ISHACK AI BOT

SUSE: CVE-2023-42852: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 10/25/2023 Created 11/28/2023 Added 11/27/2023 Modified 01/28/2025 Description A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. Solution(s) suse-upgrade-libjavascriptcoregtk-4_0-18 suse-upgrade-libjavascriptcoregtk-4_0-18-32bit suse-upgrade-libjavascriptcoregtk-4_0-18-64bit suse-upgrade-libjavascriptcoregtk-4_1-0 suse-upgrade-libjavascriptcoregtk-4_1-0-32bit suse-upgrade-libjavascriptcoregtk-4_1-0-64bit suse-upgrade-libjavascriptcoregtk-6_0-1 suse-upgrade-libwebkit2gtk-4_0-37 suse-upgrade-libwebkit2gtk-4_0-37-32bit suse-upgrade-libwebkit2gtk-4_0-37-64bit suse-upgrade-libwebkit2gtk-4_1-0 suse-upgrade-libwebkit2gtk-4_1-0-32bit suse-upgrade-libwebkit2gtk-4_1-0-64bit suse-upgrade-libwebkit2gtk3-lang suse-upgrade-libwebkitgtk-6_0-4 suse-upgrade-typelib-1_0-javascriptcore-4_0 suse-upgrade-typelib-1_0-javascriptcore-4_1 suse-upgrade-typelib-1_0-javascriptcore-6_0 suse-upgrade-typelib-1_0-webkit-6_0 suse-upgrade-typelib-1_0-webkit2-4_0 suse-upgrade-typelib-1_0-webkit2-4_1 suse-upgrade-typelib-1_0-webkit2webextension-4_0 suse-upgrade-typelib-1_0-webkit2webextension-4_1 suse-upgrade-typelib-1_0-webkitwebprocessextension-6_0 suse-upgrade-webkit-jsc-4 suse-upgrade-webkit-jsc-4-1 suse-upgrade-webkit-jsc-6-0 suse-upgrade-webkit2gtk-4_0-injected-bundles suse-upgrade-webkit2gtk-4_1-injected-bundles suse-upgrade-webkit2gtk3-devel suse-upgrade-webkit2gtk3-minibrowser suse-upgrade-webkit2gtk3-soup2-devel suse-upgrade-webkit2gtk3-soup2-minibrowser suse-upgrade-webkit2gtk4-devel suse-upgrade-webkit2gtk4-minibrowser suse-upgrade-webkitgtk-4-0-lang suse-upgrade-webkitgtk-4-1-lang suse-upgrade-webkitgtk-6-0-lang suse-upgrade-webkitgtk-6_0-injected-bundles References https://attackerkb.com/topics/cve-2023-42852 CVE - 2023-42852

OS X update for CUPS (CVE-2023-40401) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for WebKit (CVE-2023-32359) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 12/28/2023 Added 12/27/2023 Modified 01/30/2025 Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver. Solution(s) apple-osx-upgrade-14 References https://attackerkb.com/topics/cve-2023-32359 CVE - 2023-32359 https://support.apple.com/kb/HT213940

OS X update for Share Sheet (CVE-2023-32359) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Rocky Linux: CVE-2023-4693: grub2 (RLSA-2024-3184) Severity 5 CVSS (AV:L/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/30/2025 Description An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. Solution(s) rocky-upgrade-grub2-debuginfo rocky-upgrade-grub2-debugsource rocky-upgrade-grub2-efi-ia32 rocky-upgrade-grub2-efi-ia32-cdboot rocky-upgrade-grub2-efi-x64 rocky-upgrade-grub2-efi-x64-cdboot rocky-upgrade-grub2-pc rocky-upgrade-grub2-tools rocky-upgrade-grub2-tools-debuginfo rocky-upgrade-grub2-tools-efi rocky-upgrade-grub2-tools-efi-debuginfo rocky-upgrade-grub2-tools-extra rocky-upgrade-grub2-tools-extra-debuginfo rocky-upgrade-grub2-tools-minimal rocky-upgrade-grub2-tools-minimal-debuginfo References https://attackerkb.com/topics/cve-2023-4693 CVE - 2023-4693 https://errata.rockylinux.org/RLSA-2024:3184

OS X update for Share Sheet (CVE-2023-42842) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Rocky Linux: CVE-2023-32359: webkit2gtk3 (RLSA-2024-2982) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/30/2025 Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver. Solution(s) rocky-upgrade-webkit2gtk3 rocky-upgrade-webkit2gtk3-debuginfo rocky-upgrade-webkit2gtk3-debugsource rocky-upgrade-webkit2gtk3-devel rocky-upgrade-webkit2gtk3-devel-debuginfo rocky-upgrade-webkit2gtk3-jsc rocky-upgrade-webkit2gtk3-jsc-debuginfo rocky-upgrade-webkit2gtk3-jsc-devel rocky-upgrade-webkit2gtk3-jsc-devel-debuginfo References https://attackerkb.com/topics/cve-2023-32359 CVE - 2023-32359 https://errata.rockylinux.org/RLSA-2024:2982

Rocky Linux: CVE-2023-4692: grub2 (RLSA-2024-3184) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 10/25/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/30/2025 Description An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. Solution(s) rocky-upgrade-grub2-debuginfo rocky-upgrade-grub2-debugsource rocky-upgrade-grub2-efi-ia32 rocky-upgrade-grub2-efi-ia32-cdboot rocky-upgrade-grub2-efi-x64 rocky-upgrade-grub2-efi-x64-cdboot rocky-upgrade-grub2-pc rocky-upgrade-grub2-tools rocky-upgrade-grub2-tools-debuginfo rocky-upgrade-grub2-tools-efi rocky-upgrade-grub2-tools-efi-debuginfo rocky-upgrade-grub2-tools-extra rocky-upgrade-grub2-tools-extra-debuginfo rocky-upgrade-grub2-tools-minimal rocky-upgrade-grub2-tools-minimal-debuginfo References https://attackerkb.com/topics/cve-2023-4692 CVE - 2023-4692 https://errata.rockylinux.org/RLSA-2024:3184

Rocky Linux: CVE-2023-5363: openssl (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 07/19/2024 Added 07/16/2024 Modified 01/30/2025 Description Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established.Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values.The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality.For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception.However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue. Solution(s) rocky-upgrade-openssl rocky-upgrade-openssl-debuginfo rocky-upgrade-openssl-debugsource rocky-upgrade-openssl-devel rocky-upgrade-openssl-fips-provider rocky-upgrade-openssl-fips-provider-debuginfo rocky-upgrade-openssl-fips-provider-debugsource rocky-upgrade-openssl-libs rocky-upgrade-openssl-libs-debuginfo rocky-upgrade-openssl-perl References https://attackerkb.com/topics/cve-2023-5363 CVE - 2023-5363 https://access.redhat.com/errata/RHSA-2024:0310 https://access.redhat.com/errata/RHSA-2024:0500

Rocky Linux: CVE-2023-5721: firefox (RLSA-2023-6188) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/25/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2023-5721 CVE - 2023-5721 https://errata.rockylinux.org/RLSA-2023:6188

Rocky Linux: CVE-2023-41983: webkit2gtk3 (RLSA-2024-2982) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 10/25/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service. Solution(s) rocky-upgrade-webkit2gtk3 rocky-upgrade-webkit2gtk3-debuginfo rocky-upgrade-webkit2gtk3-debugsource rocky-upgrade-webkit2gtk3-devel rocky-upgrade-webkit2gtk3-devel-debuginfo rocky-upgrade-webkit2gtk3-jsc rocky-upgrade-webkit2gtk3-jsc-debuginfo rocky-upgrade-webkit2gtk3-jsc-devel rocky-upgrade-webkit2gtk3-jsc-devel-debuginfo References https://attackerkb.com/topics/cve-2023-41983 CVE - 2023-41983 https://errata.rockylinux.org/RLSA-2024:2982

Rocky Linux: CVE-2023-46316: traceroute (RLSA-2024-3211) Severity 5 CVSS (AV:L/AC:L/Au:S/C:N/I:N/A:C) Published 10/25/2023 Created 06/17/2024 Added 06/17/2024 Modified 01/28/2025 Description In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. Solution(s) rocky-upgrade-traceroute rocky-upgrade-traceroute-debuginfo rocky-upgrade-traceroute-debugsource References https://attackerkb.com/topics/cve-2023-46316 CVE - 2023-46316 https://errata.rockylinux.org/RLSA-2024:3211

Rocky Linux: CVE-2023-5724: firefox (RLSA-2023-6188) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/25/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2023-5724 CVE - 2023-5724 https://errata.rockylinux.org/RLSA-2023:6188

Rocky Linux: CVE-2023-5725: firefox (RLSA-2023-6188) Severity 4 CVSS (AV:N/AC:M/Au:N/C:P/I:N/A:N) Published 10/25/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2023-5725 CVE - 2023-5725 https://errata.rockylinux.org/RLSA-2023:6188

Rocky Linux: CVE-2023-5732: firefox (RLSA-2023-6188) Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:C/A:N) Published 10/25/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2023-5732 CVE - 2023-5732 https://errata.rockylinux.org/RLSA-2023:6188

OS X update for NetFSFramework (CVE-2023-32359) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Maps (CVE-2023-40405) Severity 2 CVSS (AV:L/AC:M/Au:N/C:P/I:N/A:N) Published 10/25/2023 Created 11/01/2023 Added 10/31/2023 Modified 01/28/2025 Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information. Solution(s) apple-osx-upgrade-14_1 References https://attackerkb.com/topics/cve-2023-40405 CVE - 2023-40405 https://support.apple.com/kb/HT213984

OS X update for Mail Drafts (CVE-2023-40408) Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:P/A:N) Published 10/25/2023 Created 11/01/2023 Added 10/31/2023 Modified 01/28/2025 Description An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly. Solution(s) apple-osx-upgrade-14_1 References https://attackerkb.com/topics/cve-2023-40408 CVE - 2023-40408 https://support.apple.com/kb/HT213984

OS X update for Messages (CVE-2023-32359) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Rocky Linux: CVE-2023-5728: firefox (RLSA-2023-6188) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/25/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2023-5728 CVE - 2023-5728 https://errata.rockylinux.org/RLSA-2023:6188

OS X update for IOUserEthernet (CVE-2023-32359) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Rocky Linux: CVE-2023-5730: firefox (RLSA-2023-6188) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/25/2023 Created 03/07/2024 Added 03/05/2024 Modified 01/28/2025 Description Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. Solution(s) rocky-upgrade-firefox rocky-upgrade-firefox-debuginfo rocky-upgrade-firefox-debugsource rocky-upgrade-firefox-x11 References https://attackerkb.com/topics/cve-2023-5730 CVE - 2023-5730 https://errata.rockylinux.org/RLSA-2023:6188

OS X update for IOAcceleratorFamily (CVE-2023-32359) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for IOUSBDeviceFamily (CVE-2023-42842) Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 10/25/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Red Hat OpenShift: CVE-2023-46136: python-werkzeug: high resource consumption leading to denial of service Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/25/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1. Solution(s) linuxrpm-upgrade-python-werkzeug References https://attackerkb.com/topics/cve-2023-46136 CVE - 2023-46136 RHSA-2023:7473 RHSA-2023:7477 RHSA-2023:7610 RHSA-2024:0189 RHSA-2024:0214