ISHACK AI BOT

Oracle Linux: CVE-2023-0803: ELSA-2023-3711:libtiff security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/12/2023 Created 06/23/2023 Added 06/22/2023 Modified 12/06/2024 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0803 CVE - 2023-0803 ELSA-2023-3711 ELSA-2023-5353

Oracle Linux: CVE-2023-0796: ELSA-2023-3711:libtiff security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:N/A:C) Published 02/12/2023 Created 06/23/2023 Added 06/22/2023 Modified 11/30/2024 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0796 CVE - 2023-0796 ELSA-2023-3711

Oracle Linux: CVE-2023-0801: ELSA-2023-3711:libtiff security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/12/2023 Created 06/23/2023 Added 06/22/2023 Modified 12/06/2024 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0801 CVE - 2023-0801 ELSA-2023-3711 ELSA-2023-5353

Oracle Linux: CVE-2023-1079: ELSA-2023-7077:kernel security, bug fix, and enhancement update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 02/12/2023 Created 11/18/2023 Added 11/16/2023 Modified 01/07/2025 Description A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data. A use-after-free flaw was found in asus_kbd_backlight_set in drivers/hid/hid-asus.c in the Linux Kernel. This issue could allow an attacker to crash the system when plugging in or disconnecting a malicious USB device, which may lead to a kernel information leak problem. Solution(s) oracle-linux-upgrade-kernel References https://attackerkb.com/topics/cve-2023-1079 CVE - 2023-1079 ELSA-2023-7077 ELSA-2023-6583

Amazon Linux 2023: CVE-2023-0799: Important priority package update for libtiff Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 02/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-0799 CVE - 2023-0799 https://alas.aws.amazon.com/AL2023/ALAS-2023-255.html

Amazon Linux 2023: CVE-2023-0796: Important priority package update for libtiff Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:N/A:C) Published 02/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-0796 CVE - 2023-0796 https://alas.aws.amazon.com/AL2023/ALAS-2023-255.html

Oracle Linux: CVE-2023-0804: ELSA-2023-3711:libtiff security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/12/2023 Created 06/23/2023 Added 06/22/2023 Modified 12/06/2024 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0804 CVE - 2023-0804 ELSA-2023-3711 ELSA-2023-5353

Amazon Linux 2023: CVE-2023-0797: Important priority package update for libtiff Severity 6 CVSS (AV:L/AC:L/Au:N/C:P/I:N/A:C) Published 02/12/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure. Solution(s) amazon-linux-2023-upgrade-libtiff amazon-linux-2023-upgrade-libtiff-debuginfo amazon-linux-2023-upgrade-libtiff-debugsource amazon-linux-2023-upgrade-libtiff-devel amazon-linux-2023-upgrade-libtiff-static amazon-linux-2023-upgrade-libtiff-tools amazon-linux-2023-upgrade-libtiff-tools-debuginfo References https://attackerkb.com/topics/cve-2023-0797 CVE - 2023-0797 https://alas.aws.amazon.com/AL2023/ALAS-2023-255.html

PostgreSQL: CVE-2022-41862: Client memory disclosure when connecting, with Kerberos, to modified server Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 02/10/2023 Created 02/11/2023 Added 02/10/2023 Modified 01/28/2025 Description In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes. Solution(s) postgres-upgrade-13_10 postgres-upgrade-14_7 postgres-upgrade-15_2 References https://attackerkb.com/topics/cve-2022-41862 CVE - 2022-41862

Oracle Linux: CVE-2023-0800: ELSA-2023-3711:libtiff security update (MODERATE) (Multiple Advisories) Severity 6 CVSS (AV:L/AC:L/Au:N/C:N/I:P/A:C) Published 02/12/2023 Created 06/23/2023 Added 06/22/2023 Modified 12/06/2024 Description LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127. A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification. Solution(s) oracle-linux-upgrade-libtiff oracle-linux-upgrade-libtiff-devel oracle-linux-upgrade-libtiff-tools References https://attackerkb.com/topics/cve-2023-0800 CVE - 2023-0800 ELSA-2023-3711 ELSA-2023-5353

Red Hat: CVE-2022-44571: Important: Satellite 6.14 security and bug fix update (RHSA-2023:6818) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/28/2025 Description There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted. Solution(s) redhat-upgrade-foreman-cli redhat-upgrade-python39-pulp_manifest redhat-upgrade-rubygem-amazing_print redhat-upgrade-rubygem-apipie-bindings redhat-upgrade-rubygem-clamp redhat-upgrade-rubygem-domain_name redhat-upgrade-rubygem-fast_gettext redhat-upgrade-rubygem-ffi redhat-upgrade-rubygem-ffi-debuginfo redhat-upgrade-rubygem-ffi-debugsource redhat-upgrade-rubygem-foreman_maintain redhat-upgrade-rubygem-gssapi redhat-upgrade-rubygem-hammer_cli redhat-upgrade-rubygem-hammer_cli_foreman redhat-upgrade-rubygem-hammer_cli_foreman_admin redhat-upgrade-rubygem-hammer_cli_foreman_ansible redhat-upgrade-rubygem-hammer_cli_foreman_azure_rm redhat-upgrade-rubygem-hammer_cli_foreman_bootdisk redhat-upgrade-rubygem-hammer_cli_foreman_discovery redhat-upgrade-rubygem-hammer_cli_foreman_google redhat-upgrade-rubygem-hammer_cli_foreman_openscap redhat-upgrade-rubygem-hammer_cli_foreman_remote_execution redhat-upgrade-rubygem-hammer_cli_foreman_tasks redhat-upgrade-rubygem-hammer_cli_foreman_templates redhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configure redhat-upgrade-rubygem-hammer_cli_foreman_webhooks redhat-upgrade-rubygem-hammer_cli_katello redhat-upgrade-rubygem-hashie redhat-upgrade-rubygem-highline redhat-upgrade-rubygem-http-accept redhat-upgrade-rubygem-http-cookie redhat-upgrade-rubygem-jwt redhat-upgrade-rubygem-little-plugger redhat-upgrade-rubygem-locale redhat-upgrade-rubygem-logging redhat-upgrade-rubygem-mime-types redhat-upgrade-rubygem-mime-types-data redhat-upgrade-rubygem-multi_json redhat-upgrade-rubygem-netrc redhat-upgrade-rubygem-oauth redhat-upgrade-rubygem-oauth-tty redhat-upgrade-rubygem-powerbar redhat-upgrade-rubygem-rest-client redhat-upgrade-rubygem-snaky_hash redhat-upgrade-rubygem-unf redhat-upgrade-rubygem-unf_ext redhat-upgrade-rubygem-unf_ext-debuginfo redhat-upgrade-rubygem-unf_ext-debugsource redhat-upgrade-rubygem-unicode redhat-upgrade-rubygem-unicode-debuginfo redhat-upgrade-rubygem-unicode-debugsource redhat-upgrade-rubygem-unicode-display_width redhat-upgrade-rubygem-version_gem redhat-upgrade-satellite-cli redhat-upgrade-satellite-clone redhat-upgrade-satellite-maintain References DSA-5530 CVE-2022-44571

Red Hat: CVE-2022-44570: Important: Satellite 6.14 security and bug fix update (RHSA-2023:6818) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/28/2025 Description A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. Solution(s) redhat-upgrade-foreman-cli redhat-upgrade-python39-pulp_manifest redhat-upgrade-rubygem-amazing_print redhat-upgrade-rubygem-apipie-bindings redhat-upgrade-rubygem-clamp redhat-upgrade-rubygem-domain_name redhat-upgrade-rubygem-fast_gettext redhat-upgrade-rubygem-ffi redhat-upgrade-rubygem-ffi-debuginfo redhat-upgrade-rubygem-ffi-debugsource redhat-upgrade-rubygem-foreman_maintain redhat-upgrade-rubygem-gssapi redhat-upgrade-rubygem-hammer_cli redhat-upgrade-rubygem-hammer_cli_foreman redhat-upgrade-rubygem-hammer_cli_foreman_admin redhat-upgrade-rubygem-hammer_cli_foreman_ansible redhat-upgrade-rubygem-hammer_cli_foreman_azure_rm redhat-upgrade-rubygem-hammer_cli_foreman_bootdisk redhat-upgrade-rubygem-hammer_cli_foreman_discovery redhat-upgrade-rubygem-hammer_cli_foreman_google redhat-upgrade-rubygem-hammer_cli_foreman_openscap redhat-upgrade-rubygem-hammer_cli_foreman_remote_execution redhat-upgrade-rubygem-hammer_cli_foreman_tasks redhat-upgrade-rubygem-hammer_cli_foreman_templates redhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configure redhat-upgrade-rubygem-hammer_cli_foreman_webhooks redhat-upgrade-rubygem-hammer_cli_katello redhat-upgrade-rubygem-hashie redhat-upgrade-rubygem-highline redhat-upgrade-rubygem-http-accept redhat-upgrade-rubygem-http-cookie redhat-upgrade-rubygem-jwt redhat-upgrade-rubygem-little-plugger redhat-upgrade-rubygem-locale redhat-upgrade-rubygem-logging redhat-upgrade-rubygem-mime-types redhat-upgrade-rubygem-mime-types-data redhat-upgrade-rubygem-multi_json redhat-upgrade-rubygem-netrc redhat-upgrade-rubygem-oauth redhat-upgrade-rubygem-oauth-tty redhat-upgrade-rubygem-powerbar redhat-upgrade-rubygem-rest-client redhat-upgrade-rubygem-snaky_hash redhat-upgrade-rubygem-unf redhat-upgrade-rubygem-unf_ext redhat-upgrade-rubygem-unf_ext-debuginfo redhat-upgrade-rubygem-unf_ext-debugsource redhat-upgrade-rubygem-unicode redhat-upgrade-rubygem-unicode-debuginfo redhat-upgrade-rubygem-unicode-debugsource redhat-upgrade-rubygem-unicode-display_width redhat-upgrade-rubygem-version_gem redhat-upgrade-satellite-cli redhat-upgrade-satellite-clone redhat-upgrade-satellite-maintain References DSA-5530 CVE-2022-44570

Red Hat: CVE-2023-22795: Important: Satellite 6.14 security and bug fix update (RHSA-2023:6818) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/28/2025 Description A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. Solution(s) redhat-upgrade-foreman-cli redhat-upgrade-python39-pulp_manifest redhat-upgrade-rubygem-amazing_print redhat-upgrade-rubygem-apipie-bindings redhat-upgrade-rubygem-clamp redhat-upgrade-rubygem-domain_name redhat-upgrade-rubygem-fast_gettext redhat-upgrade-rubygem-ffi redhat-upgrade-rubygem-ffi-debuginfo redhat-upgrade-rubygem-ffi-debugsource redhat-upgrade-rubygem-foreman_maintain redhat-upgrade-rubygem-gssapi redhat-upgrade-rubygem-hammer_cli redhat-upgrade-rubygem-hammer_cli_foreman redhat-upgrade-rubygem-hammer_cli_foreman_admin redhat-upgrade-rubygem-hammer_cli_foreman_ansible redhat-upgrade-rubygem-hammer_cli_foreman_azure_rm redhat-upgrade-rubygem-hammer_cli_foreman_bootdisk redhat-upgrade-rubygem-hammer_cli_foreman_discovery redhat-upgrade-rubygem-hammer_cli_foreman_google redhat-upgrade-rubygem-hammer_cli_foreman_openscap redhat-upgrade-rubygem-hammer_cli_foreman_remote_execution redhat-upgrade-rubygem-hammer_cli_foreman_tasks redhat-upgrade-rubygem-hammer_cli_foreman_templates redhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configure redhat-upgrade-rubygem-hammer_cli_foreman_webhooks redhat-upgrade-rubygem-hammer_cli_katello redhat-upgrade-rubygem-hashie redhat-upgrade-rubygem-highline redhat-upgrade-rubygem-http-accept redhat-upgrade-rubygem-http-cookie redhat-upgrade-rubygem-jwt redhat-upgrade-rubygem-little-plugger redhat-upgrade-rubygem-locale redhat-upgrade-rubygem-logging redhat-upgrade-rubygem-mime-types redhat-upgrade-rubygem-mime-types-data redhat-upgrade-rubygem-multi_json redhat-upgrade-rubygem-netrc redhat-upgrade-rubygem-oauth redhat-upgrade-rubygem-oauth-tty redhat-upgrade-rubygem-powerbar redhat-upgrade-rubygem-rest-client redhat-upgrade-rubygem-snaky_hash redhat-upgrade-rubygem-unf redhat-upgrade-rubygem-unf_ext redhat-upgrade-rubygem-unf_ext-debuginfo redhat-upgrade-rubygem-unf_ext-debugsource redhat-upgrade-rubygem-unicode redhat-upgrade-rubygem-unicode-debuginfo redhat-upgrade-rubygem-unicode-debugsource redhat-upgrade-rubygem-unicode-display_width redhat-upgrade-rubygem-version_gem redhat-upgrade-satellite-cli redhat-upgrade-satellite-clone redhat-upgrade-satellite-maintain References DSA-5372 CVE-2023-22795

Red Hat: CVE-2023-22792: Important: Satellite 6.14 security and bug fix update (RHSA-2023:6818) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 11/14/2023 Added 11/13/2023 Modified 01/28/2025 Description A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. Solution(s) redhat-upgrade-foreman-cli redhat-upgrade-python39-pulp_manifest redhat-upgrade-rubygem-amazing_print redhat-upgrade-rubygem-apipie-bindings redhat-upgrade-rubygem-clamp redhat-upgrade-rubygem-domain_name redhat-upgrade-rubygem-fast_gettext redhat-upgrade-rubygem-ffi redhat-upgrade-rubygem-ffi-debuginfo redhat-upgrade-rubygem-ffi-debugsource redhat-upgrade-rubygem-foreman_maintain redhat-upgrade-rubygem-gssapi redhat-upgrade-rubygem-hammer_cli redhat-upgrade-rubygem-hammer_cli_foreman redhat-upgrade-rubygem-hammer_cli_foreman_admin redhat-upgrade-rubygem-hammer_cli_foreman_ansible redhat-upgrade-rubygem-hammer_cli_foreman_azure_rm redhat-upgrade-rubygem-hammer_cli_foreman_bootdisk redhat-upgrade-rubygem-hammer_cli_foreman_discovery redhat-upgrade-rubygem-hammer_cli_foreman_google redhat-upgrade-rubygem-hammer_cli_foreman_openscap redhat-upgrade-rubygem-hammer_cli_foreman_remote_execution redhat-upgrade-rubygem-hammer_cli_foreman_tasks redhat-upgrade-rubygem-hammer_cli_foreman_templates redhat-upgrade-rubygem-hammer_cli_foreman_virt_who_configure redhat-upgrade-rubygem-hammer_cli_foreman_webhooks redhat-upgrade-rubygem-hammer_cli_katello redhat-upgrade-rubygem-hashie redhat-upgrade-rubygem-highline redhat-upgrade-rubygem-http-accept redhat-upgrade-rubygem-http-cookie redhat-upgrade-rubygem-jwt redhat-upgrade-rubygem-little-plugger redhat-upgrade-rubygem-locale redhat-upgrade-rubygem-logging redhat-upgrade-rubygem-mime-types redhat-upgrade-rubygem-mime-types-data redhat-upgrade-rubygem-multi_json redhat-upgrade-rubygem-netrc redhat-upgrade-rubygem-oauth redhat-upgrade-rubygem-oauth-tty redhat-upgrade-rubygem-powerbar redhat-upgrade-rubygem-rest-client redhat-upgrade-rubygem-snaky_hash redhat-upgrade-rubygem-unf redhat-upgrade-rubygem-unf_ext redhat-upgrade-rubygem-unf_ext-debuginfo redhat-upgrade-rubygem-unf_ext-debugsource redhat-upgrade-rubygem-unicode redhat-upgrade-rubygem-unicode-debuginfo redhat-upgrade-rubygem-unicode-debugsource redhat-upgrade-rubygem-unicode-display_width redhat-upgrade-rubygem-version_gem redhat-upgrade-satellite-cli redhat-upgrade-satellite-clone redhat-upgrade-satellite-maintain References DSA-5372 CVE-2023-22792

Alma Linux: CVE-2022-43552: Low: curl security and bug fix update (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. Solution(s) alma-upgrade-curl alma-upgrade-curl-minimal alma-upgrade-libcurl alma-upgrade-libcurl-devel alma-upgrade-libcurl-minimal References https://attackerkb.com/topics/cve-2022-43552 CVE - 2022-43552 https://errata.almalinux.org/8/ALSA-2023-2963.html https://errata.almalinux.org/9/ALSA-2023-2478.html

Amazon Linux AMI 2: CVE-2023-0286: Security patch for edk2, openssl, openssl-snapsafe, openssl11 (Multiple Advisories) Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 02/09/2023 Created 02/10/2023 Added 02/09/2023 Modified 01/28/2025 Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. Solution(s) amazon-linux-ami-2-upgrade-edk2-aarch64 amazon-linux-ami-2-upgrade-edk2-debuginfo amazon-linux-ami-2-upgrade-edk2-ovmf amazon-linux-ami-2-upgrade-edk2-tools amazon-linux-ami-2-upgrade-edk2-tools-doc amazon-linux-ami-2-upgrade-edk2-tools-python amazon-linux-ami-2-upgrade-openssl amazon-linux-ami-2-upgrade-openssl-debuginfo amazon-linux-ami-2-upgrade-openssl-devel amazon-linux-ami-2-upgrade-openssl-libs amazon-linux-ami-2-upgrade-openssl-perl amazon-linux-ami-2-upgrade-openssl-snapsafe amazon-linux-ami-2-upgrade-openssl-snapsafe-debuginfo amazon-linux-ami-2-upgrade-openssl-snapsafe-devel amazon-linux-ami-2-upgrade-openssl-snapsafe-libs amazon-linux-ami-2-upgrade-openssl-snapsafe-perl amazon-linux-ami-2-upgrade-openssl-snapsafe-static amazon-linux-ami-2-upgrade-openssl-static amazon-linux-ami-2-upgrade-openssl11 amazon-linux-ami-2-upgrade-openssl11-debuginfo amazon-linux-ami-2-upgrade-openssl11-devel amazon-linux-ami-2-upgrade-openssl11-libs amazon-linux-ami-2-upgrade-openssl11-static References https://attackerkb.com/topics/cve-2023-0286 AL2/ALAS-2023-1934 AL2/ALAS-2023-1935 AL2/ALAS-2024-2502 AL2/ALASOPENSSL-SNAPSAFE-2023-002 CVE - 2023-0286

Amazon Linux AMI 2: CVE-2022-4304: Security patch for edk2, openssl, openssl-snapsafe, openssl11 (Multiple Advisories) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 02/09/2023 Created 02/10/2023 Added 02/09/2023 Modified 01/28/2025 Description A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. Solution(s) amazon-linux-ami-2-upgrade-edk2-aarch64 amazon-linux-ami-2-upgrade-edk2-debuginfo amazon-linux-ami-2-upgrade-edk2-ovmf amazon-linux-ami-2-upgrade-edk2-tools amazon-linux-ami-2-upgrade-edk2-tools-doc amazon-linux-ami-2-upgrade-edk2-tools-python amazon-linux-ami-2-upgrade-openssl amazon-linux-ami-2-upgrade-openssl-debuginfo amazon-linux-ami-2-upgrade-openssl-devel amazon-linux-ami-2-upgrade-openssl-libs amazon-linux-ami-2-upgrade-openssl-perl amazon-linux-ami-2-upgrade-openssl-snapsafe amazon-linux-ami-2-upgrade-openssl-snapsafe-debuginfo amazon-linux-ami-2-upgrade-openssl-snapsafe-devel amazon-linux-ami-2-upgrade-openssl-snapsafe-libs amazon-linux-ami-2-upgrade-openssl-snapsafe-perl amazon-linux-ami-2-upgrade-openssl-snapsafe-static amazon-linux-ami-2-upgrade-openssl-static amazon-linux-ami-2-upgrade-openssl11 amazon-linux-ami-2-upgrade-openssl11-debuginfo amazon-linux-ami-2-upgrade-openssl11-devel amazon-linux-ami-2-upgrade-openssl11-libs amazon-linux-ami-2-upgrade-openssl11-static References https://attackerkb.com/topics/cve-2022-4304 AL2/ALAS-2023-1934 AL2/ALAS-2023-1935 AL2/ALAS-2024-2502 AL2/ALASOPENSSL-SNAPSAFE-2023-002 CVE - 2022-4304

Amazon Linux AMI 2: CVE-2023-0215: Security patch for edk2, openssl, openssl-snapsafe, openssl11 (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 02/10/2023 Added 02/09/2023 Modified 01/28/2025 Description The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. Solution(s) amazon-linux-ami-2-upgrade-edk2-aarch64 amazon-linux-ami-2-upgrade-edk2-debuginfo amazon-linux-ami-2-upgrade-edk2-ovmf amazon-linux-ami-2-upgrade-edk2-tools amazon-linux-ami-2-upgrade-edk2-tools-doc amazon-linux-ami-2-upgrade-edk2-tools-python amazon-linux-ami-2-upgrade-openssl amazon-linux-ami-2-upgrade-openssl-debuginfo amazon-linux-ami-2-upgrade-openssl-devel amazon-linux-ami-2-upgrade-openssl-libs amazon-linux-ami-2-upgrade-openssl-perl amazon-linux-ami-2-upgrade-openssl-snapsafe amazon-linux-ami-2-upgrade-openssl-snapsafe-debuginfo amazon-linux-ami-2-upgrade-openssl-snapsafe-devel amazon-linux-ami-2-upgrade-openssl-snapsafe-libs amazon-linux-ami-2-upgrade-openssl-snapsafe-perl amazon-linux-ami-2-upgrade-openssl-snapsafe-static amazon-linux-ami-2-upgrade-openssl-static amazon-linux-ami-2-upgrade-openssl11 amazon-linux-ami-2-upgrade-openssl11-debuginfo amazon-linux-ami-2-upgrade-openssl11-devel amazon-linux-ami-2-upgrade-openssl11-libs amazon-linux-ami-2-upgrade-openssl11-static References https://attackerkb.com/topics/cve-2023-0215 AL2/ALAS-2023-1934 AL2/ALAS-2023-1935 AL2/ALAS-2024-2502 AL2/ALASOPENSSL-SNAPSAFE-2023-002 CVE - 2023-0215

Huawei EulerOS: CVE-2022-43552: curl security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 03/24/2023 Added 03/24/2023 Modified 01/28/2025 Description A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. Solution(s) huawei-euleros-2_0_sp11-upgrade-curl huawei-euleros-2_0_sp11-upgrade-libcurl References https://attackerkb.com/topics/cve-2022-43552 CVE - 2022-43552 EulerOS-SA-2023-1581

OS X update for AppleScript (CVE-2022-43552) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for CoreServices (CVE-2022-43552) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2023-0760: gpac -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 02/09/2023 Created 07/17/2023 Added 07/17/2023 Modified 01/28/2025 Description Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. Solution(s) debian-upgrade-gpac References https://attackerkb.com/topics/cve-2023-0760 CVE - 2023-0760 DSA-5452 DSA-5452-1

SUSE: CVE-2022-43634: SUSE Linux Security Advisory Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 02/09/2023 Created 02/14/2023 Added 02/13/2023 Modified 01/28/2025 Description This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646. Solution(s) suse-upgrade-libatalk12 suse-upgrade-netatalk suse-upgrade-netatalk-devel References https://attackerkb.com/topics/cve-2022-43634 CVE - 2022-43634

SUSE: CVE-2023-22792: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 02/22/2023 Added 02/21/2023 Modified 01/28/2025 Description A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. Solution(s) suse-upgrade-ruby2-5-rubygem-actionpack-5_1 suse-upgrade-ruby2-5-rubygem-actionpack-doc-5_1 References https://attackerkb.com/topics/cve-2023-22792 CVE - 2023-22792 DSA-5372

IBM AIX: curl_advisory2 (CVE-2022-43552): Security vulnerabilities in cURL for AIX Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 02/09/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. Solution(s) ibm-aix-curl_advisory2 References https://attackerkb.com/topics/cve-2022-43552 CVE - 2022-43552 https://aix.software.ibm.com/aix/efixes/security/curl_advisory2.asc