ISHACK AI BOT

Alpine Linux: CVE-2023-38471: Reachable Assertion Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. Solution(s) alpine-linux-upgrade-avahi References https://attackerkb.com/topics/cve-2023-38471 CVE - 2023-38471 https://security.alpinelinux.org/vuln/CVE-2023-38471

Alpine Linux: CVE-2023-38473: Reachable Assertion Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. Solution(s) alpine-linux-upgrade-avahi References https://attackerkb.com/topics/cve-2023-38473 CVE - 2023-38473 https://security.alpinelinux.org/vuln/CVE-2023-38473

Amazon Linux AMI 2: CVE-2023-4881: Security patch for kernel (ALASKERNEL-5.10-2023-042) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/02/2023 Created 11/02/2023 Added 11/02/2023 Modified 05/28/2024 Description Rejected reason: CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team. Solution(s) amazon-linux-ami-2-upgrade-bpftool amazon-linux-ami-2-upgrade-bpftool-debuginfo amazon-linux-ami-2-upgrade-kernel amazon-linux-ami-2-upgrade-kernel-debuginfo amazon-linux-ami-2-upgrade-kernel-debuginfo-common-aarch64 amazon-linux-ami-2-upgrade-kernel-debuginfo-common-x86_64 amazon-linux-ami-2-upgrade-kernel-devel amazon-linux-ami-2-upgrade-kernel-headers amazon-linux-ami-2-upgrade-kernel-livepatch-5-10-198-187-748 amazon-linux-ami-2-upgrade-kernel-tools amazon-linux-ami-2-upgrade-kernel-tools-debuginfo amazon-linux-ami-2-upgrade-kernel-tools-devel amazon-linux-ami-2-upgrade-perf amazon-linux-ami-2-upgrade-perf-debuginfo amazon-linux-ami-2-upgrade-python-perf amazon-linux-ami-2-upgrade-python-perf-debuginfo References https://attackerkb.com/topics/cve-2023-4881 AL2/ALASKERNEL-5.10-2023-042 CVE - 2023-4881

Red Hat: CVE-2023-38470: avahi: Reachable assertion in avahi_escape_label (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 11/02/2023 Created 12/19/2023 Added 12/15/2023 Modified 09/03/2024 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. Solution(s) redhat-upgrade-avahi redhat-upgrade-avahi-autoipd redhat-upgrade-avahi-autoipd-debuginfo redhat-upgrade-avahi-compat-howl redhat-upgrade-avahi-compat-howl-debuginfo redhat-upgrade-avahi-compat-howl-devel redhat-upgrade-avahi-compat-libdns_sd redhat-upgrade-avahi-compat-libdns_sd-debuginfo redhat-upgrade-avahi-compat-libdns_sd-devel redhat-upgrade-avahi-debuginfo redhat-upgrade-avahi-debugsource redhat-upgrade-avahi-devel redhat-upgrade-avahi-dnsconfd-debuginfo redhat-upgrade-avahi-glib redhat-upgrade-avahi-glib-debuginfo redhat-upgrade-avahi-glib-devel redhat-upgrade-avahi-gobject redhat-upgrade-avahi-gobject-debuginfo redhat-upgrade-avahi-gobject-devel redhat-upgrade-avahi-libs redhat-upgrade-avahi-libs-debuginfo redhat-upgrade-avahi-tools redhat-upgrade-avahi-tools-debuginfo redhat-upgrade-avahi-ui redhat-upgrade-avahi-ui-debuginfo redhat-upgrade-avahi-ui-devel redhat-upgrade-avahi-ui-gtk3 redhat-upgrade-avahi-ui-gtk3-debuginfo redhat-upgrade-avahi-ui-tools-debuginfo redhat-upgrade-python3-avahi References CVE-2023-38470 RHSA-2023:7836 RHSA-2024:0418 RHSA-2024:0576 RHSA-2024:2433

Red Hat: CVE-2023-38473: avahi: Reachable assertion in avahi_alternative_host_name (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 11/02/2023 Created 12/19/2023 Added 12/15/2023 Modified 09/03/2024 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. Solution(s) redhat-upgrade-avahi redhat-upgrade-avahi-autoipd redhat-upgrade-avahi-autoipd-debuginfo redhat-upgrade-avahi-compat-howl redhat-upgrade-avahi-compat-howl-debuginfo redhat-upgrade-avahi-compat-howl-devel redhat-upgrade-avahi-compat-libdns_sd redhat-upgrade-avahi-compat-libdns_sd-debuginfo redhat-upgrade-avahi-compat-libdns_sd-devel redhat-upgrade-avahi-debuginfo redhat-upgrade-avahi-debugsource redhat-upgrade-avahi-devel redhat-upgrade-avahi-dnsconfd-debuginfo redhat-upgrade-avahi-glib redhat-upgrade-avahi-glib-debuginfo redhat-upgrade-avahi-glib-devel redhat-upgrade-avahi-gobject redhat-upgrade-avahi-gobject-debuginfo redhat-upgrade-avahi-gobject-devel redhat-upgrade-avahi-libs redhat-upgrade-avahi-libs-debuginfo redhat-upgrade-avahi-tools redhat-upgrade-avahi-tools-debuginfo redhat-upgrade-avahi-ui redhat-upgrade-avahi-ui-debuginfo redhat-upgrade-avahi-ui-devel redhat-upgrade-avahi-ui-gtk3 redhat-upgrade-avahi-ui-gtk3-debuginfo redhat-upgrade-avahi-ui-tools-debuginfo redhat-upgrade-python3-avahi References CVE-2023-38473 RHSA-2023:7836 RHSA-2024:0418 RHSA-2024:0576 RHSA-2024:2433

CentOS Linux: CVE-2023-38470: Moderate: avahi security update (CESA-2023:7836) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. Solution(s) centos-upgrade-avahi centos-upgrade-avahi-autoipd centos-upgrade-avahi-autoipd-debuginfo centos-upgrade-avahi-compat-howl-debuginfo centos-upgrade-avahi-compat-libdns_sd-debuginfo centos-upgrade-avahi-debuginfo centos-upgrade-avahi-debugsource centos-upgrade-avahi-dnsconfd-debuginfo centos-upgrade-avahi-glib centos-upgrade-avahi-glib-debuginfo centos-upgrade-avahi-gobject centos-upgrade-avahi-gobject-debuginfo centos-upgrade-avahi-libs centos-upgrade-avahi-libs-debuginfo centos-upgrade-avahi-tools centos-upgrade-avahi-tools-debuginfo centos-upgrade-avahi-ui-debuginfo centos-upgrade-avahi-ui-gtk3 centos-upgrade-avahi-ui-gtk3-debuginfo centos-upgrade-python3-avahi References CVE-2023-38470

Ubuntu: (Multiple Advisories) (CVE-2022-4900): PHP vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 04/30/2024 Added 04/30/2024 Modified 01/28/2025 Description A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. Solution(s) ubuntu-upgrade-libapache2-mod-php7-4 ubuntu-upgrade-libapache2-mod-php8-1 ubuntu-upgrade-php7-4 ubuntu-upgrade-php7-4-cgi ubuntu-upgrade-php7-4-cli ubuntu-upgrade-php7-4-fpm ubuntu-upgrade-php7-4-xml ubuntu-upgrade-php8-1 ubuntu-upgrade-php8-1-cgi ubuntu-upgrade-php8-1-cli ubuntu-upgrade-php8-1-fpm ubuntu-upgrade-php8-1-xml References https://attackerkb.com/topics/cve-2022-4900 CVE - 2022-4900 USN-6757-1 USN-6757-2

CentOS Linux: CVE-2023-46847: Critical: squid security update (CESA-2023:6805) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/02/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Squid is vulnerable to a Denial of Service,where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Solution(s) centos-upgrade-squid centos-upgrade-squid-debuginfo centos-upgrade-squid-migration-script centos-upgrade-squid-sysvinit References CVE-2023-46847

Huawei EulerOS: CVE-2023-3164: libtiff security update Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 11/02/2023 Created 10/09/2024 Added 10/08/2024 Modified 01/28/2025 Description A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. Solution(s) huawei-euleros-2_0_sp11-upgrade-libtiff References https://attackerkb.com/topics/cve-2023-3164 CVE - 2023-3164 EulerOS-SA-2024-2104

Amazon Linux AMI 2: CVE-2023-38473: Security patch for avahi (ALAS-2024-2392) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. Solution(s) amazon-linux-ami-2-upgrade-avahi amazon-linux-ami-2-upgrade-avahi-autoipd amazon-linux-ami-2-upgrade-avahi-compat-howl amazon-linux-ami-2-upgrade-avahi-compat-howl-devel amazon-linux-ami-2-upgrade-avahi-compat-libdns_sd amazon-linux-ami-2-upgrade-avahi-compat-libdns_sd-devel amazon-linux-ami-2-upgrade-avahi-debuginfo amazon-linux-ami-2-upgrade-avahi-devel amazon-linux-ami-2-upgrade-avahi-dnsconfd amazon-linux-ami-2-upgrade-avahi-glib amazon-linux-ami-2-upgrade-avahi-glib-devel amazon-linux-ami-2-upgrade-avahi-gobject amazon-linux-ami-2-upgrade-avahi-gobject-devel amazon-linux-ami-2-upgrade-avahi-libs amazon-linux-ami-2-upgrade-avahi-qt3 amazon-linux-ami-2-upgrade-avahi-qt3-devel amazon-linux-ami-2-upgrade-avahi-qt4 amazon-linux-ami-2-upgrade-avahi-qt4-devel amazon-linux-ami-2-upgrade-avahi-tools amazon-linux-ami-2-upgrade-avahi-ui amazon-linux-ami-2-upgrade-avahi-ui-devel amazon-linux-ami-2-upgrade-avahi-ui-gtk3 amazon-linux-ami-2-upgrade-avahi-ui-tools References https://attackerkb.com/topics/cve-2023-38473 AL2/ALAS-2024-2392 CVE - 2023-38473

CentOS Linux: CVE-2023-38473: Moderate: avahi security update (CESA-2023:7836) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. Solution(s) centos-upgrade-avahi centos-upgrade-avahi-autoipd centos-upgrade-avahi-autoipd-debuginfo centos-upgrade-avahi-compat-howl-debuginfo centos-upgrade-avahi-compat-libdns_sd-debuginfo centos-upgrade-avahi-debuginfo centos-upgrade-avahi-debugsource centos-upgrade-avahi-dnsconfd-debuginfo centos-upgrade-avahi-glib centos-upgrade-avahi-glib-debuginfo centos-upgrade-avahi-gobject centos-upgrade-avahi-gobject-debuginfo centos-upgrade-avahi-libs centos-upgrade-avahi-libs-debuginfo centos-upgrade-avahi-tools centos-upgrade-avahi-tools-debuginfo centos-upgrade-avahi-ui-debuginfo centos-upgrade-avahi-ui-gtk3 centos-upgrade-avahi-ui-gtk3-debuginfo centos-upgrade-python3-avahi References CVE-2023-38473

Debian: CVE-2023-46848: squid -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description Squid is vulnerable to Denial of Service,where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Solution(s) debian-upgrade-squid References https://attackerkb.com/topics/cve-2023-46848 CVE - 2023-46848

Huawei EulerOS: CVE-2023-38473: avahi security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 01/30/2024 Added 01/29/2024 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. Solution(s) huawei-euleros-2_0_sp11-upgrade-avahi-libs References https://attackerkb.com/topics/cve-2023-38473 CVE - 2023-38473 EulerOS-SA-2024-1116

Debian: CVE-2023-1194: linux -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:C) Published 11/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. Solution(s) debian-upgrade-linux References https://attackerkb.com/topics/cve-2023-1194 CVE - 2023-1194

Alma Linux: CVE-2023-38470: Moderate: avahi security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. Solution(s) alma-upgrade-avahi alma-upgrade-avahi-autoipd alma-upgrade-avahi-compat-howl alma-upgrade-avahi-compat-howl-devel alma-upgrade-avahi-compat-libdns_sd alma-upgrade-avahi-compat-libdns_sd-devel alma-upgrade-avahi-devel alma-upgrade-avahi-glib alma-upgrade-avahi-glib-devel alma-upgrade-avahi-gobject alma-upgrade-avahi-gobject-devel alma-upgrade-avahi-libs alma-upgrade-avahi-tools alma-upgrade-avahi-ui alma-upgrade-avahi-ui-devel alma-upgrade-avahi-ui-gtk3 alma-upgrade-python3-avahi References https://attackerkb.com/topics/cve-2023-38470 CVE - 2023-38470 https://errata.almalinux.org/8/ALSA-2023-7836.html https://errata.almalinux.org/9/ALSA-2024-2433.html

Alma Linux: CVE-2023-3961: Moderate: samba security update (Multiple Advisories) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 11/03/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/28/2025 Description A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. Solution(s) alma-upgrade-ctdb alma-upgrade-libnetapi alma-upgrade-libnetapi-devel alma-upgrade-libsmbclient alma-upgrade-libsmbclient-devel alma-upgrade-libwbclient alma-upgrade-libwbclient-devel alma-upgrade-python3-samba alma-upgrade-python3-samba-dc alma-upgrade-python3-samba-devel alma-upgrade-python3-samba-test alma-upgrade-samba alma-upgrade-samba-client alma-upgrade-samba-client-libs alma-upgrade-samba-common alma-upgrade-samba-common-libs alma-upgrade-samba-common-tools alma-upgrade-samba-dc-libs alma-upgrade-samba-dcerpc alma-upgrade-samba-devel alma-upgrade-samba-krb5-printing alma-upgrade-samba-ldb-ldap-modules alma-upgrade-samba-libs alma-upgrade-samba-pidl alma-upgrade-samba-test alma-upgrade-samba-test-libs alma-upgrade-samba-tools alma-upgrade-samba-usershares alma-upgrade-samba-vfs-iouring alma-upgrade-samba-winbind alma-upgrade-samba-winbind-clients alma-upgrade-samba-winbind-krb5-locator alma-upgrade-samba-winbind-modules alma-upgrade-samba-winexe References https://attackerkb.com/topics/cve-2023-3961 CVE - 2023-3961 https://errata.almalinux.org/8/ALSA-2023-7467.html https://errata.almalinux.org/9/ALSA-2023-6744.html

Alma Linux: CVE-2023-47234: Moderate: frr security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/03/2023 Created 01/19/2024 Added 01/18/2024 Modified 01/28/2025 Description An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). Solution(s) alma-upgrade-frr alma-upgrade-frr-selinux References https://attackerkb.com/topics/cve-2023-47234 CVE - 2023-47234 https://errata.almalinux.org/8/ALSA-2024-0130.html https://errata.almalinux.org/9/ALSA-2024-0477.html

Alma Linux: CVE-2023-38471: Moderate: avahi security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. Solution(s) alma-upgrade-avahi alma-upgrade-avahi-autoipd alma-upgrade-avahi-compat-howl alma-upgrade-avahi-compat-howl-devel alma-upgrade-avahi-compat-libdns_sd alma-upgrade-avahi-compat-libdns_sd-devel alma-upgrade-avahi-devel alma-upgrade-avahi-glib alma-upgrade-avahi-glib-devel alma-upgrade-avahi-gobject alma-upgrade-avahi-gobject-devel alma-upgrade-avahi-libs alma-upgrade-avahi-tools alma-upgrade-avahi-ui alma-upgrade-avahi-ui-devel alma-upgrade-avahi-ui-gtk3 alma-upgrade-python3-avahi References https://attackerkb.com/topics/cve-2023-38471 CVE - 2023-38471 https://errata.almalinux.org/8/ALSA-2023-7836.html https://errata.almalinux.org/9/ALSA-2024-2433.html

Debian: CVE-2022-4900: php7.4, php8.2 -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 10/18/2024 Added 10/17/2024 Modified 01/28/2025 Description A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. Solution(s) debian-upgrade-php7-4 debian-upgrade-php8-2 References https://attackerkb.com/topics/cve-2022-4900 CVE - 2022-4900 DLA-3920-1

Gentoo Linux: CVE-2023-31022: NVIDIA Drivers: Multiple Vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 05/10/2024 Added 05/10/2024 Modified 01/28/2025 Description NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. Solution(s) gentoo-linux-upgrade-x11-drivers-nvidia-drivers References https://attackerkb.com/topics/cve-2023-31022 CVE - 2023-31022 202405-28

Ubuntu: (CVE-2023-31022): nvidia-graphics-drivers-470 vulnerability Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. Solution(s) ubuntu-upgrade-nvidia-graphics-drivers-470 ubuntu-upgrade-nvidia-graphics-drivers-470-server ubuntu-upgrade-nvidia-graphics-drivers-525 ubuntu-upgrade-nvidia-graphics-drivers-525-server ubuntu-upgrade-nvidia-graphics-drivers-535 ubuntu-upgrade-nvidia-graphics-drivers-535-server References https://attackerkb.com/topics/cve-2023-31022 CVE - 2023-31022 https://nvidia.custhelp.com/app/answers/detail/a_id/5491 https://www.cve.org/CVERecord?id=CVE-2023-31022

Ubuntu: USN-6487-1 (CVE-2023-38472): Avahi vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 11/22/2023 Added 11/21/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. Solution(s) ubuntu-pro-upgrade-avahi-daemon ubuntu-pro-upgrade-libavahi-client3 ubuntu-pro-upgrade-libavahi-common3 ubuntu-pro-upgrade-libavahi-core7 References https://attackerkb.com/topics/cve-2023-38472 CVE - 2023-38472 USN-6487-1

Ubuntu: USN-6487-1 (CVE-2023-38473): Avahi vulnerabilities Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 11/22/2023 Added 11/21/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. Solution(s) ubuntu-pro-upgrade-avahi-daemon ubuntu-pro-upgrade-libavahi-client3 ubuntu-pro-upgrade-libavahi-common3 ubuntu-pro-upgrade-libavahi-core7 References https://attackerkb.com/topics/cve-2023-38473 CVE - 2023-38473 USN-6487-1

Alma Linux: CVE-2023-38469: Moderate: avahi security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. Solution(s) alma-upgrade-avahi alma-upgrade-avahi-autoipd alma-upgrade-avahi-compat-howl alma-upgrade-avahi-compat-howl-devel alma-upgrade-avahi-compat-libdns_sd alma-upgrade-avahi-compat-libdns_sd-devel alma-upgrade-avahi-devel alma-upgrade-avahi-glib alma-upgrade-avahi-glib-devel alma-upgrade-avahi-gobject alma-upgrade-avahi-gobject-devel alma-upgrade-avahi-libs alma-upgrade-avahi-tools alma-upgrade-avahi-ui alma-upgrade-avahi-ui-devel alma-upgrade-avahi-ui-gtk3 alma-upgrade-python3-avahi References https://attackerkb.com/topics/cve-2023-38469 CVE - 2023-38469 https://errata.almalinux.org/8/ALSA-2023-7836.html https://errata.almalinux.org/9/ALSA-2024-2433.html

Huawei EulerOS: CVE-2023-38470: avahi security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. Solution(s) huawei-euleros-2_0_sp11-upgrade-avahi-libs References https://attackerkb.com/topics/cve-2023-38470 CVE - 2023-38470 EulerOS-SA-2023-3262