ISHACK AI BOT

Alpine Linux: CVE-2023-45667: NULL Pointer Dereference Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/20/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. Solution(s) alpine-linux-upgrade-stb References https://attackerkb.com/topics/cve-2023-45667 CVE - 2023-45667 https://security.alpinelinux.org/vuln/CVE-2023-45667

Alpine Linux: CVE-2023-45661: Out-of-bounds Read Severity 6 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:C) Published 10/20/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information. Solution(s) alpine-linux-upgrade-stb References https://attackerkb.com/topics/cve-2023-45661 CVE - 2023-45661 https://security.alpinelinux.org/vuln/CVE-2023-45661

Alpine Linux: CVE-2023-45675: Out-of-bounds Write Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/20/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution. Solution(s) alpine-linux-upgrade-stb References https://attackerkb.com/topics/cve-2023-45675 CVE - 2023-45675 https://security.alpinelinux.org/vuln/CVE-2023-45675

Red Hat JBossEAP: Insertion of Sensitive Information into Log File (CVE-2023-44483) Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 10/20/2023 Created 09/20/2024 Added 09/19/2024 Modified 12/20/2024 Description All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2023-44483 CVE - 2023-44483 https://access.redhat.com/security/cve/CVE-2023-44483 https://bugzilla.redhat.com/show_bug.cgi?id=2246070 http://www.openwall.com/lists/oss-security/2023/10/20/5 https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 https://access.redhat.com/errata/RHSA-2024:0710 https://access.redhat.com/errata/RHSA-2024:0711 https://access.redhat.com/errata/RHSA-2024:0712 https://access.redhat.com/errata/RHSA-2024:0714 View more

Alpine Linux: CVE-2023-45663: Use of Uninitialized Resource Severity 5 CVSS (AV:L/AC:M/Au:N/C:C/I:N/A:N) Published 10/20/2023 Created 08/23/2024 Added 08/22/2024 Modified 10/02/2024 Description stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer. Solution(s) alpine-linux-upgrade-stb References https://attackerkb.com/topics/cve-2023-45663 CVE - 2023-45663 https://security.alpinelinux.org/vuln/CVE-2023-45663

Oracle Linux: CVE-2023-45802: ELSA-2024-2368:mod_http2 security update (MODERATE) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/19/2023 Created 05/22/2024 Added 05/08/2024 Modified 01/08/2025 Description When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. A flaw was found in mod_http2. When a HTTP/2 stream is reset (RST frame) by a client, there is a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open, causing the memory footprint to keep on growing. On connection close, all resources are reclaimed but the process might run out of memory before connection close. Solution(s) oracle-linux-upgrade-httpd oracle-linux-upgrade-httpd-devel oracle-linux-upgrade-httpd-filesystem oracle-linux-upgrade-httpd-manual oracle-linux-upgrade-httpd-tools oracle-linux-upgrade-mod-http2 oracle-linux-upgrade-mod-ldap oracle-linux-upgrade-mod-md oracle-linux-upgrade-mod-proxy-html oracle-linux-upgrade-mod-session oracle-linux-upgrade-mod-ssl References https://attackerkb.com/topics/cve-2023-45802 CVE - 2023-45802 ELSA-2024-2368 ELSA-2024-3121

Microsoft Windows: CVE-2023-38545: Hackerone: CVE-2023-38545 SOCKS5 heap buffer overflow Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/19/2023 Created 11/15/2023 Added 11/14/2023 Modified 09/10/2024 Description This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. Solution(s) microsoft-windows-windows_10-1809-kb5032196 microsoft-windows-windows_10-21h2-kb5032189 microsoft-windows-windows_10-22h2-kb5032189 microsoft-windows-windows_11-21h2-kb5032192 microsoft-windows-windows_11-22h2-kb5032190 microsoft-windows-windows_11-23h2-kb5032190 microsoft-windows-windows_server_2019-1809-kb5032196 microsoft-windows-windows_server_2022-21h2-kb5032198 microsoft-windows-windows_server_2022-22h2-kb5032198 References https://attackerkb.com/topics/cve-2023-38545 CVE - 2023-38545 https://support.microsoft.com/help/5032189 https://support.microsoft.com/help/5032190 https://support.microsoft.com/help/5032192 https://support.microsoft.com/help/5032196 https://support.microsoft.com/help/5032198

Microsoft Windows: CVE-2023-38039: Hackerone: CVE-2023-38039 HTTP headers eat all memory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/19/2023 Created 11/15/2023 Added 11/14/2023 Modified 08/07/2024 Description When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. Solution(s) microsoft-windows-windows_10-1809-kb5032196 microsoft-windows-windows_10-21h2-kb5032189 microsoft-windows-windows_10-22h2-kb5032189 microsoft-windows-windows_11-21h2-kb5032192 microsoft-windows-windows_11-22h2-kb5032190 microsoft-windows-windows_11-23h2-kb5032190 microsoft-windows-windows_server_2019-1809-kb5032196 microsoft-windows-windows_server_2022-21h2-kb5032198 microsoft-windows-windows_server_2022-22h2-kb5032198 References https://attackerkb.com/topics/cve-2023-38039 CVE - 2023-38039 https://support.microsoft.com/help/5032189 https://support.microsoft.com/help/5032190 https://support.microsoft.com/help/5032192 https://support.microsoft.com/help/5032196 https://support.microsoft.com/help/5032198

Oracle Linux: CVE-2023-46848: ELSA-2023-6266:squid security update (CRITICAL) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/19/2023 Created 11/07/2023 Added 11/03/2023 Modified 12/06/2024 Description Squid is vulnerable to Denial of Service,where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Solution(s) oracle-linux-upgrade-squid References https://attackerkb.com/topics/cve-2023-46848 CVE - 2023-46848 ELSA-2023-6266 ELSA-2023-6748

Oracle Linux: CVE-2023-46847: ELSA-2023-6266:squid security update (CRITICAL) (Multiple Advisories) Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:C) Published 10/19/2023 Created 11/07/2023 Added 11/03/2023 Modified 01/08/2025 Description Squid is vulnerable to a Denial of Service,where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Solution(s) oracle-linux-upgrade-libecap oracle-linux-upgrade-libecap-devel oracle-linux-upgrade-squid oracle-linux-upgrade-squid-migration-script oracle-linux-upgrade-squid-sysvinit References https://attackerkb.com/topics/cve-2023-46847 CVE - 2023-46847 ELSA-2023-6266 ELSA-2023-6884 ELSA-2023-6805 ELSA-2023-7213 ELSA-2023-6882 ELSA-2023-6267 ELSA-2023-6748 View more

Oracle Linux: CVE-2023-46846: ELSA-2023-6266:squid security update (CRITICAL) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 10/19/2023 Created 11/07/2023 Added 11/03/2023 Modified 01/08/2025 Description SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. Solution(s) oracle-linux-upgrade-libecap oracle-linux-upgrade-libecap-devel oracle-linux-upgrade-squid References https://attackerkb.com/topics/cve-2023-46846 CVE - 2023-46846 ELSA-2023-6266 ELSA-2023-7213 ELSA-2023-6267 ELSA-2023-6748

VMware Photon OS: CVE-2023-46228 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 10/19/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-46228 CVE - 2023-46228

Ubuntu: (Multiple Advisories) (CVE-2023-4881): Linux kernel vulnerabilities Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/19/2023 Created 10/24/2023 Added 10/23/2023 Modified 05/28/2024 Description Rejected reason: CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team. Solution(s) ubuntu-upgrade-linux-image-4-15-0-1125-oracle ubuntu-upgrade-linux-image-4-15-0-1146-kvm ubuntu-upgrade-linux-image-4-15-0-1156-gcp ubuntu-upgrade-linux-image-4-15-0-1162-aws ubuntu-upgrade-linux-image-4-15-0-1171-azure ubuntu-upgrade-linux-image-4-15-0-219-generic ubuntu-upgrade-linux-image-4-15-0-219-lowlatency ubuntu-upgrade-linux-image-4-4-0-1124-aws ubuntu-upgrade-linux-image-4-4-0-1125-kvm ubuntu-upgrade-linux-image-4-4-0-1162-aws ubuntu-upgrade-linux-image-4-4-0-246-generic ubuntu-upgrade-linux-image-4-4-0-246-lowlatency ubuntu-upgrade-linux-image-5-15-0-1031-gkeop ubuntu-upgrade-linux-image-5-15-0-1039-nvidia ubuntu-upgrade-linux-image-5-15-0-1039-nvidia-lowlatency ubuntu-upgrade-linux-image-5-15-0-1041-ibm ubuntu-upgrade-linux-image-5-15-0-1041-raspi ubuntu-upgrade-linux-image-5-15-0-1043-intel-iotg ubuntu-upgrade-linux-image-5-15-0-1045-gcp ubuntu-upgrade-linux-image-5-15-0-1045-gke ubuntu-upgrade-linux-image-5-15-0-1045-kvm ubuntu-upgrade-linux-image-5-15-0-1046-oracle ubuntu-upgrade-linux-image-5-15-0-1048-aws ubuntu-upgrade-linux-image-5-15-0-1050-azure ubuntu-upgrade-linux-image-5-15-0-1050-azure-fde ubuntu-upgrade-linux-image-5-15-0-87-generic ubuntu-upgrade-linux-image-5-15-0-87-generic-64k ubuntu-upgrade-linux-image-5-15-0-87-generic-lpae ubuntu-upgrade-linux-image-5-15-0-87-lowlatency ubuntu-upgrade-linux-image-5-15-0-87-lowlatency-64k ubuntu-upgrade-linux-image-5-4-0-1024-iot ubuntu-upgrade-linux-image-5-4-0-1032-xilinx-zynqmp ubuntu-upgrade-linux-image-5-4-0-1059-ibm ubuntu-upgrade-linux-image-5-4-0-1073-bluefield ubuntu-upgrade-linux-image-5-4-0-1079-gkeop ubuntu-upgrade-linux-image-5-4-0-1096-raspi ubuntu-upgrade-linux-image-5-4-0-1101-kvm ubuntu-upgrade-linux-image-5-4-0-1111-oracle ubuntu-upgrade-linux-image-5-4-0-1112-aws ubuntu-upgrade-linux-image-5-4-0-1116-gcp ubuntu-upgrade-linux-image-5-4-0-1118-azure ubuntu-upgrade-linux-image-5-4-0-165-generic ubuntu-upgrade-linux-image-5-4-0-165-generic-lpae ubuntu-upgrade-linux-image-5-4-0-165-lowlatency ubuntu-upgrade-linux-image-6-1-0-1024-oem ubuntu-upgrade-linux-image-6-2-0-1007-starfive ubuntu-upgrade-linux-image-6-2-0-1011-nvidia ubuntu-upgrade-linux-image-6-2-0-1011-nvidia-64k ubuntu-upgrade-linux-image-6-2-0-1014-aws ubuntu-upgrade-linux-image-6-2-0-1014-oracle ubuntu-upgrade-linux-image-6-2-0-1015-azure ubuntu-upgrade-linux-image-6-2-0-1015-azure-fde ubuntu-upgrade-linux-image-6-2-0-1015-kvm ubuntu-upgrade-linux-image-6-2-0-1015-lowlatency ubuntu-upgrade-linux-image-6-2-0-1015-lowlatency-64k ubuntu-upgrade-linux-image-6-2-0-1015-raspi ubuntu-upgrade-linux-image-6-2-0-1017-gcp ubuntu-upgrade-linux-image-6-2-0-35-generic ubuntu-upgrade-linux-image-6-2-0-35-generic-64k ubuntu-upgrade-linux-image-6-2-0-35-generic-lpae ubuntu-upgrade-linux-image-6-5-0-10-generic ubuntu-upgrade-linux-image-6-5-0-10-generic-64k ubuntu-upgrade-linux-image-6-5-0-10-lowlatency ubuntu-upgrade-linux-image-6-5-0-10-lowlatency-64k ubuntu-upgrade-linux-image-6-5-0-1003-starfive ubuntu-upgrade-linux-image-6-5-0-1005-laptop ubuntu-upgrade-linux-image-6-5-0-1006-raspi ubuntu-upgrade-linux-image-6-5-0-1007-oem ubuntu-upgrade-linux-image-6-5-0-1008-azure ubuntu-upgrade-linux-image-6-5-0-1008-azure-fde ubuntu-upgrade-linux-image-6-5-0-1008-gcp ubuntu-upgrade-linux-image-6-5-0-1009-aws ubuntu-upgrade-linux-image-6-5-0-1011-oracle ubuntu-upgrade-linux-image-aws ubuntu-upgrade-linux-image-aws-hwe ubuntu-upgrade-linux-image-aws-lts-18-04 ubuntu-upgrade-linux-image-aws-lts-20-04 ubuntu-upgrade-linux-image-aws-lts-22-04 ubuntu-upgrade-linux-image-azure ubuntu-upgrade-linux-image-azure-cvm ubuntu-upgrade-linux-image-azure-fde ubuntu-upgrade-linux-image-azure-fde-lts-22-04 ubuntu-upgrade-linux-image-azure-lts-18-04 ubuntu-upgrade-linux-image-azure-lts-20-04 ubuntu-upgrade-linux-image-azure-lts-22-04 ubuntu-upgrade-linux-image-bluefield ubuntu-upgrade-linux-image-gcp ubuntu-upgrade-linux-image-gcp-lts-18-04 ubuntu-upgrade-linux-image-gcp-lts-20-04 ubuntu-upgrade-linux-image-gcp-lts-22-04 ubuntu-upgrade-linux-image-generic ubuntu-upgrade-linux-image-generic-64k ubuntu-upgrade-linux-image-generic-64k-hwe-20-04 ubuntu-upgrade-linux-image-generic-64k-hwe-22-04 ubuntu-upgrade-linux-image-generic-hwe-16-04 ubuntu-upgrade-linux-image-generic-hwe-18-04 ubuntu-upgrade-linux-image-generic-hwe-20-04 ubuntu-upgrade-linux-image-generic-hwe-22-04 ubuntu-upgrade-linux-image-generic-lpae ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04 ubuntu-upgrade-linux-image-generic-lpae-hwe-22-04 ubuntu-upgrade-linux-image-generic-lts-xenial ubuntu-upgrade-linux-image-gke ubuntu-upgrade-linux-image-gke-5-15 ubuntu-upgrade-linux-image-gkeop ubuntu-upgrade-linux-image-gkeop-5-15 ubuntu-upgrade-linux-image-gkeop-5-4 ubuntu-upgrade-linux-image-ibm ubuntu-upgrade-linux-image-ibm-lts-20-04 ubuntu-upgrade-linux-image-intel ubuntu-upgrade-linux-image-intel-iotg ubuntu-upgrade-linux-image-kvm ubuntu-upgrade-linux-image-laptop-23-10 ubuntu-upgrade-linux-image-lowlatency ubuntu-upgrade-linux-image-lowlatency-64k ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-64k-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-hwe-16-04 ubuntu-upgrade-linux-image-lowlatency-hwe-18-04 ubuntu-upgrade-linux-image-lowlatency-hwe-20-04 ubuntu-upgrade-linux-image-lowlatency-hwe-22-04 ubuntu-upgrade-linux-image-lowlatency-lts-xenial ubuntu-upgrade-linux-image-nvidia ubuntu-upgrade-linux-image-nvidia-6-2 ubuntu-upgrade-linux-image-nvidia-64k-6-2 ubuntu-upgrade-linux-image-nvidia-64k-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-hwe-22-04 ubuntu-upgrade-linux-image-nvidia-lowlatency ubuntu-upgrade-linux-image-oem ubuntu-upgrade-linux-image-oem-20-04 ubuntu-upgrade-linux-image-oem-20-04b ubuntu-upgrade-linux-image-oem-20-04c ubuntu-upgrade-linux-image-oem-20-04d ubuntu-upgrade-linux-image-oem-22-04 ubuntu-upgrade-linux-image-oem-22-04a ubuntu-upgrade-linux-image-oem-22-04b ubuntu-upgrade-linux-image-oem-22-04c ubuntu-upgrade-linux-image-oem-22-04d ubuntu-upgrade-linux-image-oem-osp1 ubuntu-upgrade-linux-image-oracle ubuntu-upgrade-linux-image-oracle-lts-18-04 ubuntu-upgrade-linux-image-oracle-lts-20-04 ubuntu-upgrade-linux-image-oracle-lts-22-04 ubuntu-upgrade-linux-image-raspi ubuntu-upgrade-linux-image-raspi-hwe-18-04 ubuntu-upgrade-linux-image-raspi-nolpae ubuntu-upgrade-linux-image-raspi2 ubuntu-upgrade-linux-image-snapdragon-hwe-18-04 ubuntu-upgrade-linux-image-starfive ubuntu-upgrade-linux-image-virtual ubuntu-upgrade-linux-image-virtual-hwe-16-04 ubuntu-upgrade-linux-image-virtual-hwe-18-04 ubuntu-upgrade-linux-image-virtual-hwe-20-04 ubuntu-upgrade-linux-image-virtual-hwe-22-04 ubuntu-upgrade-linux-image-virtual-lts-xenial ubuntu-upgrade-linux-image-xilinx-zynqmp References https://attackerkb.com/topics/cve-2023-4881 CVE - 2023-4881 USN-6439-1 USN-6439-2 USN-6440-1 USN-6440-2 USN-6440-3 USN-6441-1 USN-6441-2 USN-6441-3 USN-6442-1 USN-6443-1 USN-6444-1 USN-6444-2 USN-6445-1 USN-6445-2 USN-6446-1 USN-6446-2 USN-6446-3 USN-6454-1 USN-6454-2 USN-6454-3 USN-6454-4 USN-6466-1 USN-6479-1 View more

SUSE: CVE-2023-39333: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/19/2023 Created 10/24/2023 Added 10/23/2023 Modified 10/27/2023 Description This CVE is addressed in the SUSE advisories SUSE-SU-2023:4132-1, SUSE-SU-2023:4133-1, SUSE-SU-2023:4150-1, SUSE-SU-2023:4155-1, SUSE-SU-2023:4207-1, CVE-2023-39333. Solution(s) suse-upgrade-corepack16 suse-upgrade-corepack18 suse-upgrade-nodejs16 suse-upgrade-nodejs16-devel suse-upgrade-nodejs16-docs suse-upgrade-nodejs18 suse-upgrade-nodejs18-devel suse-upgrade-nodejs18-docs suse-upgrade-npm16 suse-upgrade-npm18 References https://attackerkb.com/topics/cve-2023-39333 CVE - 2023-39333 SUSE-SU-2023:4132-1 SUSE-SU-2023:4133-1 SUSE-SU-2023:4150-1 SUSE-SU-2023:4155-1 SUSE-SU-2023:4207-1

Debian: CVE-2023-4154: samba -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:C/I:N/A:N) Published 10/19/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/30/2025 Description A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence. Solution(s) debian-upgrade-samba References https://attackerkb.com/topics/cve-2023-4154 CVE - 2023-4154 DSA-5525-1

Debian: CVE-2023-4091: samba -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:C/A:N) Published 10/19/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/30/2025 Description A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions. Solution(s) debian-upgrade-samba References https://attackerkb.com/topics/cve-2023-4091 CVE - 2023-4091 DSA-5525-1

Debian: CVE-2023-42669: samba -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 10/19/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/30/2025 Description A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task. Solution(s) debian-upgrade-samba References https://attackerkb.com/topics/cve-2023-42669 CVE - 2023-42669 DSA-5525-1

Debian: CVE-2023-41914: slurm-wlm -- security update Severity 7 CVSS (AV:L/AC:M/Au:S/C:C/I:C/A:C) Published 10/19/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/28/2025 Description SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. Solution(s) debian-upgrade-slurm-wlm References https://attackerkb.com/topics/cve-2023-41914 CVE - 2023-41914 DSA-5529-1

Debian: CVE-2023-3961: samba -- security update Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/19/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/28/2025 Description A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. Solution(s) debian-upgrade-samba References https://attackerkb.com/topics/cve-2023-3961 CVE - 2023-3961 DSA-5525-1

Debian: CVE-2023-42670: samba -- security update Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 10/19/2023 Created 10/20/2023 Added 10/19/2023 Modified 01/30/2025 Description A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services. Solution(s) debian-upgrade-samba References https://attackerkb.com/topics/cve-2023-42670 CVE - 2023-42670 DSA-5525-1

Amazon Linux 2023: CVE-2023-46846: Important priority package update for squid Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 10/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. Solution(s) amazon-linux-2023-upgrade-squid amazon-linux-2023-upgrade-squid-debuginfo amazon-linux-2023-upgrade-squid-debugsource References https://attackerkb.com/topics/cve-2023-46846 CVE - 2023-46846 https://alas.aws.amazon.com/AL2023/ALAS-2023-429.html

Amazon Linux 2023: CVE-2023-5824: Important priority package update for squid Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. Solution(s) amazon-linux-2023-upgrade-squid amazon-linux-2023-upgrade-squid-debuginfo amazon-linux-2023-upgrade-squid-debugsource References https://attackerkb.com/topics/cve-2023-5824 CVE - 2023-5824 https://alas.aws.amazon.com/AL2023/ALAS-2024-578.html

Amazon Linux 2023: CVE-2023-45802: Important priority package update for httpd Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. A flaw was found in mod_http2. When a HTTP/2 stream is reset (RST frame) by a client, there is a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open, causing the memory footprint to keep on growing. On connection close, all resources are reclaimed but the process might run out of memory before connection close. Solution(s) amazon-linux-2023-upgrade-httpd amazon-linux-2023-upgrade-httpd-core amazon-linux-2023-upgrade-httpd-core-debuginfo amazon-linux-2023-upgrade-httpd-debuginfo amazon-linux-2023-upgrade-httpd-debugsource amazon-linux-2023-upgrade-httpd-devel amazon-linux-2023-upgrade-httpd-filesystem amazon-linux-2023-upgrade-httpd-manual amazon-linux-2023-upgrade-httpd-tools amazon-linux-2023-upgrade-httpd-tools-debuginfo amazon-linux-2023-upgrade-mod-ldap amazon-linux-2023-upgrade-mod-ldap-debuginfo amazon-linux-2023-upgrade-mod-lua amazon-linux-2023-upgrade-mod-lua-debuginfo amazon-linux-2023-upgrade-mod-proxy-html amazon-linux-2023-upgrade-mod-proxy-html-debuginfo amazon-linux-2023-upgrade-mod-session amazon-linux-2023-upgrade-mod-session-debuginfo amazon-linux-2023-upgrade-mod-ssl amazon-linux-2023-upgrade-mod-ssl-debuginfo References https://attackerkb.com/topics/cve-2023-45802 CVE - 2023-45802 https://alas.aws.amazon.com/AL2023/ALAS-2023-433.html

Amazon Linux 2023: CVE-2023-46847: Critical priority package update for squid Severity 9 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:C) Published 10/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Squid is vulnerable to a Denial of Service,where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. Solution(s) amazon-linux-2023-upgrade-squid amazon-linux-2023-upgrade-squid-debuginfo amazon-linux-2023-upgrade-squid-debugsource References https://attackerkb.com/topics/cve-2023-46847 CVE - 2023-46847 https://alas.aws.amazon.com/AL2023/ALAS-2023-402.html

Amazon Linux 2023: CVE-2023-46848: Important priority package update for squid Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 10/19/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description Squid is vulnerable to Denial of Service,where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. Solution(s) amazon-linux-2023-upgrade-squid amazon-linux-2023-upgrade-squid-debuginfo amazon-linux-2023-upgrade-squid-debugsource References https://attackerkb.com/topics/cve-2023-46848 CVE - 2023-46848 https://alas.aws.amazon.com/AL2023/ALAS-2023-429.html