Medium: kernel

Issue Overview: An issue was discovered in fs/iouring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service deadlock because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25...

Important: kernel-livepatch-5.10.162-141.675

Issue Overview: kernel: Type confusion in picknextrtentity, which can result in memory corruption. CVE-2023-1077 dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition with a resultant use-after-free or NULL pointer dereference...

Important: kernel-livepatch-5.10.173-154.642

Issue Overview: dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition with a resultant use-after-free or NULL pointer dereference. CVE-2023-28466 Affected Packages: kernel-livepatch-5.10.173-154.642 Issue Correction: Please ensur...

Important: kernel

Issue Overview: A use-after-free vulnerability was found in nfs42sscopen in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial of service. CVE-2022-4379 In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of...

Important: kernel-livepatch-5.10.167-147.601

Issue Overview: kernel: Type confusion in picknextrtentity, which can result in memory corruption. CVE-2023-1077 dotlsgetsockopt in net/tls/tlsmain.c in the Linux kernel through 6.2.6 lacks a locksock call, leading to a race condition with a resultant use-after-free or NULL pointer dereference...

Important: kernel

Issue Overview: A flaw was found in the Linux kernel Traffic Control TC subsystem. Using a specific networking configuration redirecting egress packets to ingress using TC action "mirred" a local unprivileged user could trigger a CPU soft lockup ABBA deadlock when the transport protocol in use TC...

Important: ecs-service-connect-agent

Issue Overview: Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token JWT checks and forge fake original paths. The header x-envoy-original-path should be an interna...

Medium: vim

Issue Overview: A heap-based buffer overflow vulnerability was found in GitHub repository vim/vim prior to 9.0.1376 in Vim's utfptr2char function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into...

Medium: wireshark

Issue Overview: ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file CVE-2023-1161 Affected Packages: wireshark Issue Correction: Run dnf update wireshark --releasever 2023.0.20230329 or dnf...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Do all initialization before exposing /dev/kvm to userspace CVE-2022-49932 A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege...

Important: tar

Issue Overview: GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in fromheader in list.c via a V7 archive in which mtime has approximate...

Medium: python-werkzeug

Issue Overview: Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =Host-test=bad for...

Medium: ImageMagick

Issue Overview: A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulti...

Important: emacs

Issue Overview: org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. CVE-2023-28617 Affected Packages: emacs Issue Correction: Run dnf update emacs...

Medium: yasm

Issue Overview: An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasmexprgetintnum in libyasm/expr.c. CVE-2021-33454 An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasmparserdirective in modules/parsers/nasm/nasm-parse.c...

Important: mariadb105

Issue Overview: MariaDB v10.7 was discovered to contain an use-after-poison in in interceptormemset at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc. CVE-2022-32091 In MariaDB before 10.9.2, compresswrite in extra/mariabackup/dscompress.cc does not release datamutex upon a stream...

Medium: redis6

Issue Overview: Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The...

Medium: containerd

Issue Overview: containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to...

Important: emacs

Issue Overview: GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags " command suggest...

Important: gd

Issue Overview: DISPUTED gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and...

Low: openvpn

Issue Overview: OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials...

Important: exim

Issue Overview: The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending. CVE-2021-38371 Affected Packages: exim Issue Correction: Run yum update exim or yum update --advisory ALAS-2023-1722 to update your system. New Packages: i686: ...

Important: microcode_ctl

Issue Overview: Insufficient granularity of access control in out-of-band management in some IntelR Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access. CVE-2022-21216 Incorrect default permissions in some...

Important: db4

Issue Overview: Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...

Important: kernel-livepatch-5.10.165-143.735

Issue Overview: The upstream bug report describes this issue as follows: A flaw found in the Linux Kernel in RDS Reliable Datagram Sockets protocol. The rdsrmzerocopycallback uses listentry on the head of a list causing a type confusion. Local user can trigger this with rdsmessageput. Type...

Medium: python-babel

Issue Overview: Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via directory traversal, leading to code execution. CVE-2021-42771 Affected Packages: python-babel Issue Correction: Run yum update python-babel or yum upda...

Medium: containerd

Issue Overview: containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to...

Medium: containerd

Issue Overview: containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to...

Important: python38

Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

Important: kernel-livepatch-5.10.162-141.675

Issue Overview: The upstream bug report describes this issue as follows: A flaw found in the Linux Kernel in RDS Reliable Datagram Sockets protocol. The rdsrmzerocopycallback uses listentry on the head of a list causing a type confusion. Local user can trigger this with rdsmessageput. Type...

Important: kernel-livepatch-5.10.157-139.675

Issue Overview: The upstream bug report describes this issue as follows: A flaw found in the Linux Kernel in RDS Reliable Datagram Sockets protocol. The rdsrmzerocopycallback uses listentry on the head of a list causing a type confusion. Local user can trigger this with rdsmessageput. Type...

Medium: docker

Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...

Important: ghostscript

Issue Overview: A heap-based buffer over write vulnerability was found in GhostScript's lp8000printpage function in gdevlp8k.c file. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service...

Important: kernel-livepatch-5.10.167-147.601

Issue Overview: The upstream bug report describes this issue as follows: A flaw found in the Linux Kernel in RDS Reliable Datagram Sockets protocol. The rdsrmzerocopycallback uses listentry on the head of a list causing a type confusion. Local user can trigger this with rdsmessageput. Type...

Important: log4j

Issue Overview: A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

Medium: containerd

Issue Overview: containerd is an open source container runtime. A bug was found in containerd's CRI implementation where a user can exhaust memory on the host. In the CRI stream server, a goroutine is launched to handle terminal resize events if a TTY is requested. If the user's process fails to...

Important: kernel-livepatch-4.14.304-226.531

Issue Overview: In the Linux kernel before 6.1.13, there is a double free in net/mpls/afmpls.c upon an allocation failure for registering the sysctl table under a new location during the renaming of a device. CVE-2023-26545 Affected Packages: kernel-livepatch-4.14.304-226.531 Issue Correction:...

Important: vim

Issue Overview: A heap buffer overflow vulnerability was found in vim's inscomplinfercasegettext function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially...

Important: kernel-livepatch-4.14.301-225.528

Issue Overview: In the Linux kernel before 6.1.13, there is a double free in net/mpls/afmpls.c upon an allocation failure for registering the sysctl table under a new location during the renaming of a device. CVE-2023-26545 Affected Packages: kernel-livepatch-4.14.301-225.528 Issue Correction:...

Important: sssd

Issue Overview: A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access...

Medium: yasm

Issue Overview: An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasmexprgetintnum in libyasm/expr.c. CVE-2021-33454 An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasmparserdirective in modules/parsers/nasm/nasm-parse.c...

Important: python-twisted-web

Issue Overview: A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass...

Medium: docker

Issue Overview: A flaw was found in Moby. This flaw allows an attacker to bypass primary group restrictions due to a flaw in the supplementary group access setup. CVE-2022-36109 Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker...

Important: kernel-livepatch-4.14.305-227.531

Issue Overview: In the Linux kernel before 6.1.13, there is a double free in net/mpls/afmpls.c upon an allocation failure for registering the sysctl table under a new location during the renaming of a device. CVE-2023-26545 Affected Packages: kernel-livepatch-4.14.305-227.531 Issue Correction:...

Important: python27

Issue Overview: An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service...

Important: systemd

Issue Overview: systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched...

Medium: dbus

Issue Overview: An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. CVE-2022-42010 An...

Important: xstream

Issue Overview: XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code...

Medium: python-twisted-web

Issue Overview: Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResource resource which renders the Host header unescaped into the 404 response allowi...

Medium: gstreamer-plugins-good

Issue Overview: GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. CVE-2021-3497 Affected Packages: gstreamer-plugins-good Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for...