9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.739 High
EPSS
Percentile
98.1%
An update is available for libdb.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Rocky Enterprise Software Foundation Satellite is a systems management tool for Linux-based
infrastructure. It allows for provisioning, remote management, and
monitoring of multiple Linux deployments with a single centralized tool.
Security Fix(es):
golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)
kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)
foreman: OS command injection via ct_command and fcct_command (CVE-2022-3874)
ruby-git: code injection vulnerability (CVE-2022-46648)
ruby-git: code injection vulnerability (CVE-2022-47318)
Foreman: Arbitrary code execution through templates (CVE-2023-0118)
rubygem-activerecord: SQL Injection (CVE-2023-22794)
openssl: c_rehash script allows command injection (CVE-2022-1292)
openssl: the c_rehash script allows command injection (CVE-2022-2068)
Pulp:Tokens stored in plaintext (CVE-2022-3644)
satellite: Blind SSRF via Referer header (CVE-2022-4130)
python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server (CVE-2022-40899)
golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)
rubygem-activerecord: Denial of Service (CVE-2022-44566)
rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44570)
rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44571)
rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44572)
Foreman: Stored cross-site scripting in host tab (CVE-2023-0119)
puppet: Puppet Server ReDoS (CVE-2023-1894)
rubygem-actionpack: Denial of Service in Action Dispatch (CVE-2023-22792)
rubygem-actionpack: Denial of Service in Action Dispatch (CVE-2023-22795)
rubygem-activesupport: Regular Expression Denial of Service (CVE-2023-22796)
rubygem-globalid: ReDoS vulnerability (CVE-2023-22799)
rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)
rubygem-rack: denial of service in header parsing (CVE-2023-27539)
golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)
sqlparse: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (CVE-2023-30608)
python-django: Potential bypass of validation when uploading multiple files using one form field (CVE-2023-31047)
python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)
python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
rocky | 8 | x86_64 | libdb-cxx | < 5.3.28-42.el8_4 | libdb-cxx-0:5.3.28-42.el8_4.x86_64.rpm |
rocky | 8 | x86_64 | libdb-cxx-debuginfo | < 5.3.28-42.el8_4 | libdb-cxx-debuginfo-0:5.3.28-42.el8_4.x86_64.rpm |
rocky | 8 | x86_64 | libdb-debuginfo | < 5.3.28-42.el8_4 | libdb-debuginfo-0:5.3.28-42.el8_4.x86_64.rpm |
rocky | 8 | x86_64 | libdb-debugsource | < 5.3.28-42.el8_4 | libdb-debugsource-0:5.3.28-42.el8_4.x86_64.rpm |
rocky | 8 | x86_64 | libdb-sql-debuginfo | < 5.3.28-42.el8_4 | libdb-sql-debuginfo-0:5.3.28-42.el8_4.x86_64.rpm |
rocky | 8 | x86_64 | libdb-sql-devel-debuginfo | < 5.3.28-42.el8_4 | libdb-sql-devel-debuginfo-0:5.3.28-42.el8_4.x86_64.rpm |
rocky | 8 | x86_64 | libdb-utils-debuginfo | < 5.3.28-42.el8_4 | libdb-utils-debuginfo-0:5.3.28-42.el8_4.x86_64.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.739 High
EPSS
Percentile
98.1%