ISHACK AI BOT

Oracle Linux: CVE-2023-25565: ELSA-2023-3097:gssntlmssp security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/29/2023 Added 05/25/2023 Modified 12/05/2024 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0. A flaw was found in GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication. An incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue will likely trigger an assertion failure in `free,` causing a denial of service. Solution(s) oracle-linux-upgrade-gssntlmssp References https://attackerkb.com/topics/cve-2023-25565 CVE - 2023-25565 ELSA-2023-3097

Microsoft Windows: CVE-2023-21694: Windows Fax Service Remote Code Execution Vulnerability Severity 7 CVSS (AV:A/AC:L/Au:M/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Windows Fax Service Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022858 microsoft-windows-windows_10-1607-kb5022838 microsoft-windows-windows_10-1809-kb5022840 microsoft-windows-windows_10-20h2-kb5022834 microsoft-windows-windows_10-21h2-kb5022834 microsoft-windows-windows_10-22h2-kb5022834 microsoft-windows-windows_11-21h2-kb5022836 microsoft-windows-windows_11-22h2-kb5022845 microsoft-windows-windows_server_2012-kb5022895 microsoft-windows-windows_server_2012_r2-kb5022894 microsoft-windows-windows_server_2016-1607-kb5022838 microsoft-windows-windows_server_2019-1809-kb5022840 microsoft-windows-windows_server_2022-21h2-kb5022842 microsoft-windows-windows_server_2022-22h2-kb5022842 msft-kb5022874-0383d529-d089-4f99-ac79-731e39cee496 msft-kb5022874-6867c9a3-6d5d-4fb0-8483-1050cf1508c9 msft-kb5022874-9c39e57c-7f23-49ee-bf4a-4a5aaa678856 msft-kb5022893-aba4c4cf-b18c-4cfd-af57-357b60f198b2 msft-kb5022893-de95c542-b326-4146-9cc2-d47b66e6556f msft-kb5022895-2ab7ff3f-f8a8-4880-8b7b-70240b5bdd3b msft-kb5022895-8d99d9eb-7053-4bb2-aac2-f76d82115692 References https://attackerkb.com/topics/cve-2023-21694 CVE - 2023-21694 https://support.microsoft.com/help/5022834 https://support.microsoft.com/help/5022836 https://support.microsoft.com/help/5022838 https://support.microsoft.com/help/5022840 https://support.microsoft.com/help/5022842 https://support.microsoft.com/help/5022845 https://support.microsoft.com/help/5022858 https://support.microsoft.com/help/5022894 https://support.microsoft.com/help/5022895 https://support.microsoft.com/help/5022899 View more

Oracle Linux: CVE-2023-25737: ELSA-2023-0810:firefox security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/07/2025 Description An invalid downcast from <code>nsTextNode</code> to <code>SVGElement</code> could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: An invalid downcast from `nsTextNode` to `SVGElement` could have lead to undefined behavior. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25737 CVE - 2023-25737 ELSA-2023-0810 ELSA-2023-0808 ELSA-2023-0821 ELSA-2023-0812 ELSA-2023-0824 ELSA-2023-0817 View more

Alpine Linux: CVE-2023-23946: Path Traversal Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:C/A:N) Published 02/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. Solution(s) alpine-linux-upgrade-git References https://attackerkb.com/topics/cve-2023-23946 CVE - 2023-23946 https://security.alpinelinux.org/vuln/CVE-2023-23946

Rocky Linux: CVE-2023-22490: git (RLSA-2023-3246) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/30/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. Solution(s) rocky-upgrade-git rocky-upgrade-git-core rocky-upgrade-git-core-debuginfo rocky-upgrade-git-credential-libsecret rocky-upgrade-git-credential-libsecret-debuginfo rocky-upgrade-git-daemon rocky-upgrade-git-daemon-debuginfo rocky-upgrade-git-debuginfo rocky-upgrade-git-debugsource rocky-upgrade-git-subtree References https://attackerkb.com/topics/cve-2023-22490 CVE - 2023-22490 https://errata.rockylinux.org/RLSA-2023:3246

Oracle Linux: CVE-2023-25746: ELSA-2023-0810:firefox security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/07/2025 Description Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8. The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Solution(s) oracle-linux-upgrade-firefox oracle-linux-upgrade-firefox-x11 oracle-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2023-25746 CVE - 2023-25746 ELSA-2023-0810 ELSA-2023-0808 ELSA-2023-0821 ELSA-2023-0812 ELSA-2023-0824 ELSA-2023-0817 View more

Adobe Animate: CVE-2023-22243: Security updates available for Adobe Animate (APSB23-15) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2023-22243 CVE - 2023-22243 https://helpx.adobe.com/security/products/animate/apsb23-15.html

Adobe Animate: CVE-2023-22236: Security updates available for Adobe Animate (APSB23-15) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/08/2025 Description Adobe has released an update for Adobe Animate. This update resolves critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Solution(s) adobe-animate-upgrade-latest References https://attackerkb.com/topics/cve-2023-22236 CVE - 2023-22236 https://helpx.adobe.com/security/products/animate/apsb23-15.html

Alpine Linux: CVE-2022-27672: Vulnerability in Multiple Components Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 02/14/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. Solution(s) alpine-linux-upgrade-xen References https://attackerkb.com/topics/cve-2022-27672 CVE - 2022-27672 https://security.alpinelinux.org/vuln/CVE-2022-27672

Red Hat: CVE-2023-25567: out-of-bounds read when decoding target information (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements NTLM authentication, has an out-of-bounds read when decoding target information prior to version 1.2.0. The length of the `av_pair` is not checked properly for two of the elements which can trigger an out-of-bound read. The out-of-bounds read can be triggered via the main `gss_accept_sec_context` entry point and could cause a denial-of-service if the memory is unmapped. The issue is fixed in version 1.2.0. Solution(s) redhat-upgrade-gssntlmssp redhat-upgrade-gssntlmssp-debuginfo redhat-upgrade-gssntlmssp-debugsource References CVE-2023-25567 RHSA-2023:3097

SUSE: CVE-2023-23946: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/14/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. Solution(s) suse-upgrade-git suse-upgrade-git-arch suse-upgrade-git-core suse-upgrade-git-credential-gnome-keyring suse-upgrade-git-credential-libsecret suse-upgrade-git-cvs suse-upgrade-git-daemon suse-upgrade-git-doc suse-upgrade-git-email suse-upgrade-git-gui suse-upgrade-git-p4 suse-upgrade-git-svn suse-upgrade-git-web suse-upgrade-gitk suse-upgrade-perl-git References https://attackerkb.com/topics/cve-2023-23946 CVE - 2023-23946

Microsoft Windows: CVE-2023-21693: Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Severity 6 CVSS (AV:N/AC:M/Au:S/C:C/I:N/A:N) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5022858 microsoft-windows-windows_10-1607-kb5022838 microsoft-windows-windows_10-1809-kb5022840 microsoft-windows-windows_10-20h2-kb5022834 microsoft-windows-windows_10-21h2-kb5022834 microsoft-windows-windows_10-22h2-kb5022834 microsoft-windows-windows_11-21h2-kb5022836 microsoft-windows-windows_11-22h2-kb5022845 microsoft-windows-windows_server_2012-kb5022895 microsoft-windows-windows_server_2012_r2-kb5022894 microsoft-windows-windows_server_2016-1607-kb5022838 microsoft-windows-windows_server_2019-1809-kb5022840 microsoft-windows-windows_server_2022-21h2-kb5022842 microsoft-windows-windows_server_2022-22h2-kb5022842 msft-kb5022874-0383d529-d089-4f99-ac79-731e39cee496 msft-kb5022874-6867c9a3-6d5d-4fb0-8483-1050cf1508c9 msft-kb5022874-9c39e57c-7f23-49ee-bf4a-4a5aaa678856 msft-kb5022893-aba4c4cf-b18c-4cfd-af57-357b60f198b2 msft-kb5022893-de95c542-b326-4146-9cc2-d47b66e6556f msft-kb5022895-2ab7ff3f-f8a8-4880-8b7b-70240b5bdd3b msft-kb5022895-8d99d9eb-7053-4bb2-aac2-f76d82115692 References https://attackerkb.com/topics/cve-2023-21693 CVE - 2023-21693 https://support.microsoft.com/help/5022834 https://support.microsoft.com/help/5022836 https://support.microsoft.com/help/5022838 https://support.microsoft.com/help/5022840 https://support.microsoft.com/help/5022842 https://support.microsoft.com/help/5022845 https://support.microsoft.com/help/5022858 https://support.microsoft.com/help/5022894 https://support.microsoft.com/help/5022895 https://support.microsoft.com/help/5022899 View more

Microsoft CVE-2023-21808: .NET and Visual Studio Remote Code Execution Vulnerability Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Microsoft CVE-2023-21808: .NET and Visual Studio Remote Code Execution Vulnerability Solution(s) msft-kb5022497-6d020686-c508-45f5-8efa-67900385e011 msft-kb5022498-00f31f7b-7b7d-437f-a0fe-d4faaf63a5b6 msft-kb5022498-1d2ee15c-b29c-4147-85f6-e90456822a94 msft-kb5022498-58f9f4f7-a9be-4548-85e8-bf13afe2a0a5 msft-kb5022498-8400d00d-19f6-4216-a407-3c43ee1728ef msft-kb5022498-d63ae2da-6431-4deb-aef9-b876c16397d0 msft-kb5022498-f9c293b5-e320-461b-a813-6066a632d9e1 msft-kb5022499-d28fb33d-f0de-418a-aad8-45b5759d3f84 msft-kb5022501-aea1e2e8-ea83-4918-86c6-03fd014adf83 msft-kb5022502-7d2c9de9-ce00-43e0-8b04-e4ba88693b36 msft-kb5022502-860090fc-0452-47d8-88cc-ed26e2670a4f msft-kb5022502-a14e00a0-eef8-412b-a762-907dd664e128 msft-kb5022502-a23eed6a-746a-49dd-9626-87793362f0b6 msft-kb5022502-ab0c4bb5-de73-4a83-a84d-47168150be7d msft-kb5022502-eb8bd4a5-aa4c-43ef-aa97-7fc20b9890b6 msft-kb5022503-305d5564-65bb-4ad1-a9e4-34c6a25e0625 msft-kb5022503-5a80eff9-a7a1-48ea-b36e-f07ce5a4a718 msft-kb5022503-9356c643-7b1f-41f3-ac06-4a35cba1bcf1 msft-kb5022504-0d8b3b79-da0f-4c9a-a679-31742f02fc06 msft-kb5022504-194546bc-0f7f-49e7-b1a4-743d9fb81109 msft-kb5022504-ac38d7eb-6aac-4ded-b26a-a39f9dc3b4d9 msft-kb5022505-a5f878c9-7ad2-46cd-9ea3-746b96d8fb47 msft-kb5022507-395fb12c-6796-4d48-a2b0-70781a20eb09 msft-kb5022507-84d1247d-8751-40b1-a7f1-471630bfbcd9 msft-kb5022511-4fd46228-2d14-4d40-901c-faad97b44cbf msft-kb5022511-a5a4f6ce-531e-4c66-8e5b-d6fdb05c415f msft-kb5022511-cdf68425-e213-492d-8e7c-6e4ebef970ae msft-kb5022514-05285446-3b5e-4c10-9604-bc9d02b1a62d msft-kb5022514-c89c3ef1-a592-41e3-a1ba-7a1f50d934aa msft-kb5022514-cfdf42e4-b712-4bf7-88bb-a49e10b5cbd2 msft-kb5022516-b57383b8-10e2-45db-afdf-53e3ba4fe3fa msft-kb5022520-73d27028-46f1-454b-89c2-6cba2574c131 msft-kb5022520-8f5e0de5-6f7c-4202-b803-99a61a472341 msft-kb5022520-f207d705-1b00-4a82-9a36-0c218f7ac52e msft-kb5022522-47ea7cec-a5c3-4de5-8d35-1ec239f68b7b msft-kb5022522-64f23a77-c228-4808-86d6-79836bb7ded5 msft-kb5022522-c545084a-3455-4e52-8d88-9e8ecb2bf72c msft-kb5022524-0f93a69c-9ebb-447f-90ca-190a5deb1724 msft-kb5022524-9b1e863a-7c81-429e-8a88-02c17357bade msft-kb5022524-f6927d6d-6e20-49a3-92ac-cccb55508984 msft-kb5022526-025c6c07-bc8d-498d-a8b6-f0bfac3fef2b msft-kb5022526-0d18607a-8a39-4594-9ce5-ebf7f81b0396 msft-kb5022526-2883eb13-fd1a-421a-b2fc-a5ab3e83a485 msft-kb5022526-3fdb10d7-44b0-4294-be58-fc4cd4e057d1 msft-kb5022526-72d5fb7a-90a5-4909-a64a-820e814f1c1d msft-kb5022858-7489781f-ed1f-4b46-b96f-1088998ff21e msft-kb5022858-f0ca2704-af5f-4d60-961e-a7acc237d503 References https://attackerkb.com/topics/cve-2023-21808 CVE - 2023-21808 5022497 5022498 5022499 5022501 5022502 5022503 5022504 5022505 5022506 5022507 5022508 5022509 5022511 5022512 5022513 5022514 5022515 5022516 5022520 5022522 5022524 5022526 5022727 5022728 5022729 5022730 5022731 5022732 5022733 5022734 5022735 5022782 5022783 5022784 5022785 5022786 5022838 5022858 5023286 5023288 View more

Debian: CVE-2023-25564: gss-ntlmssp -- security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 02/14/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0. Solution(s) debian-upgrade-gss-ntlmssp References https://attackerkb.com/topics/cve-2023-25564 CVE - 2023-25564

Microsoft CVE-2023-21717: Microsoft SharePoint Server Elevation of Privilege Vulnerability Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 02/14/2023 Created 02/15/2023 Added 02/14/2023 Modified 01/28/2025 Description Microsoft CVE-2023-21717: Microsoft SharePoint Server Elevation of Privilege Vulnerability Solution(s) msft-kb5002347-17baa5cb-a4de-47b8-9852-4bfec9d18e28 References https://attackerkb.com/topics/cve-2023-21717 CVE - 2023-21717 5002312 5002325 5002330 5002342 5002347 5002350 5002353 View more

SUSE: CVE-2023-25565: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0. Solution(s) suse-upgrade-gssntlmssp suse-upgrade-gssntlmssp-devel References https://attackerkb.com/topics/cve-2023-25565 CVE - 2023-25565

SUSE: CVE-2023-25564: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0. Solution(s) suse-upgrade-gssntlmssp suse-upgrade-gssntlmssp-devel References https://attackerkb.com/topics/cve-2023-25564 CVE - 2023-25564

VMware Photon OS: CVE-2023-25725 Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 02/14/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-25725 CVE - 2023-25725

SUSE: CVE-2023-25566: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, a memory leak can be triggered when parsing usernames which can trigger a denial-of-service. The domain portion of a username may be overridden causing an allocated memory area the size of the domain name to be leaked. An attacker can leak memory via the main `gss_accept_sec_context` entry point, potentially causing a denial-of-service. This issue is fixed in version 1.2.0. Solution(s) suse-upgrade-gssntlmssp suse-upgrade-gssntlmssp-devel References https://attackerkb.com/topics/cve-2023-25566 CVE - 2023-25566

MFSA2023-05 Firefox: Security Vulnerabilities fixed in Firefox 110 (CVE-2023-25729) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description Permission prompts for opening external schemes were only shown for <code>ContentPrincipals</code> resulting in extensions being able to open them without user interaction via <code>ExpandedPrincipals</code>. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-firefox-upgrade-110_0 References https://attackerkb.com/topics/cve-2023-25729 CVE - 2023-25729 http://www.mozilla.org/security/announce/2023/mfsa2023-05.html

SUSE: CVE-2023-22490: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. Solution(s) suse-upgrade-git suse-upgrade-git-arch suse-upgrade-git-core suse-upgrade-git-credential-gnome-keyring suse-upgrade-git-credential-libsecret suse-upgrade-git-cvs suse-upgrade-git-daemon suse-upgrade-git-doc suse-upgrade-git-email suse-upgrade-git-gui suse-upgrade-git-p4 suse-upgrade-git-svn suse-upgrade-git-web suse-upgrade-gitk suse-upgrade-perl-git References https://attackerkb.com/topics/cve-2023-22490 CVE - 2023-22490

MFSA2023-05 Firefox: Security Vulnerabilities fixed in Firefox 110 (CVE-2023-0767) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-firefox-upgrade-110_0 References https://attackerkb.com/topics/cve-2023-0767 CVE - 2023-0767 http://www.mozilla.org/security/announce/2023/mfsa2023-05.html

MFSA2023-05 Firefox: Security Vulnerabilities fixed in Firefox 110 (CVE-2023-25740) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 02/14/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description After downloading a Windows <code>.scf</code> script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110. Solution(s) mozilla-firefox-upgrade-110_0 References https://attackerkb.com/topics/cve-2023-25740 CVE - 2023-25740 http://www.mozilla.org/security/announce/2023/mfsa2023-05.html

MFSA2023-05 Firefox: Security Vulnerabilities fixed in Firefox 110 (CVE-2023-25734) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:N) Published 02/14/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.<br>*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-firefox-upgrade-110_0 References https://attackerkb.com/topics/cve-2023-25734 CVE - 2023-25734 http://www.mozilla.org/security/announce/2023/mfsa2023-05.html

Debian: CVE-2023-25563: gss-ntlmssp -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. Version 1.2.0 contains a patch for the out-of-bounds reads. Solution(s) debian-upgrade-gss-ntlmssp References https://attackerkb.com/topics/cve-2023-25563 CVE - 2023-25563