kernel-libbpf amazon-linux-2023-upgrade-kernel-libbpf-devel amazon-linux-2023-upgrade-kernel-libbpf-static amazon-linux-2023-upgrade-kernel-livepatch-6-1-12-17-42 amazon-linux-2023-upgrade-kernel-tools amazon-linux-2023-upgrade-kernel-tools-debuginfo amazon-linux-2023-upgrade-kernel-tools-devel amazon-linux-2023-upgrade-perf amazon-linux-2023-upgrade-perf-debuginfo amazon-linux-2023-upgrade-python3-perf amazon-linux-2023-upgrade-python3-perf-debuginfo References https://attackerkb.com/topics/cve-2022-27672 CVE - 2022-27672 https://alas.aws.amazon.com/AL2023/ALAS-2023-132.html

Debian: CVE-2023-23946: git -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/14/2023 Created 02/24/2023 Added 02/24/2023 Modified 01/28/2025 Description Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. Solution(s) debian-upgrade-git References https://attackerkb.com/topics/cve-2023-23946 CVE - 2023-23946 DSA-5357-1

Huawei EulerOS: CVE-2023-22490: git security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/30/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. Solution(s) huawei-euleros-2_0_sp10-upgrade-git huawei-euleros-2_0_sp10-upgrade-git-help References https://attackerkb.com/topics/cve-2023-22490 CVE - 2023-22490 EulerOS-SA-2023-1973

Huawei EulerOS: CVE-2023-25725: haproxy security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 02/14/2023 Created 07/05/2023 Added 07/05/2023 Modified 01/30/2025 Description HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. Solution(s) huawei-euleros-2_0_sp11-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-25725 CVE - 2023-25725 EulerOS-SA-2023-2293

Huawei EulerOS: CVE-2023-25725: haproxy security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 02/14/2023 Created 05/18/2023 Added 05/18/2023 Modified 01/30/2025 Description HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. Solution(s) huawei-euleros-2_0_sp10-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-25725 CVE - 2023-25725 EulerOS-SA-2023-1976

Oracle Linux: CVE-2023-25728: ELSA-2023-0810:firefox security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/07/2025 Description The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: The `Content-Security-Policy-Report-Only` header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25728 CVE - 2023-25728 ELSA-2023-0810 ELSA-2023-0808 ELSA-2023-0821 ELSA-2023-0812 ELSA-2023-0824 ELSA-2023-0817 View more

Oracle Linux: CVE-2023-25732: ELSA-2023-0810:firefox security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/07/2025 Description When encoding data from an <code>inputStream</code> in <code>xpcom</code> the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: When encoding data from an `inputStream` in `xpcom` the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25732 CVE - 2023-25732 ELSA-2023-0810 ELSA-2023-0808 ELSA-2023-0821 ELSA-2023-0812 ELSA-2023-0824 ELSA-2023-0817 View more

Oracle Linux: CVE-2023-25735: ELSA-2023-0810:firefox security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/07/2025 Description Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25735 CVE - 2023-25735 ELSA-2023-0810 ELSA-2023-0808 ELSA-2023-0821 ELSA-2023-0812 ELSA-2023-0824 ELSA-2023-0817 View more

Oracle Linux: CVE-2023-25577: ELSA-2023-12709: python-werkzeug security update (LOW) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 08/09/2023 Added 08/07/2023 Modified 11/29/2024 Description Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue. A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form, request.files, or request.get_data(parse_form_data=False), it can cause unexpectedly high resource usage, allowing an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests, and if many concurrent requests are sent continuously, this can exhaust or kill all available workers. Solution(s) oracle-linux-upgrade-python3-werkzeug References https://attackerkb.com/topics/cve-2023-25577 CVE - 2023-25577 ELSA-2023-12709

Oracle Linux: CVE-2023-0767: ELSA-2023-0810:firefox security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/07/2025 Description An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-nspr oracle-linux-upgrade-nspr-devel oracle-linux-upgrade-nss oracle-linux-upgrade-nss-devel oracle-linux-upgrade-nss-pkcs11-devel oracle-linux-upgrade-nss-softokn oracle-linux-upgrade-nss-softokn-devel oracle-linux-upgrade-nss-softokn-freebl oracle-linux-upgrade-nss-softokn-freebl-devel oracle-linux-upgrade-nss-sysinit oracle-linux-upgrade-nss-tools oracle-linux-upgrade-nss-util oracle-linux-upgrade-nss-util-devel oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-0767 CVE - 2023-0767 ELSA-2023-0810 ELSA-2023-0808 ELSA-2023-0821 ELSA-2023-0812 ELSA-2023-1332 ELSA-2023-0824 ELSA-2023-1252 ELSA-2023-1368 ELSA-2023-12238 ELSA-2023-0817 View more

Oracle Linux: CVE-2023-0361: ELSA-2023-1141:gnutls security and bug fix update (MODERATE) (Multiple Advisories) Severity 7 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:N) Published 02/14/2023 Created 03/10/2023 Added 03/08/2023 Modified 12/06/2024 Description A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. Solution(s) oracle-linux-upgrade-gnutls oracle-linux-upgrade-gnutls-c oracle-linux-upgrade-gnutls-dane oracle-linux-upgrade-gnutls-devel oracle-linux-upgrade-gnutls-utils References https://attackerkb.com/topics/cve-2023-0361 CVE - 2023-0361 ELSA-2023-1141 ELSA-2023-1569

Oracle Linux: CVE-2023-25739: ELSA-2023-0810:firefox security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/07/2025 Description Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in <code>ScriptLoadContext</code>. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in `ScriptLoadContext`. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25739 CVE - 2023-25739 ELSA-2023-0810 ELSA-2023-0808 ELSA-2023-0821 ELSA-2023-0812 ELSA-2023-0824 ELSA-2023-0817 View more

Oracle Linux: CVE-2023-22490: ELSA-2023-3245:git security update (IMPORTANT) (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 05/24/2023 Added 05/23/2023 Modified 01/07/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link. Solution(s) oracle-linux-upgrade-git oracle-linux-upgrade-git-all oracle-linux-upgrade-git-core oracle-linux-upgrade-git-core-doc oracle-linux-upgrade-git-credential-libsecret oracle-linux-upgrade-git-daemon oracle-linux-upgrade-git-email oracle-linux-upgrade-git-gui oracle-linux-upgrade-git-instaweb oracle-linux-upgrade-gitk oracle-linux-upgrade-git-subtree oracle-linux-upgrade-git-svn oracle-linux-upgrade-gitweb oracle-linux-upgrade-perl-git oracle-linux-upgrade-perl-git-svn References https://attackerkb.com/topics/cve-2023-22490 CVE - 2023-22490 ELSA-2023-3245 ELSA-2023-3246

Oracle Linux: CVE-2023-25743: ELSA-2023-0810:firefox security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/07/2025 Description A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.<br>*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome. *This bug only affects Firefox Focus. Other versions of Firefox are unaffected.* Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25743 CVE - 2023-25743 ELSA-2023-0810 ELSA-2023-0808 ELSA-2023-0821 ELSA-2023-0812 ELSA-2023-0824 ELSA-2023-0817 View more

MFSA2023-05 Firefox: Security Vulnerabilities fixed in Firefox 110 (CVE-2023-25737) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-firefox-upgrade-110_0 References https://attackerkb.com/topics/cve-2023-25737 CVE - 2023-25737 http://www.mozilla.org/security/announce/2023/mfsa2023-05.html