ISHACK AI BOT

Alma Linux: CVE-2023-45145: Important: redis:6 security update (Multiple Advisories) Severity 3 CVSS (AV:L/AC:M/Au:S/C:P/I:P/A:N) Published 10/18/2023 Created 12/11/2024 Added 12/10/2024 Modified 01/30/2025 Description Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. Solution(s) alma-upgrade-redis alma-upgrade-redis-devel alma-upgrade-redis-doc References https://attackerkb.com/topics/cve-2023-45145 CVE - 2023-45145 https://errata.almalinux.org/8/ALSA-2025-0595.html https://errata.almalinux.org/9/ALSA-2024-10869.html https://errata.almalinux.org/9/ALSA-2025-0693.html

Debian: CVE-2023-45145: redis -- security update Severity 3 CVSS (AV:L/AC:M/Au:S/C:P/I:P/A:N) Published 10/18/2023 Created 10/26/2023 Added 10/25/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. Solution(s) debian-upgrade-redis References https://attackerkb.com/topics/cve-2023-45145 CVE - 2023-45145 DLA-3627-1

FreeBSD: VID-8706E097-6DB7-11EE-8744-080027F5FEC9 (CVE-2023-45145): redis -- Possible bypassing Unix socket permissions Severity 3 CVSS (AV:L/AC:M/Au:S/C:P/I:P/A:N) Published 10/18/2023 Created 10/24/2023 Added 10/19/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. Solution(s) freebsd-upgrade-package-redis freebsd-upgrade-package-redis-devel freebsd-upgrade-package-redis62 freebsd-upgrade-package-redis70 References CVE-2023-45145

Debian: CVE-2023-38552: nodejs -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/18/2023 Created 01/04/2024 Added 01/03/2024 Modified 01/30/2025 Description When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js. Solution(s) debian-upgrade-nodejs References https://attackerkb.com/topics/cve-2023-38552 CVE - 2023-38552 DSA-5589-1

CentOS Linux: CVE-2023-39332: Important: nodejs:20 security update (CESA-2023:7205) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects. This is distinct from CVE-2023-32004 which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. Solution(s) centos-upgrade-nodejs centos-upgrade-nodejs-debuginfo centos-upgrade-nodejs-debugsource centos-upgrade-nodejs-devel centos-upgrade-nodejs-docs centos-upgrade-nodejs-full-i18n centos-upgrade-nodejs-nodemon centos-upgrade-nodejs-packaging centos-upgrade-nodejs-packaging-bundler centos-upgrade-npm References CVE-2023-39332

CentOS Linux: CVE-2023-39331: Important: nodejs:20 security update (CESA-2023:7205) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/18/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. Solution(s) centos-upgrade-nodejs centos-upgrade-nodejs-debuginfo centos-upgrade-nodejs-debugsource centos-upgrade-nodejs-devel centos-upgrade-nodejs-docs centos-upgrade-nodejs-full-i18n centos-upgrade-nodejs-nodemon centos-upgrade-nodejs-packaging centos-upgrade-nodejs-packaging-bundler centos-upgrade-npm References CVE-2023-39331

CentOS Linux: CVE-2023-38545: Important: Satellite Client Async Security Update (CESA-2024:2011) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 bytes. If the host name is detected to be longer, curl switches to local name resolving and instead passes on the resolved address only. Due to this bug, the local variable that means "let the host resolve the name" could get the wrong value during a slow SOCKS5 handshake, and contrary to the intention, copy the too long host name to the target buffer instead of copying just the resolved address there. The target buffer being a heap based buffer, and the host name coming from the URL that curl has been told to operate with. Solution(s) centos-upgrade-puppet-agent centos-upgrade-rubygem-foreman_scap_client References CVE-2023-38545

CentOS Linux: CVE-2023-39333: Important: nodejs:18 security update (Multiple Advisories) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/18/2023 Created 11/01/2023 Added 11/01/2023 Modified 11/15/2023 Description Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. Solution(s) centos-upgrade-nodejs centos-upgrade-nodejs-debuginfo centos-upgrade-nodejs-debugsource centos-upgrade-nodejs-devel centos-upgrade-nodejs-docs centos-upgrade-nodejs-full-i18n centos-upgrade-nodejs-nodemon centos-upgrade-nodejs-packaging centos-upgrade-nodejs-packaging-bundler centos-upgrade-npm References CESA-2023:5849 CESA-2023:5869 CESA-2023:7205 CVE-2023-39333

CentOS Linux: CVE-2023-38546: Low: Red Hat Satellite Client bug fix and security update (CESA-2024:2101) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. Solution(s) centos-upgrade-katello-agent centos-upgrade-katello-host-tools centos-upgrade-katello-host-tools-tracer centos-upgrade-puppet-agent References CVE-2023-38546

Amazon Linux AMI 2: Security patch for containerd (ALASNITRO-ENCLAVES-2023-031) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 10/18/2023 Created 03/06/2024 Added 03/05/2024 Modified 03/05/2024 Description Containerd is not affected by CVE-2023-39325. While it contains the affected module, it does not use it in a way that exposes users to CVE-2023-39325. Solution(s) amazon-linux-ami-2-upgrade-containerd amazon-linux-ami-2-upgrade-containerd-debuginfo amazon-linux-ami-2-upgrade-containerd-stress References AL2/ALASNITRO-ENCLAVES-2023-031

Debian: CVE-2023-43803: python-urllib3 -- security update Severity 6 CVSS (AV:L/AC:L/Au:S/C:N/I:C/A:C) Published 10/18/2023 Created 11/10/2023 Added 11/09/2023 Modified 01/28/2025 Description Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint `/v2/pkgs/tools/installed` and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can delete arbitrary files or folders belonging to the user that runs the Arduino Create Agent via a crafted HTTP POST request. This issue has been addressed in version `1.3.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability. Solution(s) debian-upgrade-python-urllib3 References https://attackerkb.com/topics/cve-2023-43803 CVE - 2023-43803 DLA-3649-1

SUSE: CVE-2023-5631: SUSE Linux Security Advisory Severity 5 CVSS (AV:N/AC:M/Au:S/C:P/I:P/A:N) Published 10/18/2023 Created 11/04/2023 Added 11/03/2023 Modified 01/28/2025 Description Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. Solution(s) suse-upgrade-roundcubemail References https://attackerkb.com/topics/cve-2023-5631 CVE - 2023-5631

SUSE: CVE-2023-45145: SUSE Linux Security Advisory Severity 3 CVSS (AV:L/AC:M/Au:S/C:P/I:P/A:N) Published 10/18/2023 Created 11/01/2023 Added 11/01/2023 Modified 01/28/2025 Description Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. Solution(s) suse-upgrade-redis suse-upgrade-redis7 References https://attackerkb.com/topics/cve-2023-45145 CVE - 2023-45145

IBM AIX: curl_advisory3 (CVE-2023-38546): Security vulnerabilities in cURL for AIX Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/30/2025 Description This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. Solution(s) ibm-aix-curl_advisory3 References https://attackerkb.com/topics/cve-2023-38546 CVE - 2023-38546 https://aix.software.ibm.com/aix/efixes/security/curl_advisory3.asc

OS X update for curl (CVE-2023-38546) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 01/24/2024 Added 01/23/2024 Modified 01/30/2025 Description This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. Solution(s) apple-osx-upgrade-12_7_3 apple-osx-upgrade-13_6_4 apple-osx-upgrade-14_2 References https://attackerkb.com/topics/cve-2023-38546 CVE - 2023-38546 https://support.apple.com/en-us/120305 https://support.apple.com/en-us/120307 https://support.apple.com/kb/HT214036

SUSE: CVE-2023-46009: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:M/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 05/31/2024 Added 05/30/2024 Modified 01/28/2025 Description gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c. Solution(s) suse-upgrade-gifsicle References https://attackerkb.com/topics/cve-2023-46009 CVE - 2023-46009

OS X update for Archive Utility (CVE-2023-38545) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleEvents (CVE-2023-38546) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for Archive Utility (CVE-2023-38546) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Red Hat: CVE-2023-39331: nodejs: permission model improperly protects against path traversal (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 10/18/2023 Created 11/16/2023 Added 11/15/2023 Modified 01/28/2025 Description A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. The new path traversal vulnerability arises because the implementation does not protect itself against the application overwriting built-in utility functions with user-defined implementations. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. Solution(s) redhat-upgrade-nodejs redhat-upgrade-nodejs-debuginfo redhat-upgrade-nodejs-debugsource redhat-upgrade-nodejs-devel redhat-upgrade-nodejs-docs redhat-upgrade-nodejs-full-i18n redhat-upgrade-nodejs-nodemon redhat-upgrade-nodejs-packaging redhat-upgrade-nodejs-packaging-bundler redhat-upgrade-npm References CVE-2023-39331 RHSA-2023:7205

OS X update for Assets (CVE-2023-38545) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

OS X update for AppleGraphicsControl (CVE-2023-38546) Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2023-38546: curl security update Severity 4 CVSS (AV:N/AC:M/Au:N/C:N/I:P/A:N) Published 10/18/2023 Created 01/11/2024 Added 01/10/2024 Modified 01/30/2025 Description This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. Solution(s) huawei-euleros-2_0_sp9-upgrade-curl huawei-euleros-2_0_sp9-upgrade-libcurl References https://attackerkb.com/topics/cve-2023-38546 CVE - 2023-38546 EulerOS-SA-2023-3326

VMware Photon OS: CVE-2023-45145 Severity 2 CVSS (AV:L/AC:H/Au:S/C:P/I:P/A:N) Published 10/18/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-45145 CVE - 2023-45145

OS X update for Accounts (CVE-2023-38545) Severity 10 CVSS (AV:N/AC:L/Au:N/C:C/I:C/A:C) Published 10/18/2023 Created 10/14/2024 Added 10/14/2024 Modified 01/28/2025 Description Deprecated Solution(s)