ISHACK AI BOT

Alma Linux: CVE-2023-38407: Moderate: frr security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/06/2023 Created 01/19/2024 Added 01/18/2024 Modified 01/28/2025 Description bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. Solution(s) alma-upgrade-frr alma-upgrade-frr-selinux References https://attackerkb.com/topics/cve-2023-38407 CVE - 2023-38407 https://errata.almalinux.org/8/ALSA-2024-0130.html https://errata.almalinux.org/9/ALSA-2024-0477.html

Alma Linux: CVE-2023-5678: Low: openssl security update (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/06/2023 Created 12/22/2023 Added 12/21/2023 Modified 01/30/2025 Description Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays.Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) alma-upgrade-openssl alma-upgrade-openssl-devel alma-upgrade-openssl-libs alma-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-5678 CVE - 2023-5678 https://errata.almalinux.org/8/ALSA-2023-7877.html https://errata.almalinux.org/9/ALSA-2024-2447.html

SUSE: CVE-2023-38288: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/06/2023 Created 11/08/2023 Added 11/07/2023 Modified 03/25/2024 Description Rejected reason: Not a Security Issue. Solution(s) suse-upgrade-libtiff-devel suse-upgrade-libtiff-devel-32bit suse-upgrade-libtiff5 suse-upgrade-libtiff5-32bit suse-upgrade-tiff References https://attackerkb.com/topics/cve-2023-38288 CVE - 2023-38288

SUSE: CVE-2023-38289: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/06/2023 Created 11/08/2023 Added 11/07/2023 Modified 11/08/2023 Description Rejected reason: Not a Security Issue. Solution(s) suse-upgrade-libtiff-devel suse-upgrade-libtiff-devel-32bit suse-upgrade-libtiff5 suse-upgrade-libtiff5-32bit suse-upgrade-tiff References https://attackerkb.com/topics/cve-2023-38289 CVE - 2023-38289

Red Hat: CVE-2023-38406: ffr: Flowspec overflow in bgpd/bgp_flowspec.c (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/06/2023 Created 01/12/2024 Added 01/11/2024 Modified 09/03/2024 Description bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." Solution(s) redhat-upgrade-frr redhat-upgrade-frr-debuginfo redhat-upgrade-frr-debugsource redhat-upgrade-frr-selinux References CVE-2023-38406 RHSA-2024:0130 RHSA-2024:0477 RHSA-2024:0574 RHSA-2024:1093 RHSA-2024:1113 RHSA-2024:1152 View more

SUSE: CVE-2023-39198: SUSE Linux Security Advisory Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 11/09/2023 Created 12/14/2023 Added 12/13/2023 Modified 01/28/2025 Description A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-base suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-base suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kernel-zfcpdump-man suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-39198 CVE - 2023-39198

SUSE: CVE-2023-4218: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:S/C:C/I:N/A:N) Published 11/09/2023 Created 04/17/2024 Added 04/17/2024 Modified 01/28/2025 Description In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch). Solution(s) suse-upgrade-eclipse-contributor-tools suse-upgrade-eclipse-emf-core suse-upgrade-eclipse-emf-core-bootstrap suse-upgrade-eclipse-emf-runtime suse-upgrade-eclipse-emf-sdk suse-upgrade-eclipse-emf-xsd suse-upgrade-eclipse-equinox-osgi suse-upgrade-eclipse-equinox-osgi-bootstrap suse-upgrade-eclipse-jdt suse-upgrade-eclipse-jdt-bootstrap suse-upgrade-eclipse-p2-discovery suse-upgrade-eclipse-p2-discovery-bootstrap suse-upgrade-eclipse-pde suse-upgrade-eclipse-pde-bootstrap suse-upgrade-eclipse-platform suse-upgrade-eclipse-platform-bootstrap suse-upgrade-eclipse-swt suse-upgrade-eclipse-swt-bootstrap suse-upgrade-maven-failsafe-plugin suse-upgrade-maven-failsafe-plugin-bootstrap suse-upgrade-maven-surefire suse-upgrade-maven-surefire-javadoc suse-upgrade-maven-surefire-plugin suse-upgrade-maven-surefire-plugin-bootstrap suse-upgrade-maven-surefire-plugins-javadoc suse-upgrade-maven-surefire-provider-junit suse-upgrade-maven-surefire-provider-junit5 suse-upgrade-maven-surefire-provider-junit5-javadoc suse-upgrade-maven-surefire-provider-testng suse-upgrade-maven-surefire-report-parser suse-upgrade-maven-surefire-report-plugin suse-upgrade-maven-surefire-report-plugin-bootstrap suse-upgrade-tycho suse-upgrade-tycho-bootstrap suse-upgrade-tycho-javadoc References https://attackerkb.com/topics/cve-2023-4218 CVE - 2023-4218

VMware Photon OS: CVE-2023-39198 Severity 6 CVSS (AV:L/AC:H/Au:M/C:C/I:C/A:C) Published 11/09/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-39198 CVE - 2023-39198

Amazon Linux AMI: CVE-2023-45284: Security patch for golang (ALAS-2024-1903) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/09/2023 Created 01/11/2024 Added 01/09/2024 Modified 01/28/2025 Description On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local. Solution(s) amazon-linux-upgrade-golang References ALAS-2024-1903 CVE-2023-45284

Amazon Linux AMI 2: CVE-2023-45284: Security patch for golang (ALAS-2024-2388) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/09/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local. Solution(s) amazon-linux-ami-2-upgrade-golang amazon-linux-ami-2-upgrade-golang-bin amazon-linux-ami-2-upgrade-golang-docs amazon-linux-ami-2-upgrade-golang-misc amazon-linux-ami-2-upgrade-golang-shared amazon-linux-ami-2-upgrade-golang-src amazon-linux-ami-2-upgrade-golang-tests References https://attackerkb.com/topics/cve-2023-45284 AL2/ALAS-2024-2388 CVE - 2023-45284

Moodle: Improper Privilege Management (CVE-2023-5549) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/09/2023 Created 11/21/2023 Added 11/20/2023 Modified 01/28/2025 Description Insufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage. Solution(s) moodle-upgrade-3_11_17 moodle-upgrade-3_9_24 moodle-upgrade-4_0_11 moodle-upgrade-4_1_6 moodle-upgrade-4_2_3 References https://attackerkb.com/topics/cve-2023-5549 CVE - 2023-5549 http://git.moodle.org/gw?p=moodle.git&amp;amp;a=search&amp;amp;h=HEAD&amp;amp;st=commit&amp;amp;s=MDL-66730 https://bugzilla.redhat.com/show_bug.cgi?id=2243451 https://moodle.org/mod/forum/discuss.php?d=451590

Amazon Linux AMI 2: CVE-2023-45283: Security patch for golang (ALAS-2024-2388) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 11/09/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a\..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to \.\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \?, resulting in filepath.Clean(\?\c:) returning \?\c: rather than \?\c:\ (among other effects). The previous behavior has been restored. Solution(s) amazon-linux-ami-2-upgrade-golang amazon-linux-ami-2-upgrade-golang-bin amazon-linux-ami-2-upgrade-golang-docs amazon-linux-ami-2-upgrade-golang-misc amazon-linux-ami-2-upgrade-golang-shared amazon-linux-ami-2-upgrade-golang-src amazon-linux-ami-2-upgrade-golang-tests References https://attackerkb.com/topics/cve-2023-45283 AL2/ALAS-2024-2388 CVE - 2023-45283

Huawei EulerOS: CVE-2023-39198: kernel security update Severity 6 CVSS (AV:L/AC:M/Au:M/C:C/I:C/A:C) Published 11/09/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. Solution(s) huawei-euleros-2_0_sp5-upgrade-kernel huawei-euleros-2_0_sp5-upgrade-kernel-devel huawei-euleros-2_0_sp5-upgrade-kernel-headers huawei-euleros-2_0_sp5-upgrade-kernel-tools huawei-euleros-2_0_sp5-upgrade-kernel-tools-libs huawei-euleros-2_0_sp5-upgrade-perf huawei-euleros-2_0_sp5-upgrade-python-perf References https://attackerkb.com/topics/cve-2023-39198 CVE - 2023-39198 EulerOS-SA-2024-1144

Moodle: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2023-5546) Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 11/09/2023 Created 11/18/2023 Added 11/17/2023 Modified 01/28/2025 Description ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Solution(s) moodle-upgrade-4_0_11 moodle-upgrade-4_1_6 moodle-upgrade-4_2_3 References https://attackerkb.com/topics/cve-2023-5546 CVE - 2023-5546 http://git.moodle.org/gw?p=moodle.git&amp;amp;a=search&amp;amp;h=HEAD&amp;amp;st=commit&amp;amp;s=MDL-78971 https://bugzilla.redhat.com/show_bug.cgi?id=2243445 https://moodle.org/mod/forum/discuss.php?d=451587

Moodle: Insufficient Verification of Data Authenticity (CVE-2023-5548) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 11/09/2023 Created 11/21/2023 Added 11/20/2023 Modified 01/28/2025 Description Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection. Solution(s) moodle-upgrade-3_11_17 moodle-upgrade-3_9_24 moodle-upgrade-4_0_11 moodle-upgrade-4_1_6 moodle-upgrade-4_2_3 References https://attackerkb.com/topics/cve-2023-5548 CVE - 2023-5548 http://git.moodle.org/gw?p=moodle.git&amp;amp;a=search&amp;amp;h=HEAD&amp;amp;st=commit&amp;amp;s=MDL-77846 https://bugzilla.redhat.com/show_bug.cgi?id=2243449 https://moodle.org/mod/forum/discuss.php?d=451589

Moodle: Exposure of Resource to Wrong Sphere (CVE-2023-5545) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 11/09/2023 Created 11/21/2023 Added 11/20/2023 Modified 01/30/2025 Description H5P metadata automatically populated the author with the user's username, which could be sensitive information. Solution(s) moodle-upgrade-3_11_17 moodle-upgrade-3_9_24 moodle-upgrade-4_0_11 moodle-upgrade-4_1_6 moodle-upgrade-4_2_3 References https://attackerkb.com/topics/cve-2023-5545 CVE - 2023-5545 http://git.moodle.org/gw?p=moodle.git&amp;amp;a=search&amp;amp;h=HEAD&amp;amp;st=commit&amp;amp;s=MDL-78820 https://bugzilla.redhat.com/show_bug.cgi?id=2243444 https://moodle.org/mod/forum/discuss.php?d=451586

Moodle: Improper Control of Generation of Code ('Code Injection') (CVE-2023-5540) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 11/09/2023 Created 11/21/2023 Added 11/20/2023 Modified 01/28/2025 Description A remote code execution risk was identified in the IMSCP activity. By default this was only available to teachers and managers. Solution(s) moodle-upgrade-3_11_17 moodle-upgrade-3_9_24 moodle-upgrade-4_0_11 moodle-upgrade-4_1_6 moodle-upgrade-4_2_3 References https://attackerkb.com/topics/cve-2023-5540 CVE - 2023-5540 http://git.moodle.org/gw?p=moodle.git&amp;amp;a=search&amp;amp;h=HEAD&amp;amp;st=commit&amp;amp;s=MDL-79409 https://bugzilla.redhat.com/show_bug.cgi?id=2243432 https://moodle.org/mod/forum/discuss.php?d=451581

Moodle: Unspecified Security Vulnerability (CVE-2023-5550) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/09/2023 Created 11/21/2023 Added 11/20/2023 Modified 01/30/2025 Description In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution. Solution(s) moodle-upgrade-3_11_17 moodle-upgrade-3_9_24 moodle-upgrade-4_0_11 moodle-upgrade-4_1_6 moodle-upgrade-4_2_3 References https://attackerkb.com/topics/cve-2023-5550 CVE - 2023-5550 http://git.moodle.org/gw?p=moodle.git&amp;amp;a=search&amp;amp;h=HEAD&amp;amp;st=commit&amp;amp;s=MDL-72249 https://bugzilla.redhat.com/show_bug.cgi?id=2243452 https://moodle.org/mod/forum/discuss.php?d=451591

Amazon Linux 2023: CVE-2023-5869: Important priority package update for postgresql15 Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 11/09/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server&apos;s memory. Solution(s) amazon-linux-2023-upgrade-postgresql15 amazon-linux-2023-upgrade-postgresql15-contrib amazon-linux-2023-upgrade-postgresql15-contrib-debuginfo amazon-linux-2023-upgrade-postgresql15-debuginfo amazon-linux-2023-upgrade-postgresql15-debugsource amazon-linux-2023-upgrade-postgresql15-docs amazon-linux-2023-upgrade-postgresql15-docs-debuginfo amazon-linux-2023-upgrade-postgresql15-llvmjit amazon-linux-2023-upgrade-postgresql15-llvmjit-debuginfo amazon-linux-2023-upgrade-postgresql15-plperl amazon-linux-2023-upgrade-postgresql15-plperl-debuginfo amazon-linux-2023-upgrade-postgresql15-plpython3 amazon-linux-2023-upgrade-postgresql15-plpython3-debuginfo amazon-linux-2023-upgrade-postgresql15-pltcl amazon-linux-2023-upgrade-postgresql15-pltcl-debuginfo amazon-linux-2023-upgrade-postgresql15-private-devel amazon-linux-2023-upgrade-postgresql15-private-libs amazon-linux-2023-upgrade-postgresql15-private-libs-debuginfo amazon-linux-2023-upgrade-postgresql15-server amazon-linux-2023-upgrade-postgresql15-server-debuginfo amazon-linux-2023-upgrade-postgresql15-server-devel amazon-linux-2023-upgrade-postgresql15-server-devel-debuginfo amazon-linux-2023-upgrade-postgresql15-static amazon-linux-2023-upgrade-postgresql15-test amazon-linux-2023-upgrade-postgresql15-test-debuginfo amazon-linux-2023-upgrade-postgresql15-test-rpm-macros amazon-linux-2023-upgrade-postgresql15-upgrade amazon-linux-2023-upgrade-postgresql15-upgrade-debuginfo amazon-linux-2023-upgrade-postgresql15-upgrade-devel amazon-linux-2023-upgrade-postgresql15-upgrade-devel-debuginfo References https://attackerkb.com/topics/cve-2023-5869 CVE - 2023-5869 https://alas.aws.amazon.com/AL2023/ALAS-2024-464.html

Red Hat: CVE-2023-40660: OpenSC: Potential PIN bypass when card tracks its own login state (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/06/2023 Created 12/21/2023 Added 12/20/2023 Modified 09/03/2024 Description A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness. Solution(s) redhat-upgrade-opensc redhat-upgrade-opensc-debuginfo redhat-upgrade-opensc-debugsource References CVE-2023-40660 RHSA-2023:7876 RHSA-2023:7879

Debian: CVE-2023-5678: openssl -- security update Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/06/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays.Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) debian-upgrade-openssl References https://attackerkb.com/topics/cve-2023-5678 CVE - 2023-5678 DLA-3942-1

CentOS Linux: CVE-2023-40660: Moderate: opensc security update (Multiple Advisories) Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 11/06/2023 Created 12/21/2023 Added 12/20/2023 Modified 01/28/2025 Description A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness. Solution(s) centos-upgrade-opensc centos-upgrade-opensc-debuginfo centos-upgrade-opensc-debugsource References CVE-2023-40660

Gentoo Linux: CVE-2023-42669: Samba: Multiple Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 11/06/2023 Created 02/22/2024 Added 02/21/2024 Modified 01/30/2025 Description A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task. Solution(s) gentoo-linux-upgrade-net-fs-samba References https://attackerkb.com/topics/cve-2023-42669 CVE - 2023-42669 202402-28

VMware Photon OS: CVE-2023-5090 Severity 4 CVSS (AV:L/AC:L/Au:M/C:N/I:N/A:C) Published 11/06/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5090 CVE - 2023-5090

VMware Photon OS: CVE-2023-5678 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/06/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays.Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-5678 CVE - 2023-5678