TLP:CLEAR PAP:WHITE
Alertas de errores de producto de Rocky Linux
Descripción
RXSA-2023:5244 : actualización de seguridad del kernel, de corrección de errores y de mejoras. Hay una actualización disponible para el kernel.
- kernel: ipvlan: out-of-bounds write caused by unclear skb->cb (CVE-2023-3090)
- kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)
- kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)
- kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove() (CVE-2023-4004)
- kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
- kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt() (CVE-2023-35788)
- kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)
- hw: amd: Cross-Process Information Leak (CVE-2023-20593)
- dotnet: RCE under dotnet commands (CVE-2023-35390)
- dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180)
- ghostscript: vulnerable to OS command injection due to mishandles permission validation for pipe devices (CVE-2023-36664)
- python: TLS handshake bypass (CVE-2023-40217)
- Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)
- Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)
- Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)
- Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)
- Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (CVE-2023-4584)
- Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (CVE-2023-4585)
- Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)
- Mozilla: Full screen notification obscured by external program (CVE-2023-4053)
- Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (CVE-2023-4578)
- Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)
- Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)
- Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)
- kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)
- kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation (CVE-2023-1281)
- kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter (CVE-2023-1829)
- kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235)
- kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)
- kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer() (CVE-2023-2194)
- glibc: buffer overflow in ld.so leading to privilege escalation (CVE-2023-4911)
- glibc: Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527)
- glibc: potential use-after-free in getaddrinfo() (CVE-2023-4806)
- glibc: potential use-after-free in gaih_inet() (CVE-2023-4813)
- libwebp: Heap buffer overflow in WebP Codec (CVE-2023-4863)
Productos afectados
- Rocky Linux SIG Cloud 8
- Rocky Linux 8
- Rocky Linux 9
Riesgo
Alto
Soluciones
Se recomienda descargar y actualizar los paquetes de actualización puestos a disposición por parte de Rocky Linux en su página oficial.
Referencias
Contacto
Para más información, cualquier otra incidencia o problema de seguridad, puede ponerse en contacto a través de nuestra dirección de correo csirt@seresco.es