ISHACK AI BOT

Oracle Linux: CVE-2022-43552: ELSA-2023-2478:curl security update (LOW) (Multiple Advisories) Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 12/21/2022 Created 05/18/2023 Added 05/17/2023 Modified 12/08/2024 Description A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer. Solution(s) oracle-linux-upgrade-curl oracle-linux-upgrade-curl-minimal oracle-linux-upgrade-libcurl oracle-linux-upgrade-libcurl-devel oracle-linux-upgrade-libcurl-minimal References https://attackerkb.com/topics/cve-2022-43552 CVE - 2022-43552 ELSA-2023-2478 ELSA-2023-7743 ELSA-2023-2963

Ubuntu: USN-5536-1 (CVE-2022-36316): Firefox vulnerabilities Severity 6 CVSS (AV:N/AC:M/Au:N/C:P/I:P/A:N) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2022-36316 CVE - 2022-36316 USN-5536-1

Amazon Linux 2023: CVE-2022-43551: Medium priority package update for curl Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 12/21/2022 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability exists in curl &lt;7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded. A vulnerability was found in curl. The issue can occur when curl&apos;s HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given URL first uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion. In that case, it can bypass the HSTS mechanism using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E). Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the information, IDN encoded but looked for it as IDN decoded. Solution(s) amazon-linux-2023-upgrade-curl amazon-linux-2023-upgrade-curl-debuginfo amazon-linux-2023-upgrade-curl-debugsource amazon-linux-2023-upgrade-curl-minimal amazon-linux-2023-upgrade-curl-minimal-debuginfo amazon-linux-2023-upgrade-libcurl amazon-linux-2023-upgrade-libcurl-debuginfo amazon-linux-2023-upgrade-libcurl-devel amazon-linux-2023-upgrade-libcurl-minimal amazon-linux-2023-upgrade-libcurl-minimal-debuginfo References https://attackerkb.com/topics/cve-2022-43551 CVE - 2022-43551 https://alas.aws.amazon.com/AL2023/ALAS-2023-083.html

SUSE: CVE-2022-43551: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 12/21/2022 Created 12/23/2022 Added 12/22/2022 Modified 01/28/2025 Description A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded. Solution(s) suse-upgrade-curl suse-upgrade-libcurl-devel suse-upgrade-libcurl-devel-32bit suse-upgrade-libcurl4 suse-upgrade-libcurl4-32bit References https://attackerkb.com/topics/cve-2022-43551 CVE - 2022-43551

Ubuntu: (Multiple Advisories) (CVE-2022-34481): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description In the <code>nsTArray_Impl::ReplaceElementsAt()</code> function, an integer overflow could have occurred when the number of elements to replace was too large for the container. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-34481 CVE - 2022-34481 USN-5504-1 USN-5512-1

Ubuntu: USN-5504-1 (CVE-2022-34477): Firefox vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2022-34477 CVE - 2022-34477 USN-5504-1

Amazon Linux AMI 2: CVE-2022-45410: Security patch for firefox (ALASFIREFOX-2023-009) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 09/28/2023 Added 09/28/2023 Modified 01/28/2025 Description When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. Solution(s) amazon-linux-ami-2-upgrade-firefox amazon-linux-ami-2-upgrade-firefox-debuginfo References https://attackerkb.com/topics/cve-2022-45410 AL2/ALASFIREFOX-2023-009 CVE - 2022-45410

Ubuntu: (Multiple Advisories) (CVE-2022-22740): Firefox vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-22740 CVE - 2022-22740 USN-5229-1 USN-5246-1 USN-5248-1

Ubuntu: (Multiple Advisories) (CVE-2022-22741): Firefox vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description When resizing a popup while requesting fullscreen access, the popup would have become unable to leave fullscreen mode. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-22741 CVE - 2022-22741 USN-5229-1 USN-5246-1 USN-5248-1

Ubuntu: (Multiple Advisories) (CVE-2022-22739): Firefox vulnerabilities Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. Solution(s) ubuntu-upgrade-firefox ubuntu-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-22739 CVE - 2022-22739 USN-5229-1 USN-5246-1 USN-5248-1

Ubuntu: USN-5536-1 (CVE-2022-36315): Firefox vulnerabilities Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 12/22/2022 Created 03/29/2023 Added 03/22/2023 Modified 01/28/2025 Description When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103. Solution(s) ubuntu-upgrade-firefox References https://attackerkb.com/topics/cve-2022-36315 CVE - 2022-36315 USN-5536-1

Alpine Linux: CVE-2022-0843: Out-of-bounds Write Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory safety bugs present in Firefox 97. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 98. Solution(s) alpine-linux-upgrade-firefox References https://attackerkb.com/topics/cve-2022-0843 CVE - 2022-0843 https://security.alpinelinux.org/vuln/CVE-2022-0843

Alpine Linux: CVE-2022-26387: Time-of-check Time-of-use (TOCTOU) Race Condition Severity 8 CVSS (AV:N/AC:H/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. Solution(s) alpine-linux-upgrade-firefox-esr alpine-linux-upgrade-firefox References https://attackerkb.com/topics/cve-2022-26387 CVE - 2022-26387 https://security.alpinelinux.org/vuln/CVE-2022-26387

Alpine Linux: CVE-2022-29916: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description Firefox behaved slightly differently for already known resources when loading CSS resources involving CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Solution(s) alpine-linux-upgrade-firefox-esr alpine-linux-upgrade-firefox alpine-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-29916 CVE - 2022-29916 https://security.alpinelinux.org/vuln/CVE-2022-29916

Alpine Linux: CVE-2022-29914: Vulnerability in Multiple Components Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. Solution(s) alpine-linux-upgrade-firefox-esr alpine-linux-upgrade-firefox alpine-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-29914 CVE - 2022-29914 https://security.alpinelinux.org/vuln/CVE-2022-29914

Amazon Linux AMI: CVE-2022-43552: Security patch for curl (ALAS-2023-1729) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 12/21/2022 Created 05/05/2023 Added 04/21/2023 Modified 01/28/2025 Description A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. Solution(s) amazon-linux-upgrade-curl References ALAS-2023-1729 CVE-2022-43552 USN-5788-1

Alpine Linux: CVE-2022-26486: Use After Free Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 12/22/2022 Created 08/23/2024 Added 08/22/2024 Modified 10/14/2024 Description An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. Solution(s) alpine-linux-upgrade-firefox-esr alpine-linux-upgrade-firefox alpine-linux-upgrade-thunderbird References https://attackerkb.com/topics/cve-2022-26486 CVE - 2022-26486 https://security.alpinelinux.org/vuln/CVE-2022-26486

Amazon Linux 2023: CVE-2022-4415: Medium priority package update for systemd Severity 5 CVSS (AV:L/AC:L/Au:S/C:C/I:N/A:N) Published 12/21/2022 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. Solution(s) amazon-linux-2023-upgrade-systemd amazon-linux-2023-upgrade-systemd-container amazon-linux-2023-upgrade-systemd-container-debuginfo amazon-linux-2023-upgrade-systemd-debuginfo amazon-linux-2023-upgrade-systemd-debugsource amazon-linux-2023-upgrade-systemd-devel amazon-linux-2023-upgrade-systemd-journal-remote amazon-linux-2023-upgrade-systemd-journal-remote-debuginfo amazon-linux-2023-upgrade-systemd-libs amazon-linux-2023-upgrade-systemd-libs-debuginfo amazon-linux-2023-upgrade-systemd-networkd amazon-linux-2023-upgrade-systemd-networkd-debuginfo amazon-linux-2023-upgrade-systemd-oomd-defaults amazon-linux-2023-upgrade-systemd-pam amazon-linux-2023-upgrade-systemd-pam-debuginfo amazon-linux-2023-upgrade-systemd-resolved amazon-linux-2023-upgrade-systemd-resolved-debuginfo amazon-linux-2023-upgrade-systemd-rpm-macros amazon-linux-2023-upgrade-systemd-standalone-sysusers amazon-linux-2023-upgrade-systemd-standalone-sysusers-debuginfo amazon-linux-2023-upgrade-systemd-standalone-tmpfiles amazon-linux-2023-upgrade-systemd-standalone-tmpfiles-debuginfo amazon-linux-2023-upgrade-systemd-tests amazon-linux-2023-upgrade-systemd-tests-debuginfo amazon-linux-2023-upgrade-systemd-udev amazon-linux-2023-upgrade-systemd-udev-debuginfo References https://attackerkb.com/topics/cve-2022-4415 CVE - 2022-4415 https://alas.aws.amazon.com/AL2023/ALAS-2023-025.html

Alpine Linux: CVE-2022-23537: Vulnerability in Multiple Components Severity 8 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:C) Published 12/20/2022 Created 04/09/2024 Added 03/26/2024 Modified 10/14/2024 Description PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. The vulnerability affects applications that uses STUN including PJNATH and PJSUA-LIB. The patch is available as a commit in the master branch (2.13.1). Solution(s) alpine-linux-upgrade-asterisk References https://attackerkb.com/topics/cve-2022-23537 CVE - 2022-23537 https://security.alpinelinux.org/vuln/CVE-2022-23537

Huawei EulerOS: CVE-2022-47629: libksba security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 06/09/2023 Added 06/09/2023 Modified 01/28/2025 Description Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Solution(s) huawei-euleros-2_0_sp5-upgrade-libksba References https://attackerkb.com/topics/cve-2022-47629 CVE - 2022-47629 EulerOS-SA-2023-2155

Amazon Linux AMI 2: CVE-2022-47629: Security patch for libksba (ALAS-2023-2041) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 05/17/2023 Added 05/17/2023 Modified 01/28/2025 Description Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Solution(s) amazon-linux-ami-2-upgrade-libksba amazon-linux-ami-2-upgrade-libksba-debuginfo amazon-linux-ami-2-upgrade-libksba-devel References https://attackerkb.com/topics/cve-2022-47629 AL2/ALAS-2023-2041 CVE - 2022-47629

Debian: CVE-2022-4515: exuberant-ctags, universal-ctags -- security update Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 01/04/2023 Added 01/04/2023 Modified 01/30/2025 Description A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. Solution(s) debian-upgrade-exuberant-ctags debian-upgrade-universal-ctags References https://attackerkb.com/topics/cve-2022-4515 CVE - 2022-4515 DLA-3254-1

VMware Photon OS: CVE-2022-47629 Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2022-47629 CVE - 2022-47629

Gentoo Linux: CVE-2022-47629: libksba: Remote Code Execution Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 12/29/2022 Added 12/29/2022 Modified 01/28/2025 Description Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. Solution(s) gentoo-linux-upgrade-dev-libs-libksba References https://attackerkb.com/topics/cve-2022-47629 CVE - 2022-47629 202212-07

SUSE: CVE-2022-4515: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 12/20/2022 Created 02/03/2023 Added 02/02/2023 Modified 01/28/2025 Description A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. Solution(s) suse-upgrade-ctags References https://attackerkb.com/topics/cve-2022-4515 CVE - 2022-4515