This release contains fixes for the following vulnerabilities:
-
- CVE-2023-29491: Local users can trigger security-relevant memory corruption via malformed data
-
- CVE-2023-30630: dump-bin to overwrite a local file
-
- CVE-2023-20900: SAML token signature bypass
-
- CVE-2023-0800: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c
- CVE-2023-0801: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c
- CVE-2023-0802: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c
- CVE-2023-0803: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c
- CVE-2023-0804: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c
-
- CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaaa mode
- CVE-2023-4806: potential use-after-free in getaddrinfo()
- CVE-2023-4813: potential use-after-free in gaih_inet()
- CVE-2023-4911: buffer overflow in ld.so leading to privilege escalation
-
- CVE-2023-3341: stack exhaustion in control channel code may lead to DoS
-
- CVE-2022-40433: segmentation fault in ciMethodBlocks
- CVE-2023-22067: IOR deserialization issue in CORBA (8303384)
- CVE-2023-22081: certificate path validation issue during client authentication (8309966)
-
- CVE-2023-44487: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
-
- CVE-2023-40217: TLS handshake bypass
-
- CVE-2022-48468: protobuf-c: unsigned integer overflow in parse_required_member
-
- CVE-2020-12762: json-c, libfastjson: integer overflow and out-of-bounds write via a large JSON file
-
- CVE-2023-3138: libX11: InitExt.c can overwrite unintended portions of the Display structure if the extension request leads to a buffer overflow
-
- CVE-2023-33460: yajl: Memory leak in yajl_tree_parse function
-
- CVE-2023-23931: python-cryptography: memory corruption via immutable objects
-
- CVE-2023-4641: shadow-utils: possible password leak during passwd(1) change
-
- CVE-2022-4904: c-ares: buffer overflow in config_sortlist() due to missing string length check
-
- CVE-2022-2127: samba: out-of-bounds read in winbind AUTH_CRAP
- CVE-2023-34966: samba: infinite loop in mdssvc RPC service for spotlight
- CVE-2023-34967: samba: type confusion in mdssvc RPC service for spotlight
- CVE-2023-34968: samba: spotlight server-side share path disclosure
-
- CVE-2007-4559: python: tarfile module directory traversal
-
- CVE-2023-32324: cups: heap buffer overflow may lead to DoS
- CVE-2023-34241: cups: use-after-free in cupsdAcceptClient() in scheduler/client.c
-
- CVE-2023-22745: tpm2-tss: Buffer Overlow in TSS2_RC_Decode
-
- CVE-2023-31486: http-tiny: insecure TLS cert default
-
- CVE-2007-4559: python: tarfile module directory traversal
-
- CVE-2022-3094: bind: flooding with UPDATE requests may lead to DoS
-
- CVE-2023-4016: procps: ps buffer overflow
-
- CVE-2023-1981: avahi: avahi-daemon can be crashed via DBus
-
- CVE-2020-22217: c-ares: Heap buffer over read in ares_parse_soa_reply
- CVE-2023-31130: c-ares: Buffer Underwrite in ares_inet_net_pton()
-
- CVE-2023-34058: open-vm-tools: SAML token signature bypass
- CVE-2023-34059: open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper
-
- CVE-2023-3961: samba: smbd allows client access to unix domain sockets on the file system as root
- CVE-2023-4091: samba: SMB clients can truncate files with read-only permissions
- CVE-2023-42669: samba: "rpcecho" development server allows denial of service via sleep() call on AD DC
Comments
Please sign in to leave a comment.