The order is designed to help ensure Ai systems are safe, secure and trustworthy
Monthly Archives: October 2023
mlpack-4.2.1-4.el8
FEDORA-EPEL-2023-672d5d9003
Packages in this update:
mlpack-4.2.1-4.el8
Update description:
Use RPM macros for python and cmake build directory
CVE-2020-25870
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2018-11103
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
salt-3005.4-1.fc37
FEDORA-2023-89e8f3efc5
Packages in this update:
salt-3005.4-1.fc37
Update description:
Fix for CVE-2023-34049
salt-3006.4-1.fc38
FEDORA-2023-a6699df922
Packages in this update:
salt-3006.4-1.fc38
Update description:
Fix for CVE-2023-34049
salt-3005.4-1.el9
FEDORA-EPEL-2023-747e8b0ab1
Packages in this update:
salt-3005.4-1.el9
Update description:
Fix for CVE-2023-34049
salt-3006.4-1.fc39
FEDORA-2023-3eda7b85f5
Packages in this update:
salt-3006.4-1.fc39
Update description:
Fix for CVE-2023-34049
USN-6459-1: MySQL vulnerabilities
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.35 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 23.04, and Ubuntu 23.10.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-35.html
https://www.oracle.com/security-alerts/cpuoct2023.html
USN-6458-1: Slurm vulnerabilities
It was discovered that Slurm did not properly handle credential
management, which could allow an unprivileged user to impersonate the
SlurmUser account. An attacker could possibly use this issue to execute
arbitrary code as the root user. (CVE-2022-29500)
It was discovered that Slurm did not properly handle access control when
dealing with RPC traffic through PMI2 and PMIx, which could allow an
unprivileged user to send data to an arbitrary unix socket in the host.
An attacker could possibly use this issue to execute arbitrary code as
the root user. (CVE-2022-29501)
It was discovered that Slurm did not properly handle validation logic when
processing input and output data with the srun client, which could lead to
the interception of process I/O. An attacker could possibly use this issue
to expose sensitive information or execute arbitrary code. This issue only
affected Ubuntu 22.04 LTS. (CVE-2022-29502)