ISHACK AI BOT

Wireshark : CVE-2023-0414 : EAP dissector crash Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/28/2025 Description Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file Solution(s) wireshark-upgrade-4_0_3 References https://attackerkb.com/topics/cve-2023-0414 CVE - 2023-0414 https://www.wireshark.org/security/wnpa-sec-2023-01.html

SUSE: CVE-2022-3924: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 02/14/2023 Added 02/13/2023 Modified 01/28/2025 Description This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM `recursive-clients` limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. Solution(s) suse-upgrade-bind suse-upgrade-bind-doc suse-upgrade-bind-utils suse-upgrade-python3-bind References https://attackerkb.com/topics/cve-2022-3924 CVE - 2022-3924

SUSE: CVE-2023-0412: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:C) Published 01/26/2023 Created 02/14/2023 Added 02/13/2023 Modified 01/28/2025 Description TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-0412 CVE - 2023-0412

CentOS Linux: CVE-2022-3094: Moderate: bind security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1. Solution(s) centos-upgrade-bind centos-upgrade-bind-chroot centos-upgrade-bind-debuginfo centos-upgrade-bind-debugsource centos-upgrade-bind-devel centos-upgrade-bind-dnssec-doc centos-upgrade-bind-dnssec-utils centos-upgrade-bind-dnssec-utils-debuginfo centos-upgrade-bind-export-devel centos-upgrade-bind-export-libs centos-upgrade-bind-export-libs-debuginfo centos-upgrade-bind-libs centos-upgrade-bind-libs-debuginfo centos-upgrade-bind-libs-lite centos-upgrade-bind-libs-lite-debuginfo centos-upgrade-bind-license centos-upgrade-bind-lite-devel centos-upgrade-bind-pkcs11 centos-upgrade-bind-pkcs11-debuginfo centos-upgrade-bind-pkcs11-devel centos-upgrade-bind-pkcs11-libs centos-upgrade-bind-pkcs11-libs-debuginfo centos-upgrade-bind-pkcs11-utils centos-upgrade-bind-pkcs11-utils-debuginfo centos-upgrade-bind-sdb centos-upgrade-bind-sdb-chroot centos-upgrade-bind-sdb-debuginfo centos-upgrade-bind-utils centos-upgrade-bind-utils-debuginfo centos-upgrade-bind9-16 centos-upgrade-bind9-16-chroot centos-upgrade-bind9-16-debuginfo centos-upgrade-bind9-16-debugsource centos-upgrade-bind9-16-dnssec-utils centos-upgrade-bind9-16-dnssec-utils-debuginfo centos-upgrade-bind9-16-libs centos-upgrade-bind9-16-libs-debuginfo centos-upgrade-bind9-16-license centos-upgrade-bind9-16-utils centos-upgrade-bind9-16-utils-debuginfo centos-upgrade-python3-bind centos-upgrade-python3-bind9-16 References CVE-2022-3094

ISC BIND: Configured to answer from stale cache may terminate unexpectedly while processing RRSIG queries (CVE-2022-3736) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 03/08/2023 Added 03/07/2023 Modified 01/28/2025 Description BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. Solution(s) upgrade-isc-bind-latest References https://attackerkb.com/topics/cve-2022-3736 CVE - 2022-3736 https://kb.isc.org/v1/docs/cve-2022-3736

SUSE: CVE-2023-0413: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 02/14/2023 Added 02/13/2023 Modified 01/28/2025 Description Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-0413 CVE - 2023-0413

SUSE: CVE-2023-0394: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/26/2023 Created 05/05/2023 Added 04/11/2023 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-vanilla suse-upgrade-kernel-vanilla-base suse-upgrade-kernel-vanilla-devel suse-upgrade-kernel-vanilla-livepatch-devel suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-0394 CVE - 2023-0394

SUSE: CVE-2023-0266: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 01/26/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-al suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-dtb-zte suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2023-0266 CVE - 2023-0266

Ubuntu: USN-5827-1 (CVE-2022-3736): Bind vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. Solution(s) ubuntu-upgrade-bind9 References https://attackerkb.com/topics/cve-2022-3736 CVE - 2022-3736 USN-5827-1

Amazon Linux AMI 2: CVE-2023-0417: Security patch for wireshark (ALAS-2023-2040) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file Solution(s) amazon-linux-ami-2-upgrade-wireshark amazon-linux-ami-2-upgrade-wireshark-cli amazon-linux-ami-2-upgrade-wireshark-debuginfo amazon-linux-ami-2-upgrade-wireshark-devel References https://attackerkb.com/topics/cve-2023-0417 AL2/ALAS-2023-2040 CVE - 2023-0417

Amazon Linux AMI 2: CVE-2023-0394: Security patch for kernel (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/26/2023 Created 02/10/2023 Added 02/09/2023 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-304-226-531 amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-165-143-735 amazon-linux-ami-2-upgrade-kernel-livepatch-5-15-90-54-138 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-0394 AL2/ALAS-2023-1932 AL2/ALASKERNEL-5.10-2023-026 AL2/ALASKERNEL-5.15-2023-013 AL2/ALASKERNEL-5.4-2023-042 CVE - 2023-0394

Red Hat OpenShift: CVE-2023-0229: openshift/apiserver-library-go: Bypass of SCC seccomp profile restrictions Severity 7 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:P) Published 01/26/2023 Created 03/13/2023 Added 03/13/2023 Modified 01/30/2025 Description A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify. Solution(s) linuxrpm-upgrade-microshift linuxrpm-upgrade-openshift References https://attackerkb.com/topics/cve-2023-0229 CVE - 2023-0229 RHSA-2023:1325

SUSE: CVE-2023-22486: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 05/05/2023 Added 04/14/2023 Modified 01/28/2025 Description cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain apolynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7. Solution(s) suse-upgrade-cmark suse-upgrade-cmark-devel suse-upgrade-libcmark0_30_2 References https://attackerkb.com/topics/cve-2023-22486 CVE - 2023-22486

SUSE: CVE-2022-44617: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. Solution(s) suse-upgrade-libxpm-devel suse-upgrade-libxpm-devel-32bit suse-upgrade-libxpm-tools suse-upgrade-libxpm4 suse-upgrade-libxpm4-32bit References https://attackerkb.com/topics/cve-2022-44617 CVE - 2022-44617

SUSE: CVE-2022-46285: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. Solution(s) suse-upgrade-libxpm-devel suse-upgrade-libxpm-devel-32bit suse-upgrade-libxpm-tools suse-upgrade-libxpm4 suse-upgrade-libxpm4-32bit References https://attackerkb.com/topics/cve-2022-46285 CVE - 2022-46285

Red Hat: CVE-2022-3094: flooding with UPDATE requests may lead to DoS (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/30/2025 Description Sending a flood of dynamic DNS updates may cause `named` to allocate large amounts of memory. This, in turn, may cause `named` to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop `named` by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1. Solution(s) redhat-upgrade-bind redhat-upgrade-bind-chroot redhat-upgrade-bind-debuginfo redhat-upgrade-bind-debugsource redhat-upgrade-bind-devel redhat-upgrade-bind-dnssec-doc redhat-upgrade-bind-dnssec-utils redhat-upgrade-bind-dnssec-utils-debuginfo redhat-upgrade-bind-doc redhat-upgrade-bind-export-devel redhat-upgrade-bind-export-libs redhat-upgrade-bind-export-libs-debuginfo redhat-upgrade-bind-libs redhat-upgrade-bind-libs-debuginfo redhat-upgrade-bind-libs-lite redhat-upgrade-bind-libs-lite-debuginfo redhat-upgrade-bind-license redhat-upgrade-bind-lite-devel redhat-upgrade-bind-pkcs11 redhat-upgrade-bind-pkcs11-debuginfo redhat-upgrade-bind-pkcs11-devel redhat-upgrade-bind-pkcs11-libs redhat-upgrade-bind-pkcs11-libs-debuginfo redhat-upgrade-bind-pkcs11-utils redhat-upgrade-bind-pkcs11-utils-debuginfo redhat-upgrade-bind-sdb redhat-upgrade-bind-sdb-chroot redhat-upgrade-bind-sdb-debuginfo redhat-upgrade-bind-utils redhat-upgrade-bind-utils-debuginfo redhat-upgrade-bind9-16 redhat-upgrade-bind9-16-chroot redhat-upgrade-bind9-16-debuginfo redhat-upgrade-bind9-16-debugsource redhat-upgrade-bind9-16-devel redhat-upgrade-bind9-16-dnssec-utils redhat-upgrade-bind9-16-dnssec-utils-debuginfo redhat-upgrade-bind9-16-doc redhat-upgrade-bind9-16-libs redhat-upgrade-bind9-16-libs-debuginfo redhat-upgrade-bind9-16-license redhat-upgrade-bind9-16-utils redhat-upgrade-bind9-16-utils-debuginfo redhat-upgrade-dhcp-client redhat-upgrade-dhcp-client-debuginfo redhat-upgrade-dhcp-common redhat-upgrade-dhcp-debuginfo redhat-upgrade-dhcp-debugsource redhat-upgrade-dhcp-libs redhat-upgrade-dhcp-libs-debuginfo redhat-upgrade-dhcp-relay redhat-upgrade-dhcp-relay-debuginfo redhat-upgrade-dhcp-server redhat-upgrade-dhcp-server-debuginfo redhat-upgrade-python3-bind redhat-upgrade-python3-bind9-16 References CVE-2022-3094 RHSA-2023:2261 RHSA-2023:2792 RHSA-2023:7177 RHSA-2024:1406 RHSA-2024:2720

SUSE: CVE-2023-0417: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 02/14/2023 Added 02/13/2023 Modified 01/28/2025 Description Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file Solution(s) suse-upgrade-libwireshark15 suse-upgrade-libwiretap12 suse-upgrade-libwsutil13 suse-upgrade-wireshark suse-upgrade-wireshark-devel suse-upgrade-wireshark-ui-qt References https://attackerkb.com/topics/cve-2023-0417 CVE - 2023-0417

Wireshark : CVE-2023-0417 : NFS dissector memory leak Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/28/2025 Description Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file Solution(s) wireshark-upgrade-3_6_11 wireshark-upgrade-4_0_3 References https://attackerkb.com/topics/cve-2023-0417 CVE - 2023-0417 https://www.wireshark.org/security/wnpa-sec-2023-02.html

SUSE: CVE-2022-4883: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 01/26/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. Solution(s) suse-upgrade-libxpm-devel suse-upgrade-libxpm-devel-32bit suse-upgrade-libxpm-tools suse-upgrade-libxpm4 suse-upgrade-libxpm4-32bit References https://attackerkb.com/topics/cve-2022-4883 CVE - 2022-4883

SUSE: CVE-2023-0056: SUSE Linux Security Advisory Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 01/26/2023 Created 01/27/2023 Added 01/27/2023 Modified 01/28/2025 Description An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. Solution(s) suse-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-0056 CVE - 2023-0056

Wireshark : CVE-2023-0411 : Multiple dissector excessive loops Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 01/31/2023 Added 01/30/2023 Modified 01/28/2025 Description Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file Solution(s) wireshark-upgrade-3_6_11 wireshark-upgrade-4_0_3 References https://attackerkb.com/topics/cve-2023-0411 CVE - 2023-0411 https://www.wireshark.org/security/wnpa-sec-2023-06.html

Alma Linux: CVE-2022-3736: Moderate: bind9.16 security and bug fix update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 01/26/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description BIND 9 resolver can crash when stale cache and stale answers are enabled, option `stale-answer-client-timeout` is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1. Solution(s) alma-upgrade-bind alma-upgrade-bind-chroot alma-upgrade-bind-devel alma-upgrade-bind-dnssec-doc alma-upgrade-bind-dnssec-utils alma-upgrade-bind-doc alma-upgrade-bind-libs alma-upgrade-bind-license alma-upgrade-bind-utils alma-upgrade-bind9.16 alma-upgrade-bind9.16-chroot alma-upgrade-bind9.16-devel alma-upgrade-bind9.16-dnssec-utils alma-upgrade-bind9.16-doc alma-upgrade-bind9.16-libs alma-upgrade-bind9.16-license alma-upgrade-bind9.16-utils alma-upgrade-python3-bind alma-upgrade-python3-bind9.16 References https://attackerkb.com/topics/cve-2022-3736 CVE - 2022-3736 https://errata.almalinux.org/8/ALSA-2023-2792.html https://errata.almalinux.org/9/ALSA-2023-2261.html

Red Hat: CVE-2023-0394: NULL pointer dereference in rawv6_push_pending_frames (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 01/26/2023 Created 05/15/2023 Added 05/15/2023 Modified 01/28/2025 Description A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. Solution(s) redhat-upgrade-kernel redhat-upgrade-kernel-rt References CVE-2023-0394 RHSA-2023:2148 RHSA-2023:2458 RHSA-2023:2736 RHSA-2023:2951 RHSA-2024:0412

Amazon Linux AMI 2: CVE-2023-0468: Security patch for kernel (ALAS-2022-1888) Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 01/26/2023 Created 02/09/2024 Added 02/08/2024 Modified 01/28/2025 Description A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. Solution(s) amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-4-14-299-223-520 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-0468 AL2/ALAS-2022-1888 CVE - 2023-0468

SUSE: CVE-2023-0468: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:S/C:N/I:N/A:C) Published 01/26/2023 Created 06/14/2023 Added 06/13/2023 Modified 01/28/2025 Description A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference. Solution(s) suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-azure suse-upgrade-kernel-azure-devel suse-upgrade-kernel-default suse-upgrade-kernel-default-devel suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-docs suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-zfcpdump suse-upgrade-reiserfs-kmp-default References https://attackerkb.com/topics/cve-2023-0468 CVE - 2023-0468