ISHACK AI BOT

MFSA2023-06 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.8 (CVE-2023-25730) Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 02/14/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/28/2025 Description A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-firefox-esr-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-25730 CVE - 2023-25730 http://www.mozilla.org/security/announce/2023/mfsa2023-06.html

MFSA2023-06 Firefox: Security Vulnerabilities fixed in Firefox ESR 102.8 (CVE-2023-25728) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 02/17/2023 Added 02/16/2023 Modified 01/30/2025 Description The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. Solution(s) mozilla-firefox-esr-upgrade-102_8 References https://attackerkb.com/topics/cve-2023-25728 CVE - 2023-25728 http://www.mozilla.org/security/announce/2023/mfsa2023-06.html

CentOS Linux: CVE-2023-23946: Important: git security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 02/14/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. Solution(s) centos-upgrade-git centos-upgrade-git-all centos-upgrade-git-core centos-upgrade-git-core-debuginfo centos-upgrade-git-core-doc centos-upgrade-git-credential-libsecret centos-upgrade-git-credential-libsecret-debuginfo centos-upgrade-git-daemon centos-upgrade-git-daemon-debuginfo centos-upgrade-git-debuginfo centos-upgrade-git-debugsource centos-upgrade-git-email centos-upgrade-git-gui centos-upgrade-git-instaweb centos-upgrade-git-subtree centos-upgrade-git-svn centos-upgrade-gitk centos-upgrade-gitweb centos-upgrade-perl-git centos-upgrade-perl-git-svn References CVE-2023-23946

Debian: CVE-2023-25565: gss-ntlmssp -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0. Solution(s) debian-upgrade-gss-ntlmssp References https://attackerkb.com/topics/cve-2023-25565 CVE - 2023-25565

CentOS Linux: CVE-2023-25563: Moderate: gssntlmssp security update (CESA-2023:3097) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of internal buffers. Although most applications will error out before accepting a singe input buffer of 4GB in length this could theoretically happen. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point if the application allows tokens greater than 4GB in length. This can lead to a large, up to 65KB, out-of-bounds read which could cause a denial-of-service if it reads from unmapped memory. Version 1.2.0 contains a patch for the out-of-bounds reads. Solution(s) centos-upgrade-gssntlmssp centos-upgrade-gssntlmssp-debuginfo centos-upgrade-gssntlmssp-debugsource References CVE-2023-25563

CentOS Linux: CVE-2023-22490: Important: git security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 02/14/2023 Created 05/23/2023 Added 05/23/2023 Modified 01/28/2025 Description Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim's filesystem within the malicious repository's working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. Solution(s) centos-upgrade-git centos-upgrade-git-all centos-upgrade-git-core centos-upgrade-git-core-debuginfo centos-upgrade-git-core-doc centos-upgrade-git-credential-libsecret centos-upgrade-git-credential-libsecret-debuginfo centos-upgrade-git-daemon centos-upgrade-git-daemon-debuginfo centos-upgrade-git-debuginfo centos-upgrade-git-debugsource centos-upgrade-git-email centos-upgrade-git-gui centos-upgrade-git-instaweb centos-upgrade-git-subtree centos-upgrade-git-svn centos-upgrade-gitk centos-upgrade-gitweb centos-upgrade-perl-git centos-upgrade-perl-git-svn References CVE-2023-22490

CentOS Linux: CVE-2023-25565: Moderate: gssntlmssp security update (CESA-2023:3097) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/14/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, an incorrect free when decoding target information can trigger a denial of service. The error condition incorrectly assumes the `cb` and `sh` buffers contain a copy of the data that needs to be freed. However, that is not the case. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This will likely trigger an assertion failure in `free`, causing a denial-of-service. This issue is fixed in version 1.2.0. Solution(s) centos-upgrade-gssntlmssp centos-upgrade-gssntlmssp-debuginfo centos-upgrade-gssntlmssp-debugsource References CVE-2023-25565

CentOS Linux: CVE-2023-25725: Moderate: haproxy security update (CESA-2023:1696) Severity 9 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:C) Published 02/14/2023 Created 05/05/2023 Added 04/12/2023 Modified 01/28/2025 Description HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31. Solution(s) centos-upgrade-haproxy centos-upgrade-haproxy-debuginfo centos-upgrade-haproxy-debugsource References DSA-5348 CVE-2023-25725

Amazon Linux AMI 2: CVE-2023-0804: Security patch for compat-libtiff3, libtiff (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/21/2023 Added 09/21/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) amazon-linux-ami-2-upgrade-compat-libtiff3 amazon-linux-ami-2-upgrade-compat-libtiff3-debuginfo amazon-linux-ami-2-upgrade-libtiff amazon-linux-ami-2-upgrade-libtiff-debuginfo amazon-linux-ami-2-upgrade-libtiff-devel amazon-linux-ami-2-upgrade-libtiff-static amazon-linux-ami-2-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0804 AL2/ALAS-2023-2235 AL2/ALAS-2023-2236 CVE - 2023-0804

CentOS Linux: CVE-2023-0803: Moderate: libtiff security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) centos-upgrade-libtiff centos-upgrade-libtiff-debuginfo centos-upgrade-libtiff-debugsource centos-upgrade-libtiff-devel centos-upgrade-libtiff-tools-debuginfo References DSA-5361 CVE-2023-0803

Oracle Linux: CVE-2023-23529: ELSA-2023-0903:webkit2gtk3 security update (IMPORTANT) (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/13/2023 Created 02/24/2023 Added 02/23/2023 Modified 02/14/2025 Description A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. A vulnerability was found in WebKitGTK. This issue occurs when processing maliciously crafted web content in WebKit. This may, in theory, allow a remote attacker to create a specially crafted web page, trick the victim into opening it, trigger type confusion, and execute arbitrary code on the target system. Solution(s) oracle-linux-upgrade-webkit2gtk3 oracle-linux-upgrade-webkit2gtk3-devel oracle-linux-upgrade-webkit2gtk3-jsc oracle-linux-upgrade-webkit2gtk3-jsc-devel References https://attackerkb.com/topics/cve-2023-23529 CVE - 2023-23529 ELSA-2023-0903 ELSA-2023-0902

Debian: CVE-2023-0804: tiff -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 02/23/2023 Added 02/23/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) debian-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0804 CVE - 2023-0804 DLA-3333-1 DSA-5361

Debian: CVE-2023-0803: tiff -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 02/23/2023 Added 02/23/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) debian-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0803 CVE - 2023-0803 DLA-3333-1 DSA-5361

Huawei EulerOS: CVE-2023-0800: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 05/10/2023 Added 05/10/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp9-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-0800 CVE - 2023-0800 EulerOS-SA-2023-1874

Debian: CVE-2023-0796: tiff -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 02/23/2023 Added 02/23/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) debian-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0796 CVE - 2023-0796 DLA-3333-1 DSA-5361

Debian: CVE-2023-0795: tiff -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 02/23/2023 Added 02/23/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) debian-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0795 CVE - 2023-0795 DLA-3333-1 DSA-5361

Debian: CVE-2023-0819: gpac -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/13/2023 Created 05/29/2023 Added 05/29/2023 Modified 01/28/2025 Description Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. Solution(s) debian-upgrade-gpac References https://attackerkb.com/topics/cve-2023-0819 CVE - 2023-0819 DSA-5411 DSA-5411-1

Debian: CVE-2023-0797: tiff -- security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 02/23/2023 Added 02/23/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) debian-upgrade-tiff References https://attackerkb.com/topics/cve-2023-0797 CVE - 2023-0797 DLA-3333-1 DSA-5361

Huawei EulerOS: CVE-2023-0800: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp5-upgrade-libtiff huawei-euleros-2_0_sp5-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0800 CVE - 2023-0800 EulerOS-SA-2023-2157

VMware Photon OS: CVE-2023-0801 Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/13/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0801 CVE - 2023-0801

Huawei EulerOS: CVE-2023-0802: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. Solution(s) huawei-euleros-2_0_sp5-upgrade-libtiff huawei-euleros-2_0_sp5-upgrade-libtiff-devel References https://attackerkb.com/topics/cve-2023-0802 CVE - 2023-0802 EulerOS-SA-2023-2157

VMware Photon OS: CVE-2023-0796 Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:N/A:C) Published 02/13/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-0796 CVE - 2023-0796

Red Hat: CVE-2023-0795: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) redhat-upgrade-libtiff redhat-upgrade-libtiff-debuginfo redhat-upgrade-libtiff-debugsource redhat-upgrade-libtiff-devel redhat-upgrade-libtiff-tools redhat-upgrade-libtiff-tools-debuginfo References CVE-2023-0795 RHSA-2023:3711

Red Hat: CVE-2023-0798: out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c (Multiple Advisories) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 06/23/2023 Added 06/22/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) redhat-upgrade-libtiff redhat-upgrade-libtiff-debuginfo redhat-upgrade-libtiff-debugsource redhat-upgrade-libtiff-devel redhat-upgrade-libtiff-tools redhat-upgrade-libtiff-tools-debuginfo References CVE-2023-0798 RHSA-2023:3711

Amazon Linux AMI: CVE-2023-0796: Security patch for libtiff (ALAS-2023-1830) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 02/13/2023 Created 09/28/2023 Added 09/26/2023 Modified 01/28/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. Solution(s) amazon-linux-upgrade-libtiff References ALAS-2023-1830 CVE-2023-0796