ISHACK AI BOT

Alma Linux: CVE-2023-38473: Moderate: avahi security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. Solution(s) alma-upgrade-avahi alma-upgrade-avahi-autoipd alma-upgrade-avahi-compat-howl alma-upgrade-avahi-compat-howl-devel alma-upgrade-avahi-compat-libdns_sd alma-upgrade-avahi-compat-libdns_sd-devel alma-upgrade-avahi-devel alma-upgrade-avahi-glib alma-upgrade-avahi-glib-devel alma-upgrade-avahi-gobject alma-upgrade-avahi-gobject-devel alma-upgrade-avahi-libs alma-upgrade-avahi-tools alma-upgrade-avahi-ui alma-upgrade-avahi-ui-devel alma-upgrade-avahi-ui-gtk3 alma-upgrade-python3-avahi References https://attackerkb.com/topics/cve-2023-38473 CVE - 2023-38473 https://errata.almalinux.org/8/ALSA-2023-7836.html https://errata.almalinux.org/9/ALSA-2024-2433.html

Huawei EulerOS: CVE-2023-38470: avahi security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. Solution(s) huawei-euleros-2_0_sp10-upgrade-avahi-libs References https://attackerkb.com/topics/cve-2023-38470 CVE - 2023-38470 EulerOS-SA-2024-1077

Amazon Linux AMI 2: CVE-2022-4900: Security patch for php (ALASPHP8.0-2024-010) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 02/08/2024 Added 02/07/2024 Modified 01/28/2025 Description A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. Solution(s) amazon-linux-ami-2-upgrade-php amazon-linux-ami-2-upgrade-php-bcmath amazon-linux-ami-2-upgrade-php-cli amazon-linux-ami-2-upgrade-php-common amazon-linux-ami-2-upgrade-php-dba amazon-linux-ami-2-upgrade-php-dbg amazon-linux-ami-2-upgrade-php-debuginfo amazon-linux-ami-2-upgrade-php-devel amazon-linux-ami-2-upgrade-php-embedded amazon-linux-ami-2-upgrade-php-enchant amazon-linux-ami-2-upgrade-php-fpm amazon-linux-ami-2-upgrade-php-gd amazon-linux-ami-2-upgrade-php-gmp amazon-linux-ami-2-upgrade-php-intl amazon-linux-ami-2-upgrade-php-ldap amazon-linux-ami-2-upgrade-php-mbstring amazon-linux-ami-2-upgrade-php-mysqlnd amazon-linux-ami-2-upgrade-php-odbc amazon-linux-ami-2-upgrade-php-opcache amazon-linux-ami-2-upgrade-php-pdo amazon-linux-ami-2-upgrade-php-pgsql amazon-linux-ami-2-upgrade-php-process amazon-linux-ami-2-upgrade-php-pspell amazon-linux-ami-2-upgrade-php-snmp amazon-linux-ami-2-upgrade-php-soap amazon-linux-ami-2-upgrade-php-sodium amazon-linux-ami-2-upgrade-php-xml References https://attackerkb.com/topics/cve-2022-4900 AL2/ALASPHP8.0-2024-010 CVE - 2022-4900

SUSE: CVE-2023-38473: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. Solution(s) suse-upgrade-avahi suse-upgrade-avahi-autoipd suse-upgrade-avahi-compat-howl-devel suse-upgrade-avahi-compat-mdnsresponder-devel suse-upgrade-avahi-lang suse-upgrade-avahi-utils suse-upgrade-avahi-utils-gtk suse-upgrade-libavahi-client3 suse-upgrade-libavahi-client3-32bit suse-upgrade-libavahi-common3 suse-upgrade-libavahi-common3-32bit suse-upgrade-libavahi-core7 suse-upgrade-libavahi-devel suse-upgrade-libavahi-glib-devel suse-upgrade-libavahi-glib1 suse-upgrade-libavahi-glib1-32bit suse-upgrade-libavahi-gobject-devel suse-upgrade-libavahi-gobject0 suse-upgrade-libavahi-libevent1 suse-upgrade-libavahi-qt5-1 suse-upgrade-libavahi-qt5-devel suse-upgrade-libavahi-ui-gtk3-0 suse-upgrade-libavahi-ui0 suse-upgrade-libdns_sd suse-upgrade-libdns_sd-32bit suse-upgrade-libhowl0 suse-upgrade-python-avahi suse-upgrade-python3-avahi suse-upgrade-python3-avahi-gtk suse-upgrade-typelib-1_0-avahi-0_6 References https://attackerkb.com/topics/cve-2023-38473 CVE - 2023-38473

SUSE: CVE-2023-31022: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 11/15/2023 Added 11/14/2023 Modified 01/28/2025 Description NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. Solution(s) suse-upgrade-kernel-firmware-nvidia-gspx-g06 suse-upgrade-nvidia-open-driver-g06-signed-64kb-devel suse-upgrade-nvidia-open-driver-g06-signed-azure-devel suse-upgrade-nvidia-open-driver-g06-signed-default-devel suse-upgrade-nvidia-open-driver-g06-signed-kmp-64kb suse-upgrade-nvidia-open-driver-g06-signed-kmp-azure suse-upgrade-nvidia-open-driver-g06-signed-kmp-default References https://attackerkb.com/topics/cve-2023-31022 CVE - 2023-31022

SUSE: CVE-2023-38472: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 12/21/2023 Added 12/20/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. Solution(s) suse-upgrade-avahi suse-upgrade-avahi-autoipd suse-upgrade-avahi-compat-howl-devel suse-upgrade-avahi-compat-mdnsresponder-devel suse-upgrade-avahi-lang suse-upgrade-avahi-utils suse-upgrade-avahi-utils-gtk suse-upgrade-libavahi-client3 suse-upgrade-libavahi-client3-32bit suse-upgrade-libavahi-common3 suse-upgrade-libavahi-common3-32bit suse-upgrade-libavahi-core7 suse-upgrade-libavahi-devel suse-upgrade-libavahi-glib-devel suse-upgrade-libavahi-glib1 suse-upgrade-libavahi-glib1-32bit suse-upgrade-libavahi-gobject-devel suse-upgrade-libavahi-gobject0 suse-upgrade-libavahi-libevent1 suse-upgrade-libavahi-qt5-1 suse-upgrade-libavahi-qt5-devel suse-upgrade-libavahi-ui-gtk3-0 suse-upgrade-libavahi-ui0 suse-upgrade-libdns_sd suse-upgrade-libdns_sd-32bit suse-upgrade-libhowl0 suse-upgrade-python-avahi suse-upgrade-python3-avahi suse-upgrade-python3-avahi-gtk suse-upgrade-typelib-1_0-avahi-0_6 References https://attackerkb.com/topics/cve-2023-38472 CVE - 2023-38472

SUSE: CVE-2023-38470: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 11/23/2023 Added 11/22/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. Solution(s) suse-upgrade-avahi suse-upgrade-avahi-autoipd suse-upgrade-avahi-compat-howl-devel suse-upgrade-avahi-compat-mdnsresponder-devel suse-upgrade-avahi-lang suse-upgrade-avahi-utils suse-upgrade-avahi-utils-gtk suse-upgrade-libavahi-client3 suse-upgrade-libavahi-client3-32bit suse-upgrade-libavahi-common3 suse-upgrade-libavahi-common3-32bit suse-upgrade-libavahi-core7 suse-upgrade-libavahi-devel suse-upgrade-libavahi-glib-devel suse-upgrade-libavahi-glib1 suse-upgrade-libavahi-glib1-32bit suse-upgrade-libavahi-gobject-devel suse-upgrade-libavahi-gobject0 suse-upgrade-libavahi-libevent1 suse-upgrade-libavahi-qt5-1 suse-upgrade-libavahi-qt5-devel suse-upgrade-libavahi-ui-gtk3-0 suse-upgrade-libavahi-ui0 suse-upgrade-libdns_sd suse-upgrade-libdns_sd-32bit suse-upgrade-libhowl0 suse-upgrade-python-avahi suse-upgrade-python3-avahi suse-upgrade-python3-avahi-gtk suse-upgrade-typelib-1_0-avahi-0_6 References https://attackerkb.com/topics/cve-2023-38470 CVE - 2023-38470

Huawei EulerOS: CVE-2023-38469: avahi security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. Solution(s) huawei-euleros-2_0_sp9-upgrade-avahi-libs References https://attackerkb.com/topics/cve-2023-38469 CVE - 2023-38469 EulerOS-SA-2024-1191

Huawei EulerOS: CVE-2023-38470: avahi security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. Solution(s) huawei-euleros-2_0_sp9-upgrade-avahi-libs References https://attackerkb.com/topics/cve-2023-38470 CVE - 2023-38470 EulerOS-SA-2023-3322

Debian: CVE-2023-38473: avahi -- security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 12/17/2024 Added 12/16/2024 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. Solution(s) debian-upgrade-avahi References https://attackerkb.com/topics/cve-2023-38473 CVE - 2023-38473 DLA-3990-1

Alpine Linux: CVE-2023-38470: Reachable Assertion Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. Solution(s) alpine-linux-upgrade-avahi References https://attackerkb.com/topics/cve-2023-38470 CVE - 2023-38470 https://security.alpinelinux.org/vuln/CVE-2023-38470

Huawei EulerOS: CVE-2023-38472: avahi security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. Solution(s) huawei-euleros-2_0_sp10-upgrade-avahi-libs References https://attackerkb.com/topics/cve-2023-38472 CVE - 2023-38472 EulerOS-SA-2024-1077

Rocky Linux: CVE-2023-38471: avahi (RLSA-2023-7836) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Alma Linux: CVE-2023-38472: Moderate: avahi security update (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. Solution(s) alma-upgrade-avahi alma-upgrade-avahi-autoipd alma-upgrade-avahi-compat-howl alma-upgrade-avahi-compat-howl-devel alma-upgrade-avahi-compat-libdns_sd alma-upgrade-avahi-compat-libdns_sd-devel alma-upgrade-avahi-devel alma-upgrade-avahi-glib alma-upgrade-avahi-glib-devel alma-upgrade-avahi-gobject alma-upgrade-avahi-gobject-devel alma-upgrade-avahi-libs alma-upgrade-avahi-tools alma-upgrade-avahi-ui alma-upgrade-avahi-ui-devel alma-upgrade-avahi-ui-gtk3 alma-upgrade-python3-avahi References https://attackerkb.com/topics/cve-2023-38472 CVE - 2023-38472 https://errata.almalinux.org/8/ALSA-2023-7836.html https://errata.almalinux.org/9/ALSA-2024-2433.html

SUSE: CVE-2023-38469: SUSE Linux Security Advisory Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 03/29/2024 Added 03/28/2024 Modified 01/28/2025 Description A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. Solution(s) suse-upgrade-avahi suse-upgrade-avahi-autoipd suse-upgrade-avahi-compat-howl-devel suse-upgrade-avahi-compat-mdnsresponder-devel suse-upgrade-avahi-lang suse-upgrade-avahi-utils suse-upgrade-avahi-utils-gtk suse-upgrade-libavahi-client3 suse-upgrade-libavahi-client3-32bit suse-upgrade-libavahi-common3 suse-upgrade-libavahi-common3-32bit suse-upgrade-libavahi-core7 suse-upgrade-libavahi-devel suse-upgrade-libavahi-glib-devel suse-upgrade-libavahi-glib1 suse-upgrade-libavahi-glib1-32bit suse-upgrade-libavahi-gobject-devel suse-upgrade-libavahi-gobject0 suse-upgrade-libavahi-libevent1 suse-upgrade-libavahi-qt5-1 suse-upgrade-libavahi-qt5-devel suse-upgrade-libavahi-ui-gtk3-0 suse-upgrade-libavahi-ui0 suse-upgrade-libdns_sd suse-upgrade-libdns_sd-32bit suse-upgrade-libhowl0 suse-upgrade-python-avahi suse-upgrade-python3-avahi suse-upgrade-python3-avahi-gtk suse-upgrade-typelib-1_0-avahi-0_6 References https://attackerkb.com/topics/cve-2023-38469 CVE - 2023-38469

Ubuntu: USN-6827-1 (CVE-2023-3164): LibTIFF vulnerability Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 11/02/2023 Created 07/02/2024 Added 07/01/2024 Modified 01/28/2025 Description A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file. Solution(s) ubuntu-pro-upgrade-libtiff-tools ubuntu-pro-upgrade-libtiff5 ubuntu-pro-upgrade-libtiff6 References https://attackerkb.com/topics/cve-2023-3164 CVE - 2023-3164 USN-6827-1

Rocky Linux: CVE-2023-38470: avahi (RLSA-2023-7836) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Rocky Linux: CVE-2023-38472: avahi (RLSA-2023-7836) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 03/07/2024 Added 08/15/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Debian: CVE-2023-31022: Multiple Affected Packages Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/28/2025 Description NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. Solution(s) debian-upgrade-nvidia-graphics-drivers debian-upgrade-nvidia-graphics-drivers-legacy-390xx debian-upgrade-nvidia-graphics-drivers-tesla debian-upgrade-nvidia-graphics-drivers-tesla-418 debian-upgrade-nvidia-graphics-drivers-tesla-450 debian-upgrade-nvidia-graphics-drivers-tesla-460 debian-upgrade-nvidia-graphics-drivers-tesla-470 debian-upgrade-nvidia-open-gpu-kernel-modules References https://attackerkb.com/topics/cve-2023-31022 CVE - 2023-31022

Alpine Linux: CVE-2023-38469: Reachable Assertion Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 03/22/2024 Added 03/26/2024 Modified 10/02/2024 Description A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. Solution(s) alpine-linux-upgrade-avahi References https://attackerkb.com/topics/cve-2023-38469 CVE - 2023-38469 https://security.alpinelinux.org/vuln/CVE-2023-38469

Red Hat: CVE-2023-38472: avahi: Reachable assertion in avahi_rdata_parse (Multiple Advisories) Severity 5 CVSS (AV:L/AC:L/Au:N/C:N/I:N/A:C) Published 11/02/2023 Created 12/19/2023 Added 12/15/2023 Modified 09/03/2024 Description A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. Solution(s) redhat-upgrade-avahi redhat-upgrade-avahi-autoipd redhat-upgrade-avahi-autoipd-debuginfo redhat-upgrade-avahi-compat-howl redhat-upgrade-avahi-compat-howl-debuginfo redhat-upgrade-avahi-compat-howl-devel redhat-upgrade-avahi-compat-libdns_sd redhat-upgrade-avahi-compat-libdns_sd-debuginfo redhat-upgrade-avahi-compat-libdns_sd-devel redhat-upgrade-avahi-debuginfo redhat-upgrade-avahi-debugsource redhat-upgrade-avahi-devel redhat-upgrade-avahi-dnsconfd-debuginfo redhat-upgrade-avahi-glib redhat-upgrade-avahi-glib-debuginfo redhat-upgrade-avahi-glib-devel redhat-upgrade-avahi-gobject redhat-upgrade-avahi-gobject-debuginfo redhat-upgrade-avahi-gobject-devel redhat-upgrade-avahi-libs redhat-upgrade-avahi-libs-debuginfo redhat-upgrade-avahi-tools redhat-upgrade-avahi-tools-debuginfo redhat-upgrade-avahi-ui redhat-upgrade-avahi-ui-debuginfo redhat-upgrade-avahi-ui-devel redhat-upgrade-avahi-ui-gtk3 redhat-upgrade-avahi-ui-gtk3-debuginfo redhat-upgrade-avahi-ui-tools-debuginfo redhat-upgrade-python3-avahi References CVE-2023-38472 RHSA-2023:7836 RHSA-2024:0418 RHSA-2024:0576 RHSA-2024:2433

Red Hat: CVE-2023-46847: Denial of Service in HTTP Digest Authentication (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/02/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Squid is vulnerable to a Denial of Service,where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Solution(s) redhat-upgrade-libecap redhat-upgrade-libecap-debuginfo redhat-upgrade-libecap-debugsource redhat-upgrade-libecap-devel redhat-upgrade-squid redhat-upgrade-squid-debuginfo redhat-upgrade-squid-debugsource redhat-upgrade-squid-migration-script redhat-upgrade-squid-sysvinit References CVE-2023-46847 RHSA-2023:6266 RHSA-2023:6267 RHSA-2023:6268 RHSA-2023:6748 RHSA-2023:6801 RHSA-2023:6805 RHSA-2023:7213 View more

Red Hat: CVE-2023-46848: denial of Service in FTP (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/02/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Squid is vulnerable to Denial of Service,where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Solution(s) redhat-upgrade-squid redhat-upgrade-squid-debuginfo redhat-upgrade-squid-debugsource References CVE-2023-46848 RHSA-2023:6266 RHSA-2023:6268 RHSA-2023:6748

Huawei EulerOS: CVE-2023-38471: avahi security update Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 11/02/2023 Created 02/13/2024 Added 02/12/2024 Modified 01/28/2025 Description A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. Solution(s) huawei-euleros-2_0_sp9-upgrade-avahi-libs References https://attackerkb.com/topics/cve-2023-38471 CVE - 2023-38471 EulerOS-SA-2024-1191

Red Hat OpenShift: CVE-2023-5625: python-eventlet: patch regression forin some Red Hat builds Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/02/2023 Created 11/02/2023 Added 11/02/2023 Modified 01/28/2025 Description A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. Solution(s) linuxrpm-upgrade-python-eventlet References https://attackerkb.com/topics/cve-2023-5625 CVE - 2023-5625 RHSA-2023:6128 RHSA-2024:0188 RHSA-2024:0213