ISHACK AI BOT

ISC BIND: Configured to answer from stale cache may terminate unexpectedly at recursive-clients soft quota (CVE-2022-3924) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. Solution(s) upgrade-isc-bind-latest References https://attackerkb.com/topics/cve-2022-3924 CVE - 2022-3924 https://kb.isc.org/v1/docs/cve-2022-3924

SUSE: CVE-2022-42330: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XS_RELEASE will have the same impact. Solution(s) suse-upgrade-xen-libs suse-upgrade-xen-tools-domu References https://attackerkb.com/topics/cve-2022-42330 CVE - 2022-42330

Debian: CVE-2022-25927: node-ua-parser-js -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function. Solution(s) debian-upgrade-node-ua-parser-js References https://attackerkb.com/topics/cve-2022-25927 CVE - 2022-25927

Debian: CVE-2022-42330: xen -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XS_RELEASE will have the same impact. Solution(s) debian-upgrade-xen References https://attackerkb.com/topics/cve-2022-42330 CVE - 2022-42330

Microsoft Windows: CVE-2023-21712: Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 01/26/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability Solution(s) microsoft-windows-windows_10-1507-kb5019970 microsoft-windows-windows_10-1607-kb5019964 microsoft-windows-windows_10-1809-kb5019966 microsoft-windows-windows_10-20h2-kb5019959 microsoft-windows-windows_10-21h1-kb5019959 microsoft-windows-windows_10-21h2-kb5019959 microsoft-windows-windows_10-22h2-kb5022282 microsoft-windows-windows_11-21h2-kb5019961 microsoft-windows-windows_11-22h2-kb5019980 microsoft-windows-windows_server_2012-kb5020003 microsoft-windows-windows_server_2012_r2-kb5020010 microsoft-windows-windows_server_2016-1607-kb5019964 microsoft-windows-windows_server_2019-1809-kb5019966 microsoft-windows-windows_server_2022-21h2-kb5019081 microsoft-windows-windows_server_2022-22h2-kb5019081 References https://attackerkb.com/topics/cve-2023-21712 CVE - 2023-21712 https://support.microsoft.com/help/5019081 https://support.microsoft.com/help/5019959 https://support.microsoft.com/help/5019961 https://support.microsoft.com/help/5019964 https://support.microsoft.com/help/5019966 https://support.microsoft.com/help/5019970 https://support.microsoft.com/help/5019980 https://support.microsoft.com/help/5020003 https://support.microsoft.com/help/5020010 https://support.microsoft.com/help/5020023 https://support.microsoft.com/help/5022282 View more

Red Hat: CVE-2022-47951: Important: Red Hat OpenStack Platform (openstack-nova) security update (RHSA-2023:1278) Severity 6 CVSS (AV:N/AC:M/Au:S/C:C/I:N/A:N) Published 01/26/2023 Created 03/16/2023 Added 03/16/2023 Modified 01/28/2025 Description An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. Solution(s) redhat-upgrade-python-oslo-utils-lang redhat-upgrade-python3-oslo-utils References DSA-5336 DSA-5337 DSA-5338 CVE-2022-47951

Ubuntu: (Multiple Advisories) (CVE-2023-0394): Linux kernel vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/26/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1062-dell300x ubuntu-upgrade-linux-image-4-15-0-1116-oracle ubuntu-upgrade-linux-image-4-15-0-1129-raspi2 ubuntu-upgrade-linux-image-4-15-0-1137-kvm ubuntu-upgrade-linux-image-4-15-0-1147-gcp ubuntu-upgrade-linux-image-4-15-0-1148-snapdragon ubuntu-upgrade-linux-image-4-15-0-1153-aws ubuntu-upgrade-linux-image-4-15-0-1162-azure ubuntu-upgrade-linux-image-4-15-0-208-generic ubuntu-upgrade-linux-image-4-15-0-208-generic-lpae ubuntu-upgrade-linux-image-4-15-0-208-lowlatency ubuntu-upgrade-linux-image-4-4-0-1117-aws ubuntu-upgrade-linux-image-4-4-0-1118-kvm ubuntu-upgrade-linux-image-4-4-0-1155-aws ubuntu-upgrade-linux-image-4-4-0-239-generic ubuntu-upgrade-linux-image-4-4-0-239-lowlatency ubuntu-upgrade-linux-image-5-14-0-1059-oem ubuntu-upgrade-linux-image-5-15-0-1018-gkeop ubuntu-upgrade-linux-image-5-15-0-1027-raspi ubuntu-upgrade-linux-image-5-15-0-1027-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1028-ibm ubuntu-upgrade-linux-image-5-15-0-1028-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1030-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1031-gke ubuntu-upgrade-linux-image-5-15-0-1031-kvm ubuntu-upgrade-linux-image-5-15-0-1032-gcp ubuntu-upgrade-linux-image-5-15-0-1033-oracle ubuntu-upgrade-linux-image-5-15-0-1034-aws ubuntu-upgrade-linux-image-5-15-0-1036-azure ubuntu-upgrade-linux-image-5-15-0-1036-azure-fde ubuntu-upgrade-linux-image-5-15-0-70-generic ubuntu-upgrade-linux-image-5-15-0-70-generic-64k ubuntu-upgrade-linux-image-5-15-0-70-generic-lpae ubuntu-upgrade-linux-image-5-15-0-70-lowlatency ubuntu-upgrade-linux-image-5-15-0-70-lowlatency-64k ubuntu-upgrade-linux-image-5-17-0-1029-oem ubuntu-upgrade-linux-image-5-19-0-1018-raspi ubuntu-upgrade-linux-image-5-19-0-1018-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1022-ibm ubuntu-upgrade-linux-image-5-19-0-1023-kvm ubuntu-upgrade-linux-image-5-19-0-1023-oracle ubuntu-upgrade-linux-image-5-19-0-1024-gcp ubuntu-upgrade-linux-image-5-19-0-1024-lowlatency ubuntu-upgrade-linux-image-5-19-0-1024-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1025-aws ubuntu-upgrade-linux-image-5-19-0-1026-azure ubuntu-upgrade-linux-image-5-19-0-42-generic ubuntu-upgrade-linux-image-5-19-0-42-generic-64k ubuntu-upgrade-linux-image-5-19-0-42-generic-lpae ubuntu-upgrade-linux-image-5-4-0-1045-ibm ubuntu-upgrade-linux-image-5-4-0-1059-bluefield ubuntu-upgrade-linux-image-5-4-0-1065-gkeop ubuntu-upgrade-linux-image-5-4-0-1081-raspi ubuntu-upgrade-linux-image-5-4-0-1087-kvm ubuntu-upgrade-linux-image-5-4-0-1094-oracle ubuntu-upgrade-linux-image-5-4-0-1095-gke ubuntu-upgrade-linux-image-5-4-0-1097-aws ubuntu-upgrade-linux-image-5-4-0-1101-gcp ubuntu-upgrade-linux-image-5-4-0-1104-azure ubuntu-upgrade-linux-image-5-4-0-144-generic ubuntu-upgrade-linux-image-5-4-0-144-generic-lpae ubuntu-upgrade-linux-image-5-4-0-144-lowlatency ubuntu-upgrade-linux-image-6-1-0-1008-oem ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-dell300x ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-18-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gke-5-4 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-lts-xenial References https://attackerkb.com/topics/cve-2023-0394 CVE - 2023-0394 USN-5917-1 USN-5924-1 USN-5927-1 USN-5934-1 USN-5939-1 USN-5940-1 USN-5951-1 USN-5975-1 USN-5976-1 USN-5978-1 USN-5981-1 USN-5984-1 USN-5991-1 USN-6000-1 USN-6001-1 USN-6009-1 USN-6013-1 USN-6014-1 USN-6025-1 USN-6030-1 USN-6040-1 USN-6057-1 USN-6079-1 USN-6091-1 USN-6096-1 USN-6134-1 View more

Huawei EulerOS: CVE-2023-0394: kernel security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/26/2023 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. Solution(s) huawei-euleros-2_0_sp5-upgrade-kernel huawei-euleros-2_0_sp5-upgrade-kernel-devel huawei-euleros-2_0_sp5-upgrade-kernel-headers huawei-euleros-2_0_sp5-upgrade-kernel-tools huawei-euleros-2_0_sp5-upgrade-kernel-tools-libs huawei-euleros-2_0_sp5-upgrade-perf huawei-euleros-2_0_sp5-upgrade-python-perf References https://attackerkb.com/topics/cve-2023-0394 CVE - 2023-0394 EulerOS-SA-2023-2152

Alpine Linux: CVE-2022-42330: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XS_RELEASE will have the same impact. Solution(s) alpine-linux-upgrade-xen References https://attackerkb.com/topics/cve-2022-42330 CVE - 2022-42330 https://security.alpinelinux.org/vuln/CVE-2022-42330

Alma Linux: CVE-2022-3094: Moderate: bind9.16 security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 05/15/2023 Added 05/15/2023 Modified 02/13/2025 Description Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1. Solution(s) alma-upgrade-bind alma-upgrade-bind-chroot alma-upgrade-bind-devel alma-upgrade-bind-dnssec-doc alma-upgrade-bind-dnssec-utils alma-upgrade-bind-doc alma-upgrade-bind-export-devel alma-upgrade-bind-export-libs alma-upgrade-bind-libs alma-upgrade-bind-libs-lite alma-upgrade-bind-license alma-upgrade-bind-lite-devel alma-upgrade-bind-pkcs11 alma-upgrade-bind-pkcs11-devel alma-upgrade-bind-pkcs11-libs alma-upgrade-bind-pkcs11-utils alma-upgrade-bind-sdb alma-upgrade-bind-sdb-chroot alma-upgrade-bind-utils alma-upgrade-bind9.16 alma-upgrade-bind9.16-chroot alma-upgrade-bind9.16-devel alma-upgrade-bind9.16-dnssec-utils alma-upgrade-bind9.16-doc alma-upgrade-bind9.16-libs alma-upgrade-bind9.16-license alma-upgrade-bind9.16-utils alma-upgrade-python3-bind alma-upgrade-python3-bind9.16 References https://attackerkb.com/topics/cve-2022-3094 CVE - 2022-3094 https://errata.almalinux.org/8/ALSA-2023-2792.html https://errata.almalinux.org/8/ALSA-2023-7177.html https://errata.almalinux.org/9/ALSA-2023-2261.html

Debian: CVE-2023-0416: wireshark -- security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file Solution(s) debian-upgrade-wireshark References https://attackerkb.com/topics/cve-2023-0416 CVE - 2023-0416 DLA-3906-1

Debian: CVE-2023-0468: linux -- security update Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 01/26/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-0468 CVE - 2023-0468

Debian: CVE-2023-0469: linux -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/26/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-0469 CVE - 2023-0469

Debian: CVE-2023-20928: linux -- security update Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/26/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-20928 CVE - 2023-20928

Ubuntu: (Multiple Advisories) (CVE-2023-0468): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 01/26/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. Solution(s) ubuntu-upgrade-linux-image-5-15-0-1016-gkeop ubuntu-upgrade-linux-image-5-15-0-1025-raspi ubuntu-upgrade-linux-image-5-15-0-1025-raspi-nolpae ubuntu-upgrade-linux-image-5-15-0-1026-ibm ubuntu-upgrade-linux-image-5-15-0-1026-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1028-gke ubuntu-upgrade-linux-image-5-15-0-1029-kvm ubuntu-upgrade-linux-image-5-15-0-1030-gcp ubuntu-upgrade-linux-image-5-15-0-1030-oracle ubuntu-upgrade-linux-image-5-15-0-1031-aws ubuntu-upgrade-linux-image-5-15-0-1034-azure ubuntu-upgrade-linux-image-5-15-0-1034-azure-fde ubuntu-upgrade-linux-image-5-15-0-67-generic ubuntu-upgrade-linux-image-5-15-0-67-generic-64k ubuntu-upgrade-linux-image-5-15-0-67-generic-lpae ubuntu-upgrade-linux-image-5-15-0-67-lowlatency ubuntu-upgrade-linux-image-5-15-0-67-lowlatency-64k ubuntu-upgrade-linux-image-5-17-0-1031-oem ubuntu-upgrade-linux-image-5-19-0-1016-raspi ubuntu-upgrade-linux-image-5-19-0-1016-raspi-nolpae ubuntu-upgrade-linux-image-5-19-0-1020-gcp ubuntu-upgrade-linux-image-5-19-0-1020-oracle ubuntu-upgrade-linux-image-5-19-0-1021-kvm ubuntu-upgrade-linux-image-5-19-0-1022-lowlatency ubuntu-upgrade-linux-image-5-19-0-1022-lowlatency-64k ubuntu-upgrade-linux-image-5-19-0-1023-aws ubuntu-upgrade-linux-image-5-19-0-1023-azure ubuntu-upgrade-linux-image-5-19-0-40-generic ubuntu-upgrade-linux-image-5-19-0-40-generic-64k ubuntu-upgrade-linux-image-5-19-0-40-generic-lpae ubuntu-upgrade-linux-image-6-0-0-1015-oem ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 References https://attackerkb.com/topics/cve-2023-0468 CVE - 2023-0468 USN-5912-1 USN-5935-1 USN-5938-1 USN-5941-1 USN-5962-1 USN-6024-1 USN-6071-1 USN-6072-1 View more

Debian: CVE-2022-47951: cinder, glance, nova -- security update Severity 6 CVSS (AV:N/AC:M/Au:S/C:C/I:N/A:N) Published 01/26/2023 Created 02/02/2023 Added 02/01/2023 Modified 01/30/2025 Description An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. Solution(s) debian-upgrade-cinder debian-upgrade-glance debian-upgrade-nova References https://attackerkb.com/topics/cve-2022-47951 CVE - 2022-47951 DLA-3300-1 DLA-3301-1 DLA-3302-1 DSA-5336 DSA-5337 DSA-5338 View more

Debian: CVE-2022-4510: binwalk -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 01/26/2023 Created 02/28/2023 Added 02/27/2023 Modified 01/30/2025 Description A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included. Solution(s) debian-upgrade-binwalk References https://attackerkb.com/topics/cve-2022-4510 CVE - 2022-4510 DLA-3339-1

Gentoo Linux: CVE-2020-36657: uptimed: Root Privilege Escalation Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/26/2023 Created 05/05/2023 Added 05/04/2023 Modified 01/28/2025 Description uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call. Solution(s) gentoo-linux-upgrade-app-misc-uptimed References https://attackerkb.com/topics/cve-2020-36657 CVE - 2020-36657 202305-14

IBM AIX: bind_advisory23 (CVE-2022-3736): Vulnerability in bind affects AIX Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/28/2025 Description BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. Solution(s) ibm-aix-bind_advisory23 References https://attackerkb.com/topics/cve-2022-3736 CVE - 2022-3736 https://aix.software.ibm.com/aix/efixes/security/bind_advisory23.asc

IBM AIX: bind_advisory23 (CVE-2022-3094): Vulnerability in bind affects AIX Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 07/27/2023 Added 07/27/2023 Modified 01/30/2025 Description Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1. Solution(s) ibm-aix-bind_advisory23 References https://attackerkb.com/topics/cve-2022-3094 CVE - 2022-3094 https://aix.software.ibm.com/aix/efixes/security/bind_advisory23.asc

CentOS Linux: CVE-2022-47951: Important: Red Hat OpenStack Platform (openstack-nova) security update (CESA-2023:1278) Severity 6 CVSS (AV:N/AC:M/Au:S/C:C/I:N/A:N) Published 01/26/2023 Created 03/16/2023 Added 03/16/2023 Modified 01/28/2025 Description An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. Solution(s) centos-upgrade-python-oslo-utils-lang centos-upgrade-python3-oslo-utils References DSA-5336 DSA-5337 DSA-5338 CVE-2022-47951

CentOS Linux: CVE-2022-3924: Moderate: bind security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. Solution(s) centos-upgrade-bind centos-upgrade-bind-chroot centos-upgrade-bind-debuginfo centos-upgrade-bind-debugsource centos-upgrade-bind-dnssec-doc centos-upgrade-bind-dnssec-utils centos-upgrade-bind-dnssec-utils-debuginfo centos-upgrade-bind-libs centos-upgrade-bind-libs-debuginfo centos-upgrade-bind-license centos-upgrade-bind-utils centos-upgrade-bind-utils-debuginfo centos-upgrade-bind9-16 centos-upgrade-bind9-16-chroot centos-upgrade-bind9-16-debuginfo centos-upgrade-bind9-16-debugsource centos-upgrade-bind9-16-dnssec-utils centos-upgrade-bind9-16-dnssec-utils-debuginfo centos-upgrade-bind9-16-libs centos-upgrade-bind9-16-libs-debuginfo centos-upgrade-bind9-16-license centos-upgrade-bind9-16-utils centos-upgrade-bind9-16-utils-debuginfo centos-upgrade-python3-bind centos-upgrade-python3-bind9-16 References CVE-2022-3924

CentOS Linux: CVE-2022-3736: Moderate: bind security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. Solution(s) centos-upgrade-bind centos-upgrade-bind-chroot centos-upgrade-bind-debuginfo centos-upgrade-bind-debugsource centos-upgrade-bind-dnssec-doc centos-upgrade-bind-dnssec-utils centos-upgrade-bind-dnssec-utils-debuginfo centos-upgrade-bind-libs centos-upgrade-bind-libs-debuginfo centos-upgrade-bind-license centos-upgrade-bind-utils centos-upgrade-bind-utils-debuginfo centos-upgrade-bind9-16 centos-upgrade-bind9-16-chroot centos-upgrade-bind9-16-debuginfo centos-upgrade-bind9-16-debugsource centos-upgrade-bind9-16-dnssec-utils centos-upgrade-bind9-16-dnssec-utils-debuginfo centos-upgrade-bind9-16-libs centos-upgrade-bind9-16-libs-debuginfo centos-upgrade-bind9-16-license centos-upgrade-bind9-16-utils centos-upgrade-bind9-16-utils-debuginfo centos-upgrade-python3-bind centos-upgrade-python3-bind9-16 References CVE-2022-3736

SUSE: CVE-2023-0411: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 02/14/2023 Added 02/13/2023 Modified 01/28/2025 Description Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-0411 CVE - 2023-0411

CentOS Linux: CVE-2023-0394: Important: kernel-rt security and bug fix update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/26/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. Solution(s) centos-upgrade-kernel centos-upgrade-kernel-rt References CVE-2023-0394