Este boletín incluye los siguientes Avisos de seguridad de Red Hat: RHSA-2023:5689 RHSA-2023:5689 RHSA-2023:5690 RHSA-2023:5474 RHSA-2023:5587 RHSA-2023:5477 RHSA-2023:5475 RHSA-2023:5464 RHSA-2023:5462 RHSA-2023:5479 RHSA-2023:5684 RHSA-2023:5683 RHSA-2023:5539 RHSA-2023:5540 RHSA-2023:5537 RHSA-2023:5473 RHSA-2023:5460 RHSA-2023:5461 RHSA-2023:5458 RHSA-2023:5456 RHSA-2023:5454 RHSA-2023:5622 RHSA-2023:5616 RHSA-2023:5604 RHSA-2023:5603

En ellos se recogen las siguientes vulnerabilidades altas:

• bind: stack exhaustion in control channel code may lead to DoS (CVE-2023-3341)
• QEMU: VNC: improper I/O watch removal in TLS handshake can lead to remote unauthenticated denial of service (CVE-2023-3354)
• NTFS-3G: buffer overflow issue in NTFS-3G can cause code execution via crafted metadata in an NTFS image (CVE-2022-40284)
• firefox: use-after-free in workers (CVE-2023-3600)
• Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169)
• Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171)
• Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176)
• libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)
• frr: Incorrect handling of a error in parsing of an invalid section of a BGP update can de-peer a router (CVE-2023-38802)
• python: TLS handshake bypass (CVE-2023-40217)
• quarkus: HTTP security policy bypass (CVE-2023-4853)
• mariadb: node crashes with Transport endpoint is not connected mysqld got signal 6 (CVE-2023-5157)
• mariadb: use-after-poison in prepare_inplace_add_virtual in handler0alter.cc (CVE-2022-32081)
• mariadb: assertion failure at table->get_ref_count() == 0 in dict0dict.cc (CVE-2022-32082)
• mariadb: segmentation fault via the component sub_select (CVE-2022-32084)
• mariadb: server crash in st_select_lex_unit::exclude_level (CVE-2022-32089)
• mariadb: server crash in JOIN_CACHE::free or in copy_fields (CVE-2022-32091)
• mariadb: compress_write() fails to release mutex on failure (CVE-2022-38791)
• mariadb: NULL pointer dereference in spider_db_mbase::print_warnings() (CVE-2022-47015)
• libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)
• libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)
• ImageMagick: Division by zero in ReadEnhMetaFile lead to DoS (CVE-2021-40211)
• libeconf: Stack overflow in function read_file at libeconf/lib/getfilecontents.c (CVE-2023-30079)
• glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911)
• kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)
• kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation (CVE-2023-32233)
• kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
• python-reportlab: code injection in paraparser.py allows code execution (CVE-2019-19450)
• Kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128)
• kernel: nf_tables: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)
• kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
• kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)
• kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)
• kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)
• kernel: fbcon: shift-out-of-bounds in fbcon_set_font() (CVE-2023-3161)
• kernel: denial of service problem in net/unix/diag.c (CVE-2023-28327)

Se recomienda a usuarios y administradores acudir a los avisos oficiales para consultar versiones de producto afectadas y las soluciones señaladas por el fabricante para cada caso.

Para más información, cualquier otra incidencia o problema de seguridad, puede ponerse en contacto a través de nuestra dirección de correo csirt@seresco.es