FEDORA-EPEL-2023-55df79c1ba
Packages in this update:
netconsd-0.2-1.el9
Update description:
Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655
netconsd-0.2-1.el9
Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655
netconsd-0.2-1.fc36
Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655
netconsd-0.2-1.fc37
Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655
netconsd-0.2-1.fc38
Update to 0.2 to address CVE-2023-28753; Fixes: RHBZ#2181655
A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object’s callback function.
A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user.
An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user’s password is changed by an administrator due to an otherwise unrelated credential leak, that user account’s current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. This vulnerability is mitigated by the use of the Platform Login feature. This issue is related to CVE-2019-5638.
curl-7.82.0-14.fc36
fix SSH connection too eager reuse still (CVE-2023-27538)
fix GSS delegation too eager connection re-use (CVE-2023-27536)
fix FTP too eager connection reuse (CVE-2023-27535)
fix SFTP path ~ resolving discrepancy (CVE-2023-27534)
fix TELNET option IAC injection (CVE-2023-27533)
curl-7.87.0-7.fc38
fix SSH connection too eager reuse still (CVE-2023-27538)
fix HSTS double-free (CVE-2023-27537)
fix GSS delegation too eager connection re-use (CVE-2023-27536)
fix FTP too eager connection reuse (CVE-2023-27535)
fix SFTP path ~ resolving discrepancy (CVE-2023-27534)
fix TELNET option IAC injection (CVE-2023-27533)