This release contains fixes for the following vulnerabilities:
-
- CVE-2023-1786: cloud-init: sensitive data could be exposed in logs
-
- CVE-2021-3750: QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free
- CVE-2023-3301: QEMU: net: triggerable assertion due to race condition in hot-unplug
-
- CVE-2021-3468: avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket
- CVE-2023-38469: avahi: Reachable assertion in avahi_dns_packet_append_record
- CVE-2023-38470: avahi: Reachable assertion in avahi_escape_label
- CVE-2023-38471: avahi: Reachable assertion in dbus_set_host_name
- CVE-2023-38472: avahi: Reachable assertion in avahi_rdata_parse
- CVE-2023-38473: avahi: Reachable assertion in avahi_alternative_host_name
-
- CVE-2023-3446: openssl: Excessive time spent checking DH keys and parameters
- CVE-2023-3817: OpenSSL: Excessive time spent checking DH q parameter value
- CVE-2023-5678: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow
-
- CVE-2023-5388: nss: timing attack against RSA decryption
-
- CVE-2022-48560: python: use after free in heappushpop() of heapq module
- CVE-2022-48564: python: DoS when processing malformed Apple Property List files in binary format
-
- CVE-2023-43804: python-urllib3: Cookie request header isn't stripped during cross-origin redirects
- CVE-2023-45803: urllib3: Request body not stripped after redirect from 303 status changes request method to GET
-
- CVE-2023-39615: libxml2: crafted xml can cause global buffer overflow
-
- CVE-2022-44638: pixman: Integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write
-
- CVE-2023-3019: QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest()
-
- CVE-2023-5981: gnutls: timing side-channel in the RSA-PSK authentication
-
- CVE-2023-7104: sqlite: heap-buffer-overflow at sessionfuzz
-
- CVE-2023-27043: python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
-
- CVE-2024-20918: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)
- CVE-2024-20919: OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
- CVE-2024-20921: OpenJDK: range check loop optimization issue (8314307)
- CVE-2024-20926: OpenJDK: arbitrary Java code execution in Nashorn (8314284)
- CVE-2024-20945: OpenJDK: logging of digital signature private keys (8316976)
- CVE-2024-20952: OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
-
- CVE-2023-48795: ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
- CVE-2023-51385: openssh: potential command injection via shell metacharacters
-
- CVE-2024-0553: gnutls: incomplete fix for CVE-2023-5981
-
- CVE-2023-48795: ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
-
- CVE-2021-35937: rpm: TOCTOU race in checks for unsafe symlinks
- CVE-2021-35938: rpm: races with chown/chmod/capabilities calls during installation
- CVE-2021-35939: rpm: checks for unsafe symlinks are not performed for intermediary directories
-
- CVE-2020-28241: libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c
-
- CVE-2021-41043: tcpslice: use-after-free in extract_slice()
-
- CVE-2023-6135: nss: vulnerable to Minerva side-channel information leak
-
- CVE-2023-28486: sudo: Sudo does not escape control characters in log messages
- CVE-2023-28487: sudo: Sudo does not escape control characters in sudoreplay output
- CVE-2023-42465: sudo: Targeted Corruption of Register and Stack Variables
-
- CVE-2019-13224: oniguruma: Use-after-free in onig_new_deluxe() in regext.c
- CVE-2019-16163: oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
- CVE-2019-19012: oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read
- CVE-2019-19203: oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
- CVE-2019-19204: oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
-
- CVE-2023-50387: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
- CVE-2023-50868: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
-
- CVE-2023-28322: curl: more POST-after-PUT confusion
- CVE-2023-38546: curl: cookie injection with none file
- CVE-2023-46218: curl: information disclosure by exploiting a mixed case flaw
-
- CVE-2022-48624: less: missing quoting of shell metacharacters in LESSCLOSE handling
-
- CVE-2023-52425: expat: parsing large tokens can trigger a denial of service
-
- CVE-2024-1488: unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
-
- CVE-2023-4408: bind9: Parsing large DNS messages may cause excessive CPU load
- CVE-2023-50387: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
- CVE-2023-50868: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
-
- CVE-2024-28834: gnutls: vulnerable to Minerva side-channel information leak
-
- CVE-2024-27316: httpd: CONTINUATION frames DoS
-
- CVE-2024-21011: OpenJDK: long Exception message leading to crash (8319851)
- CVE-2024-21068: OpenJDK: integer overflow in C1 compiler address generation (8322122)
- CVE-2024-21085: OpenJDK: Pack200 excessive memory allocation (8322114)
- CVE-2024-21094: OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507)
-
- CVE-2024-2961: glibc: Out of bounds write in iconv may lead to remote code execution
-
- CVE-2023-3255: QEMU: VNC: infinite loop in inflate_buffer() leads to denial of service
- CVE-2023-5088: QEMU: improper IDE controller reset can lead to MBR overwrite
- CVE-2023-6683: QEMU: VNC: NULL pointer dereference in qemu_clipboard_request()
- CVE-2023-6693: QEMU: virtio-net: stack buffer overflow in virtio_net_flush_tx()
-
- CVE-2023-43785: libX11: out-of-bounds memory access in _XkbReadKeySyms()
- CVE-2023-43786: libX11: stack exhaustion from infinite recursion in PutSubImage()
- CVE-2023-43787: libX11: integer overflow in XCreateImage() leading to a heap overflow
-
- CVE-2023-25193: harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks
-
- CVE-2022-33065: libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS
-
- CVE-2022-4645: libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c
-
- CVE-2024-22195: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter
-
- CVE-2023-31122: httpd: mod_macro: out-of-bounds read vulnerability
- CVE-2023-45802: mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)
-
- CVE-2021-40153: squashfs-tools: unvalidated filepaths allow writing outside of destination
- CVE-2021-41072: squashfs-tools: possible Directory Traversal via symbolic link
-
- CVE-2024-22365: pam: allowing unprivileged user to block another user namespace
-
- CVE-2020-15778: openssh: scp allows command injection when using backtick characters in the destination argument
-
- CVE-2023-4692: grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution
- CVE-2023-4693: grub2: out-of-bounds read at fs/ntfs.c
- CVE-2024-1048: grub2: grub2-set-bootflag can be abused by local (pseudo-)users
-
- CVE-2023-7008: systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
-
- CVE-2023-46316: traceroute: improper command line parsing
-
- CVE-2021-43618: gmp: Integer overflow and resultant buffer overflow via crafted input
-
- CVE-2023-6004: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname
- CVE-2023-6918: libssh: Missing checks for return values for digests
-
- CVE-2024-2494: libvirt: negative g_new0 length can lead to unbounded memory allocation
-
- CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
- CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
-
- CVE-2024-2961: glibc: Out of bounds write in iconv may lead to remote code execution
-
- CVE-2023-3758: sssd: Race condition during authorization leads to GPO policies functioning inconsistently
-
- CVE-2023-4408: bind9: Parsing large DNS messages may cause excessive CPU load
- CVE-2023-50387: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
- CVE-2023-50868: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
-
- CVE-2022-48622: gnome: heap memory corruption on gdk-pixbuf
-
- CVE-2024-33599: glibc: stack-based buffer overflow in netgroup cache
- CVE-2024-33600: glibc: null pointer dereferences after failed netgroup cache insertion
- CVE-2024-33601: glibc: netgroup cache may terminate daemon on memory allocation failure
- CVE-2024-33602: glibc: netgroup cache assumes NSS callback uses in-buffer strings
-
- CVE-2023-6597: python: Path traversal on tempfile.TemporaryDirectory
- CVE-2024-0450: python: The zipfile module is vulnerable to zip-bombs leading to denial of service
-
- CVE-2024-25062: libxml2: use-after-free in XMLReader
-
- CVE-2023-38709: httpd: HTTP response splitting
-
- CVE-2024-34064: jinja2: accepts keys containing non-attribute characters
-
- CVE-2023-7250: iperf3: possible denial of service
- CVE-2024-26306: iperf3: vulnerable to marvin attack if the authentication option is used
-
- CVE-2024-25629: c-ares: Out of bounds read in ares__read_line()
-
- CVE-2024-28182: nghttp2: CONTINUATION frames DoS
-
- CVE-2022-48624: less: missing quoting of shell metacharacters in LESSCLOSE handling
- CVE-2024-32487: less: OS command injection
-
- CVE-2024-3651: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()
-
- CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function
-
- CVE-2024-35235: cups: Cupsd Listen arbitrary chmod 0140777
-
- CVE-2024-21131: OpenJDK: potential UTF8 size overflow (8314794)
- CVE-2024-21138: OpenJDK: Excessive symbol length can lead to infinite loop (8319859)
- CVE-2024-21140: OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)
- CVE-2024-21144: OpenJDK: Pack200 increase loading time due to improper header validation (8322106)
- CVE-2024-21145: OpenJDK: Out-of-bounds access in 2D image handling (8324559)
- CVE-2024-21147: OpenJDK: RangeCheckElimination array index overflow (8323231)
-
- CVE-2024-5564: libndp: buffer overflow in route information length field
-
- CVE-2024-38473: httpd: Encoding problem in mod_proxy
- CVE-2024-38474: httpd: Substitution encoding issue in mod_rewrite
- CVE-2024-38475: httpd: Improper escaping of output in mod_rewrite
- CVE-2024-38477: httpd: NULL pointer dereference in mod_proxy
- CVE-2024-39573: httpd: Potential SSRF in mod_rewrite
-
- CVE-2018-15209: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
- CVE-2023-6228: libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c
- CVE-2023-25433: libtiff: Buffer Overflow via /libtiff/tools/tiffcrop.c
- CVE-2023-52356: libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service
-
- CVE-2024-38476: httpd: Security issues via backend applications whose response headers are malicious or exploitable
-
- CVE-2024-38428: wget: Misinterpretation of input may lead to improper behavior
-
- CVE-2024-37891: urllib3: proxy-authorization request header is not stripped during cross-origin redirects
-
- CVE-2024-37370: krb5: GSS message token handling
- CVE-2024-37371: krb5: GSS message token handling
-
- CVE-2024-1737: bind: bind9: BIND’s database will be slow if a very large number of RRs exist at the same nam
- CVE-2024-1975: bind9: bind: SIG(0) can be used to exhaust CPU resources
-
- CVE-2024-6345: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
-
- CVE-2024-2398: curl: HTTP/2 push headers memory-leak
-
- CVE-2024-4317: postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks
- CVE-2024-7348: postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
-
- CVE-2024-5535: openssl: SSL_select_next_proto buffer overread
Comments
Please sign in to leave a comment.