HYCU 5.0.0-1643 security updates

This release contains fixes for the following vulnerabilities:

  • RHSA-2023:6943:

    • CVE-2023-1786: cloud-init: sensitive data could be exposed in logs
  • RHSA-2023:6980:

    • CVE-2021-3750: QEMU: hcd-ehci: DMA reentrancy issue leads to use-after-free
    • CVE-2023-3301: QEMU: net: triggerable assertion due to race condition in hot-unplug
  • RHSA-2023:7836:

    • CVE-2021-3468: avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket
    • CVE-2023-38469: avahi: Reachable assertion in avahi_dns_packet_append_record
    • CVE-2023-38470: avahi: Reachable assertion in avahi_escape_label
    • CVE-2023-38471: avahi: Reachable assertion in dbus_set_host_name
    • CVE-2023-38472: avahi: Reachable assertion in avahi_rdata_parse
    • CVE-2023-38473: avahi: Reachable assertion in avahi_alternative_host_name
  • RHSA-2023:7877:

    • CVE-2023-3446: openssl: Excessive time spent checking DH keys and parameters
    • CVE-2023-3817: OpenSSL: Excessive time spent checking DH q parameter value
    • CVE-2023-5678: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow
  • RHSA-2024:0105:

    • CVE-2023-5388: nss: timing attack against RSA decryption
  • RHSA-2024:0114:

    • CVE-2022-48560: python: use after free in heappushpop() of heapq module
    • CVE-2022-48564: python: DoS when processing malformed Apple Property List files in binary format
  • RHSA-2024:0116:

    • CVE-2023-43804: python-urllib3: Cookie request header isn't stripped during cross-origin redirects
    • CVE-2023-45803: urllib3: Request body not stripped after redirect from 303 status changes request method to GET
  • RHSA-2024:0119:

    • CVE-2023-39615: libxml2: crafted xml can cause global buffer overflow
  • RHSA-2024:0131:

    • CVE-2022-44638: pixman: Integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write
  • RHSA-2024:0135:

    • CVE-2023-3019: QEMU: e1000e: heap use-after-free in e1000e_write_packet_to_guest()
  • RHSA-2024:0155:

    • CVE-2023-5981: gnutls: timing side-channel in the RSA-PSK authentication
  • RHSA-2024:0253:

    • CVE-2023-7104: sqlite: heap-buffer-overflow at sessionfuzz
  • RHSA-2024:0256:

    • CVE-2023-27043: python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
  • RHSA-2024:0265:

    • CVE-2024-20918: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler (8314468)
    • CVE-2024-20919: OpenJDK: JVM class file verifier flaw allows unverified bytecode execution (8314295)
    • CVE-2024-20921: OpenJDK: range check loop optimization issue (8314307)
    • CVE-2024-20926: OpenJDK: arbitrary Java code execution in Nashorn (8314284)
    • CVE-2024-20945: OpenJDK: logging of digital signature private keys (8316976)
    • CVE-2024-20952: OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)
  • RHSA-2024:0606:

    • CVE-2023-48795: ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
    • CVE-2023-51385: openssh: potential command injection via shell metacharacters
  • RHSA-2024:0627:

    • CVE-2024-0553: gnutls: incomplete fix for CVE-2023-5981
  • RHSA-2024:0628:

    • CVE-2023-48795: ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
  • RHSA-2024:0647:

    • CVE-2021-35937: rpm: TOCTOU race in checks for unsafe symlinks
    • CVE-2021-35938: rpm: races with chown/chmod/capabilities calls during installation
    • CVE-2021-35939: rpm: checks for unsafe symlinks are not performed for intermediary directories
  • RHSA-2024:0768:

    • CVE-2020-28241: libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c
  • RHSA-2024:0769:

    • CVE-2021-41043: tcpslice: use-after-free in extract_slice()
  • RHSA-2024:0786:

    • CVE-2023-6135: nss: vulnerable to Minerva side-channel information leak
  • RHSA-2024:0811:

    • CVE-2023-28486: sudo: Sudo does not escape control characters in log messages
    • CVE-2023-28487: sudo: Sudo does not escape control characters in sudoreplay output
    • CVE-2023-42465: sudo: Targeted Corruption of Register and Stack Variables
  • RHSA-2024:0889:

    • CVE-2019-13224: oniguruma: Use-after-free in onig_new_deluxe() in regext.c
    • CVE-2019-16163: oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c
    • CVE-2019-19012: oniguruma: integer overflow in search_in_range function in regexec.c leads to out-of-bounds read
    • CVE-2019-19203: oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c
    • CVE-2019-19204: oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c
  • RHSA-2024:0965:

    • CVE-2023-50387: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
    • CVE-2023-50868: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
  • RHSA-2024:1601:

    • CVE-2023-28322: curl: more POST-after-PUT confusion
    • CVE-2023-38546: curl: cookie injection with none file
    • CVE-2023-46218: curl: information disclosure by exploiting a mixed case flaw
  • RHSA-2024:1610:

    • CVE-2022-48624: less: missing quoting of shell metacharacters in LESSCLOSE handling
  • RHSA-2024:1615:

    • CVE-2023-52425: expat: parsing large tokens can trigger a denial of service
  • RHSA-2024:1751:

    • CVE-2024-1488: unbound: unrestricted reconfiguration enabled to anyone that may lead to local privilege escalation
  • RHSA-2024:1782:

    • CVE-2023-4408: bind9: Parsing large DNS messages may cause excessive CPU load
    • CVE-2023-50387: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
    • CVE-2023-50868: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
  • RHSA-2024:1784:

    • CVE-2024-28834: gnutls: vulnerable to Minerva side-channel information leak
  • RHSA-2024:1786:

    • CVE-2024-27316: httpd: CONTINUATION frames DoS
  • RHSA-2024:1818:

    • CVE-2024-21011: OpenJDK: long Exception message leading to crash (8319851)
    • CVE-2024-21068: OpenJDK: integer overflow in C1 compiler address generation (8322122)
    • CVE-2024-21085: OpenJDK: Pack200 excessive memory allocation (8322114)
    • CVE-2024-21094: OpenJDK: C2 compilation fails with "Exceeded _node_regs array" (8317507)
  • RHSA-2024:2722:

    • CVE-2024-2961: glibc: Out of bounds write in iconv may lead to remote code execution
  • RHSA-2024:2962:

    • CVE-2023-3255: QEMU: VNC: infinite loop in inflate_buffer() leads to denial of service
    • CVE-2023-5088: QEMU: improper IDE controller reset can lead to MBR overwrite
    • CVE-2023-6683: QEMU: VNC: NULL pointer dereference in qemu_clipboard_request()
    • CVE-2023-6693: QEMU: virtio-net: stack buffer overflow in virtio_net_flush_tx()
  • RHSA-2024:2973:

    • CVE-2023-43785: libX11: out-of-bounds memory access in _XkbReadKeySyms()
    • CVE-2023-43786: libX11: stack exhaustion from infinite recursion in PutSubImage()
    • CVE-2023-43787: libX11: integer overflow in XCreateImage() leading to a heap overflow
  • RHSA-2024:2980:

    • CVE-2023-25193: harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks
  • RHSA-2024:3030:

    • CVE-2022-33065: libsndfile: integer overflow in src/mat4.c and src/au.c leads to DoS
  • RHSA-2024:3059:

    • CVE-2022-4645: libtiff: out-of-bounds read in tiffcp in tools/tiffcp.c
  • RHSA-2024:3102:

    • CVE-2024-22195: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter
  • RHSA-2024:3121:

    • CVE-2023-31122: httpd: mod_macro: out-of-bounds read vulnerability
    • CVE-2023-45802: mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487)
  • RHSA-2024:3139:

    • CVE-2021-40153: squashfs-tools: unvalidated filepaths allow writing outside of destination
    • CVE-2021-41072: squashfs-tools: possible Directory Traversal via symbolic link
  • RHSA-2024:3163:

    • CVE-2024-22365: pam: allowing unprivileged user to block another user namespace
  • RHSA-2024:3166:

    • CVE-2020-15778: openssh: scp allows command injection when using backtick characters in the destination argument
  • RHSA-2024:3184:

    • CVE-2023-4692: grub2: Out-of-bounds write at fs/ntfs.c may lead to unsigned code execution
    • CVE-2023-4693: grub2: out-of-bounds read at fs/ntfs.c
    • CVE-2024-1048: grub2: grub2-set-bootflag can be abused by local (pseudo-)users
  • RHSA-2024:3203:

    • CVE-2023-7008: systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
  • RHSA-2024:3211:

    • CVE-2023-46316: traceroute: improper command line parsing
  • RHSA-2024:3214:

    • CVE-2021-43618: gmp: Integer overflow and resultant buffer overflow via crafted input
  • RHSA-2024:3233:

    • CVE-2023-6004: libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname
    • CVE-2023-6918: libssh: Missing checks for return values for digests
  • RHSA-2024:3253:

    • CVE-2024-2494: libvirt: negative g_new0 length can lead to unbounded memory allocation
  • RHSA-2024:3268:

    • CVE-2024-26458: krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
    • CVE-2024-26461: krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
  • RHSA-2024:3269:

    • CVE-2024-2961: glibc: Out of bounds write in iconv may lead to remote code execution
  • RHSA-2024:3270:

    • CVE-2023-3758: sssd: Race condition during authorization leads to GPO policies functioning inconsistently
  • RHSA-2024:3271:

    • CVE-2023-4408: bind9: Parsing large DNS messages may cause excessive CPU load
    • CVE-2023-50387: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
    • CVE-2023-50868: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources
  • RHSA-2024:3341:

    • CVE-2022-48622: gnome: heap memory corruption on gdk-pixbuf
  • RHSA-2024:3344:

    • CVE-2024-33599: glibc: stack-based buffer overflow in netgroup cache
    • CVE-2024-33600: glibc: null pointer dereferences after failed netgroup cache insertion
    • CVE-2024-33601: glibc: netgroup cache may terminate daemon on memory allocation failure
    • CVE-2024-33602: glibc: netgroup cache assumes NSS callback uses in-buffer strings
  • RHSA-2024:3347:

    • CVE-2023-6597: python: Path traversal on tempfile.TemporaryDirectory
    • CVE-2024-0450: python: The zipfile module is vulnerable to zip-bombs leading to denial of service
  • RHSA-2024:3626:

    • CVE-2024-25062: libxml2: use-after-free in XMLReader
  • RHSA-2024:4197:

    • CVE-2023-38709: httpd: HTTP response splitting
  • RHSA-2024:4231:

    • CVE-2024-34064: jinja2: accepts keys containing non-attribute characters
  • RHSA-2024:4241:

    • CVE-2023-7250: iperf3: possible denial of service
    • CVE-2024-26306: iperf3: vulnerable to marvin attack if the authentication option is used
  • RHSA-2024:4249:

    • CVE-2024-25629: c-ares: Out of bounds read in ares__read_line()
  • RHSA-2024:4252:

    • CVE-2024-28182: nghttp2: CONTINUATION frames DoS
  • RHSA-2024:4256:

    • CVE-2022-48624: less: missing quoting of shell metacharacters in LESSCLOSE handling
    • CVE-2024-32487: less: OS command injection
  • RHSA-2024:4260:

    • CVE-2024-3651: python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode()
  • RHSA-2024:4264:

    • CVE-2023-2953: openldap: null pointer dereference in ber_memalloc_x function
  • RHSA-2024:4265:

    • CVE-2024-35235: cups: Cupsd Listen arbitrary chmod 0140777
  • RHSA-2024:4563:

    • CVE-2024-21131: OpenJDK: potential UTF8 size overflow (8314794)
    • CVE-2024-21138: OpenJDK: Excessive symbol length can lead to infinite loop (8319859)
    • CVE-2024-21140: OpenJDK: Range Check Elimination (RCE) pre-loop limit overflow (8320548)
    • CVE-2024-21144: OpenJDK: Pack200 increase loading time due to improper header validation (8322106)
    • CVE-2024-21145: OpenJDK: Out-of-bounds access in 2D image handling (8324559)
    • CVE-2024-21147: OpenJDK: RangeCheckElimination array index overflow (8323231)
  • RHSA-2024:4620:

    • CVE-2024-5564: libndp: buffer overflow in route information length field
  • RHSA-2024:4720:

    • CVE-2024-38473: httpd: Encoding problem in mod_proxy
    • CVE-2024-38474: httpd: Substitution encoding issue in mod_rewrite
    • CVE-2024-38475: httpd: Improper escaping of output in mod_rewrite
    • CVE-2024-38477: httpd: NULL pointer dereference in mod_proxy
    • CVE-2024-39573: httpd: Potential SSRF in mod_rewrite
  • RHSA-2024:5079:

    • CVE-2018-15209: libtiff: Heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c
    • CVE-2023-6228: libtiff: heap-based buffer overflow in cpStripToTile() in tools/tiffcp.c
    • CVE-2023-25433: libtiff: Buffer Overflow via /libtiff/tools/tiffcrop.c
    • CVE-2023-52356: libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service
  • RHSA-2024:5193:

    • CVE-2024-38476: httpd: Security issues via backend applications whose response headers are malicious or exploitable
  • RHSA-2024:5299:

    • CVE-2024-38428: wget: Misinterpretation of input may lead to improper behavior
  • RHSA-2024:5309:

    • CVE-2024-37891: urllib3: proxy-authorization request header is not stripped during cross-origin redirects
  • RHSA-2024:5312:

    • CVE-2024-37370: krb5: GSS message token handling
    • CVE-2024-37371: krb5: GSS message token handling
  • RHSA-2024:5524:

    • CVE-2024-1737: bind: bind9: BIND’s database will be slow if a very large number of RRs exist at the same nam
    • CVE-2024-1975: bind9: bind: SIG(0) can be used to exhaust CPU resources
  • RHSA-2024:5530:

    • CVE-2024-6345: pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
  • RHSA-2024:5654:

    • CVE-2024-2398: curl: HTTP/2 push headers memory-leak
  • RHSA-2024:6001:

    • CVE-2024-4317: postgresql: PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks
    • CVE-2024-7348: postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
  • RHSA-2024:7848:

    • CVE-2024-5535: openssl: SSL_select_next_proto buffer overread
Was this article helpful?
1 out of 2 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section