NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-25235
• https://access.redhat.com/errata/RHSA-2022:0951
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
• http://www.openwall.com/lists/oss-security/2022/02/19/1
• https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
• https://github.com/libexpat/libexpat/pull/562
• https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
• https://security.gentoo.org/glsa/202209-24
• https://security.netapp.com/advisory/ntap-20220303-0008/
• https://www.debian.org/security/2022/dsa-5085
• https://www.oracle.com/security-alerts/cpuapr2022.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-25236
• https://access.redhat.com/errata/RHSA-2022:0951
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
• http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html
• http://www.openwall.com/lists/oss-security/2022/02/19/1
• https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
• https://github.com/libexpat/libexpat/pull/561
• https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
• https://security.gentoo.org/glsa/202209-24
• https://security.netapp.com/advisory/ntap-20220303-0008/
• https://www.debian.org/security/2022/dsa-5085
• https://www.oracle.com/security-alerts/cpuapr2022.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-22823
• https://access.redhat.com/errata/RHSA-2022:0951
• http://www.openwall.com/lists/oss-security/2022/01/17/3
• https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
• https://github.com/libexpat/libexpat/pull/539
• https://security.gentoo.org/glsa/202209-24
• https://www.debian.org/security/2022/dsa-5073
• https://www.tenable.com/security/tns-2022-05

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-22822
• https://access.redhat.com/errata/RHSA-2022:0951
• http://www.openwall.com/lists/oss-security/2022/01/17/3
• https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
• https://github.com/libexpat/libexpat/pull/539
• https://security.gentoo.org/glsa/202209-24
• https://www.debian.org/security/2022/dsa-5073
• https://www.tenable.com/security/tns-2022-05

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-23852
• https://access.redhat.com/errata/RHSA-2022:0951
• https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
• https://github.com/libexpat/libexpat/pull/550
• https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
• https://security.gentoo.org/glsa/202209-24
• https://security.netapp.com/advisory/ntap-20220217-0001/
• https://www.debian.org/security/2022/dsa-5073
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://www.tenable.com/security/tns-2022-05

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-22824
• https://access.redhat.com/errata/RHSA-2022:0951
• http://www.openwall.com/lists/oss-security/2022/01/17/3
• https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
• https://github.com/libexpat/libexpat/pull/539
• https://security.gentoo.org/glsa/202209-24
• https://www.debian.org/security/2022/dsa-5073
• https://www.tenable.com/security/tns-2022-05

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-25315
• https://access.redhat.com/errata/RHSA-2022:0951
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
• http://www.openwall.com/lists/oss-security/2022/02/19/1
• https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
• https://github.com/libexpat/libexpat/pull/559
• https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/
• https://security.gentoo.org/glsa/202209-24
• https://security.netapp.com/advisory/ntap-20220303-0008/
• https://www.debian.org/security/2022/dsa-5085
• https://www.oracle.com/security-alerts/cpuapr2022.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2 package and not the glib2 package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption.

Remediation

Upgrade Centos:8 glib2 to version 0:2.56.4-10.el8_4 or higher.

References

• https://security.netapp.com/advisory/ntap-20210319-0004/
• https://access.redhat.com/security/cve/CVE-2021-27219
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/
• https://gitlab.gnome.org/GNOME/glib/-/issues/2319
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
• https://access.redhat.com/errata/RHSA-2021:2170
• https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
• https://lists.debian.org/debian-lts-announce/2022/06/msg00006.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2REA7RVKN7ZHRLJOEGBRQKJIPZQPAELZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JJMPNDO4GDVURYQFYKFOWY5HAF4FTEPN/
• https://security.gentoo.org/glsa/202107-13

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Remediation

Upgrade Centos:8 systemd to version 0:239-58.el8_6.4 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-2526
• https://access.redhat.com/errata/RHSA-2022:6206
• https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c
• https://security.netapp.com/advisory/ntap-20221111-0005/

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd-libs package and not the systemd-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Remediation

Upgrade Centos:8 systemd-libs to version 0:239-58.el8_6.4 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-2526
• https://access.redhat.com/errata/RHSA-2022:6206
• https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c
• https://security.netapp.com/advisory/ntap-20221111-0005/

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd-pam package and not the systemd-pam package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Remediation

Upgrade Centos:8 systemd-pam to version 0:239-58.el8_6.4 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-2526
• https://access.redhat.com/errata/RHSA-2022:6206
• https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c
• https://security.netapp.com/advisory/ntap-20221111-0005/

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd-udev package and not the systemd-udev package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.

Remediation

Upgrade Centos:8 systemd-udev to version 0:239-58.el8_6.4 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-2526
• https://access.redhat.com/errata/RHSA-2022:6206
• https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c
• https://security.netapp.com/advisory/ntap-20221111-0005/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-21.el8_10.1 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-49794
• https://bugzilla.redhat.com/show_bug.cgi?id=2372373
• https://access.redhat.com/errata/RHSA-2025:10698

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-21.el8_10.1 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-49796
• https://bugzilla.redhat.com/show_bug.cgi?id=2372385
• https://access.redhat.com/errata/RHSA-2025:10698

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5-libs package and not the krb5-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Remediation

Upgrade Centos:8 krb5-libs to version 0:1.18.2-30.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-3596
• https://www.kb.cert.org/vuls/id/456537
• https://security.netapp.com/advisory/ntap-20240822-0001/
• https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol
• https://cert-portal.siemens.com/productcert/html/ssa-723487.html
• https://cert-portal.siemens.com/productcert/html/ssa-794185.html
• http://www.openwall.com/lists/oss-security/2024/07/09/4
• https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
• https://datatracker.ietf.org/doc/html/rfc2865
• https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
• https://www.blastradius.fail/

NVD Description

Note: Versions mentioned in the description apply only to the upstream cyrus-sasl-lib package and not the cyrus-sasl-lib package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

Remediation

Upgrade Centos:8 cyrus-sasl-lib to version 0:2.1.27-6.el8_5 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-24407
• https://access.redhat.com/errata/RHSA-2022:0658
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/
• http://www.openwall.com/lists/oss-security/2022/02/23/4
• https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst
• https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/
• https://security.netapp.com/advisory/ntap-20221007-0003/
• https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
• https://www.debian.org/security/2022/dsa-5087
• https://www.oracle.com/security-alerts/cpujul2022.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2021-45960
• https://access.redhat.com/errata/RHSA-2022:0951
• http://www.openwall.com/lists/oss-security/2022/01/17/3
• https://bugzilla.mozilla.org/show_bug.cgi?id=1217609
• https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
• https://github.com/libexpat/libexpat/issues/531
• https://github.com/libexpat/libexpat/pull/534
• https://security.gentoo.org/glsa/202209-24
• https://security.netapp.com/advisory/ntap-20220121-0004/
• https://www.debian.org/security/2022/dsa-5073
• https://www.tenable.com/security/tns-2022-05

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-22826
• https://access.redhat.com/errata/RHSA-2022:0951
• http://www.openwall.com/lists/oss-security/2022/01/17/3
• https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
• https://github.com/libexpat/libexpat/pull/539
• https://security.gentoo.org/glsa/202209-24
• https://www.debian.org/security/2022/dsa-5073
• https://www.tenable.com/security/tns-2022-05

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-22825
• https://access.redhat.com/errata/RHSA-2022:0951
• http://www.openwall.com/lists/oss-security/2022/01/17/3
• https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
• https://github.com/libexpat/libexpat/pull/539
• https://security.gentoo.org/glsa/202209-24
• https://www.debian.org/security/2022/dsa-5073
• https://www.tenable.com/security/tns-2022-05

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-22827
• https://access.redhat.com/errata/RHSA-2022:0951
• http://www.openwall.com/lists/oss-security/2022/01/17/3
• https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
• https://github.com/libexpat/libexpat/pull/539
• https://security.gentoo.org/glsa/202209-24
• https://www.debian.org/security/2022/dsa-5073
• https://www.tenable.com/security/tns-2022-05

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-251.el8_10.1 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-2961
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
• http://www.openwall.com/lists/oss-security/2024/04/17/9
• http://www.openwall.com/lists/oss-security/2024/04/18/4
• http://www.openwall.com/lists/oss-security/2024/04/24/2
• http://www.openwall.com/lists/oss-security/2024/05/27/1
• http://www.openwall.com/lists/oss-security/2024/05/27/2
• http://www.openwall.com/lists/oss-security/2024/05/27/3
• http://www.openwall.com/lists/oss-security/2024/05/27/4
• http://www.openwall.com/lists/oss-security/2024/05/27/5
• http://www.openwall.com/lists/oss-security/2024/05/27/6
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
• https://security.netapp.com/advisory/ntap-20240531-0002/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
• https://github.com/ambionics/cnext-exploits
• https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/cves/2024/CVE-2024-2961.yaml

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-251.el8_10.1 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-2961
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
• http://www.openwall.com/lists/oss-security/2024/04/17/9
• http://www.openwall.com/lists/oss-security/2024/04/18/4
• http://www.openwall.com/lists/oss-security/2024/04/24/2
• http://www.openwall.com/lists/oss-security/2024/05/27/1
• http://www.openwall.com/lists/oss-security/2024/05/27/2
• http://www.openwall.com/lists/oss-security/2024/05/27/3
• http://www.openwall.com/lists/oss-security/2024/05/27/4
• http://www.openwall.com/lists/oss-security/2024/05/27/5
• http://www.openwall.com/lists/oss-security/2024/05/27/6
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
• https://security.netapp.com/advisory/ntap-20240531-0002/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
• https://github.com/ambionics/cnext-exploits
• https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/cves/2024/CVE-2024-2961.yaml

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-minimal-langpack package and not the glibc-minimal-langpack package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-251.el8_10.1 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-2961
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p1
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p2
• https://www.ambionics.io/blog/iconv-cve-2024-2961-p3
• http://www.openwall.com/lists/oss-security/2024/04/17/9
• http://www.openwall.com/lists/oss-security/2024/04/18/4
• http://www.openwall.com/lists/oss-security/2024/04/24/2
• http://www.openwall.com/lists/oss-security/2024/05/27/1
• http://www.openwall.com/lists/oss-security/2024/05/27/2
• http://www.openwall.com/lists/oss-security/2024/05/27/3
• http://www.openwall.com/lists/oss-security/2024/05/27/4
• http://www.openwall.com/lists/oss-security/2024/05/27/5
• http://www.openwall.com/lists/oss-security/2024/05/27/6
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/
• https://security.netapp.com/advisory/ntap-20240531-0002/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004
• https://github.com/ambionics/cnext-exploits
• https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/cves/2024/CVE-2024-2961.yaml

NVD Description

Note: Versions mentioned in the description apply only to the upstream gzip package and not the gzip package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Remediation

Upgrade Centos:8 gzip to version 0:1.9-13.el8_5 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-1271
• https://access.redhat.com/errata/RHSA-2022:1537
• https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
• https://bugzilla.redhat.com/show_bug.cgi?id=2073310
• https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
• https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
• https://security-tracker.debian.org/tracker/CVE-2022-1271
• https://security.gentoo.org/glsa/202209-01
• https://security.netapp.com/advisory/ntap-20220930-0006/
• https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
• https://www.openwall.com/lists/oss-security/2022/04/07/8

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5-libs package and not the krb5-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."

Remediation

Upgrade Centos:8 krb5-libs to version 0:1.18.2-22.el8_7 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-42898
• https://access.redhat.com/errata/RHSA-2022:8638
• https://bugzilla.samba.org/show_bug.cgi?id=15203
• https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c
• https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583
• https://security.gentoo.org/glsa/202309-06
• https://security.gentoo.org/glsa/202310-06
• https://security.netapp.com/advisory/ntap-20230216-0008/
• https://security.netapp.com/advisory/ntap-20230223-0001/
• https://web.mit.edu/kerberos/advisories/
• https://web.mit.edu/kerberos/krb5-1.19/
• https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt
• https://www.samba.org/samba/security/CVE-2022-42898.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream platform-python-setuptools package and not the platform-python-setuptools package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

Remediation

Upgrade Centos:8 platform-python-setuptools to version 0:39.2.0-8.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-6345
• https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0
• https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-setuptools-wheel package and not the python3-setuptools-wheel package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

Remediation

Upgrade Centos:8 python3-setuptools-wheel to version 0:39.2.0-8.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-6345
• https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0
• https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5

NVD Description

Note: Versions mentioned in the description apply only to the upstream xz package and not the xz package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Remediation

Upgrade Centos:8 xz to version 0:5.2.4-4.el8_6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-1271
• https://access.redhat.com/errata/RHSA-2022:4991
• https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
• https://bugzilla.redhat.com/show_bug.cgi?id=2073310
• https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
• https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
• https://security-tracker.debian.org/tracker/CVE-2022-1271
• https://security.gentoo.org/glsa/202209-01
• https://security.netapp.com/advisory/ntap-20220930-0006/
• https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
• https://www.openwall.com/lists/oss-security/2022/04/07/8

NVD Description

Note: Versions mentioned in the description apply only to the upstream xz-libs package and not the xz-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.

Remediation

Upgrade Centos:8 xz-libs to version 0:5.2.4-4.el8_6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-1271
• https://access.redhat.com/errata/RHSA-2022:4991
• https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
• https://bugzilla.redhat.com/show_bug.cgi?id=2073310
• https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6
• https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
• https://security-tracker.debian.org/tracker/CVE-2022-1271
• https://security.gentoo.org/glsa/202209-01
• https://security.netapp.com/advisory/ntap-20220930-0006/
• https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch
• https://www.openwall.com/lists/oss-security/2022/04/07/8

NVD Description

Note: Versions mentioned in the description apply only to the upstream less package and not the less package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

Remediation

Upgrade Centos:8 less to version 0:530-3.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-32487
• http://www.openwall.com/lists/oss-security/2024/04/15/1
• https://github.com/gwsw/less/commit/007521ac3c95bc76e3d59c6dbfe75d06c8075c33
• https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html
• https://security.netapp.com/advisory/ntap-20240605-0009/
• https://www.openwall.com/lists/oss-security/2024/04/12/5
• https://www.openwall.com/lists/oss-security/2024/04/13/2

NVD Description

Note: Versions mentioned in the description apply only to the upstream libksba package and not the libksba package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

Remediation

Upgrade Centos:8 libksba to version 0:1.3.5-8.el8_6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-3515
• https://access.redhat.com/errata/RHSA-2022:7089
• https://bugzilla.redhat.com/show_bug.cgi?id=2135610
• https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b
• https://security.netapp.com/advisory/ntap-20230706-0008/
• https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream libksba package and not the libksba package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.

Remediation

Upgrade Centos:8 libksba to version 0:1.3.5-9.el8_7 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-47629
• https://access.redhat.com/errata/RHSA-2023:0625
• https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
• https://dev.gnupg.org/T6284
• https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
• https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html
• https://security.gentoo.org/glsa/202212-07
• https://security.netapp.com/advisory/ntap-20230316-0011/
• https://www.debian.org/security/2022/dsa-5305

NVD Description

Note: Versions mentioned in the description apply only to the upstream platform-python package and not the platform-python package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-51.el8_8.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-40217
• https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
• https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
• https://security.netapp.com/advisory/ntap-20231006-0014/
• https://www.python.org/dev/security/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-libs package and not the python3-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-51.el8_8.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-40217
• https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
• https://mail.python.org/archives/list/security-announce%40python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
• https://security.netapp.com/advisory/ntap-20231006-0014/
• https://www.python.org/dev/security/

NVD Description

Note: Versions mentioned in the description apply only to the upstream zlib package and not the zlib package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

Remediation

Upgrade Centos:8 zlib to version 0:1.2.11-18.el8_5 or higher.

References

• https://access.redhat.com/security/cve/CVE-2018-25032
• https://access.redhat.com/errata/RHSA-2022:1642
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
• http://seclists.org/fulldisclosure/2022/May/33
• http://seclists.org/fulldisclosure/2022/May/35
• http://seclists.org/fulldisclosure/2022/May/38
• http://www.openwall.com/lists/oss-security/2022/03/25/2
• http://www.openwall.com/lists/oss-security/2022/03/26/1
• https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
• https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
• https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
• https://github.com/madler/zlib/issues/605
• https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
• https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
• https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DF62MVMH3QUGMBDCB3DY2ERQ6EBHTADB/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
• https://security.gentoo.org/glsa/202210-42
• https://security.netapp.com/advisory/ntap-20220526-0009/
• https://security.netapp.com/advisory/ntap-20220729-0004/
• https://support.apple.com/kb/HT213255
• https://support.apple.com/kb/HT213256
• https://support.apple.com/kb/HT213257
• https://www.debian.org/security/2022/dsa-5111
• https://www.openwall.com/lists/oss-security/2022/03/24/1
• https://www.openwall.com/lists/oss-security/2022/03/28/1
• https://www.openwall.com/lists/oss-security/2022/03/28/3
• https://www.oracle.com/security-alerts/cpujul2022.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-8.el8_6.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-40674
• https://access.redhat.com/errata/RHSA-2022:6878
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/
• https://github.com/libexpat/libexpat/pull/629
• https://github.com/libexpat/libexpat/pull/640
• https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/
• https://security.gentoo.org/glsa/202209-24
• https://security.gentoo.org/glsa/202211-06
• https://security.netapp.com/advisory/ntap-20221028-0008/
• https://www.debian.org/security/2022/dsa-5236

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls package and not the gnutls package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Remediation

Upgrade Centos:8 gnutls to version 0:3.6.14-8.el8_3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2021-20305
• https://www.debian.org/security/2021/dsa-4933
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/
• https://security.gentoo.org/glsa/202105-31
• https://bugzilla.redhat.com/show_bug.cgi?id=1942533
• https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html
• https://access.redhat.com/errata/RHSA-2021:1206
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/
• https://security.netapp.com/advisory/ntap-20211022-0002/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-19.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-56171
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
• https://security.netapp.com/advisory/ntap-20250328-0010/

NVD Description

Note: Versions mentioned in the description apply only to the upstream nettle package and not the nettle package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.

Remediation

Upgrade Centos:8 nettle to version 0:3.4.1-4.el8_3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2021-20305
• https://www.debian.org/security/2021/dsa-4933
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/
• https://security.gentoo.org/glsa/202105-31
• https://bugzilla.redhat.com/show_bug.cgi?id=1942533
• https://lists.debian.org/debian-lts-announce/2021/09/msg00008.html
• https://access.redhat.com/errata/RHSA-2021:1206
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQKWVVMAIDAJ7YAA3VVO32BHLDOH2E63/
• https://security.netapp.com/advisory/ntap-20211022-0002/

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Remediation

Upgrade Centos:8 expat to version 0:2.2.5-4.el8_5.3 or higher.

References

• https://access.redhat.com/security/cve/CVE-2021-46143
• https://access.redhat.com/errata/RHSA-2022:0951
• http://www.openwall.com/lists/oss-security/2022/01/17/3
• https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
• https://github.com/libexpat/libexpat/issues/532
• https://github.com/libexpat/libexpat/pull/538
• https://security.gentoo.org/glsa/202209-24
• https://security.netapp.com/advisory/ntap-20220121-0006/
• https://www.debian.org/security/2022/dsa-5073
• https://www.tenable.com/security/tns-2022-05

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-225.el8_8.6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4911
• http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
• http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
• http://seclists.org/fulldisclosure/2023/Oct/11
• http://www.openwall.com/lists/oss-security/2023/10/03/2
• http://www.openwall.com/lists/oss-security/2023/10/03/3
• http://www.openwall.com/lists/oss-security/2023/10/05/1
• http://www.openwall.com/lists/oss-security/2023/10/13/11
• http://www.openwall.com/lists/oss-security/2023/10/14/3
• http://www.openwall.com/lists/oss-security/2023/10/14/5
• http://www.openwall.com/lists/oss-security/2023/10/14/6
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
• https://security.gentoo.org/glsa/202310-03
• https://security.netapp.com/advisory/ntap-20231013-0006/
• https://www.debian.org/security/2023/dsa-5514
• https://access.redhat.com/errata/RHBA-2024:2413
• https://access.redhat.com/errata/RHSA-2023:5455
• https://bugzilla.redhat.com/show_bug.cgi?id=2238352
• https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
• https://www.qualys.com/cve-2023-4911/
• https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2023/CVE-2023-4911.yaml
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• https://github.com/KernelKrise/CVE-2023-4911

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-225.el8_8.6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4911
• http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
• http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
• http://seclists.org/fulldisclosure/2023/Oct/11
• http://www.openwall.com/lists/oss-security/2023/10/03/2
• http://www.openwall.com/lists/oss-security/2023/10/03/3
• http://www.openwall.com/lists/oss-security/2023/10/05/1
• http://www.openwall.com/lists/oss-security/2023/10/13/11
• http://www.openwall.com/lists/oss-security/2023/10/14/3
• http://www.openwall.com/lists/oss-security/2023/10/14/5
• http://www.openwall.com/lists/oss-security/2023/10/14/6
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
• https://security.gentoo.org/glsa/202310-03
• https://security.netapp.com/advisory/ntap-20231013-0006/
• https://www.debian.org/security/2023/dsa-5514
• https://access.redhat.com/errata/RHBA-2024:2413
• https://access.redhat.com/errata/RHSA-2023:5455
• https://bugzilla.redhat.com/show_bug.cgi?id=2238352
• https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
• https://www.qualys.com/cve-2023-4911/
• https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2023/CVE-2023-4911.yaml
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• https://github.com/KernelKrise/CVE-2023-4911

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-minimal-langpack package and not the glibc-minimal-langpack package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-225.el8_8.6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4911
• http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html
• http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html
• http://seclists.org/fulldisclosure/2023/Oct/11
• http://www.openwall.com/lists/oss-security/2023/10/03/2
• http://www.openwall.com/lists/oss-security/2023/10/03/3
• http://www.openwall.com/lists/oss-security/2023/10/05/1
• http://www.openwall.com/lists/oss-security/2023/10/13/11
• http://www.openwall.com/lists/oss-security/2023/10/14/3
• http://www.openwall.com/lists/oss-security/2023/10/14/5
• http://www.openwall.com/lists/oss-security/2023/10/14/6
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
• https://security.gentoo.org/glsa/202310-03
• https://security.netapp.com/advisory/ntap-20231013-0006/
• https://www.debian.org/security/2023/dsa-5514
• https://access.redhat.com/errata/RHBA-2024:2413
• https://access.redhat.com/errata/RHSA-2023:5455
• https://bugzilla.redhat.com/show_bug.cgi?id=2238352
• https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
• https://www.qualys.com/cve-2023-4911/
• https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2023/CVE-2023-4911.yaml
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• https://github.com/KernelKrise/CVE-2023-4911

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-19.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-24928
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
• https://issues.oss-fuzz.com/issues/392687022
• https://security.netapp.com/advisory/ntap-20250321-0006/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-21.el8_10.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-7425
• https://bugzilla.redhat.com/show_bug.cgi?id=2379274
• https://access.redhat.com/errata/RHSA-2025:12450
• https://gitlab.gnome.org/GNOME/libxslt/-/issues/140

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Remediation

Upgrade Centos:8 pam to version 0:1.3.1-37.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-6020
• https://bugzilla.redhat.com/show_bug.cgi?id=2372512
• http://www.openwall.com/lists/oss-security/2025/06/17/1
• https://access.redhat.com/errata/RHSA-2025:10027

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Remediation

Upgrade Centos:8 pam to version 0:1.3.1-38.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-8941
• https://bugzilla.redhat.com/show_bug.cgi?id=2388220
• https://access.redhat.com/errata/RHSA-2025:14557

NVD Description

Note: Versions mentioned in the description apply only to the upstream platform-python package and not the platform-python package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-62.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-6597
• http://www.openwall.com/lists/oss-security/2024/03/20/5
• https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a
• https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25
• https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5
• https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d
• https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82
• https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b
• https://github.com/python/cpython/issues/91133
• https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/
• https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-libs package and not the python3-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-62.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-6597
• http://www.openwall.com/lists/oss-security/2024/03/20/5
• https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a
• https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25
• https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5
• https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d
• https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82
• https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b
• https://github.com/python/cpython/issues/91133
• https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/
• https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite-libs package and not the sqlite-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Remediation

Upgrade Centos:8 sqlite-libs to version 0:3.26.0-20.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-6965
• https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

nscd: Stack-based buffer overflow in netgroup cache

If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-251.el8_10.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-33599
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0011/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

nscd: Stack-based buffer overflow in netgroup cache

If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-251.el8_10.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-33599
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0011/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-minimal-langpack package and not the glibc-minimal-langpack package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

nscd: Stack-based buffer overflow in netgroup cache

If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-251.el8_10.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-33599
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0011/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005

NVD Description

Note: Versions mentioned in the description apply only to the upstream platform-python package and not the platform-python package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature.

Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.

Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-70.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-12718
• https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
• https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
• https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
• https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
• https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
• https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
• https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1
• https://github.com/python/cpython/issues/127987

NVD Description

Note: Versions mentioned in the description apply only to the upstream platform-python package and not the platform-python package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data".

You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information.

Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.

Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-70.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-4517
• https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
• https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
• https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
• https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
• https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
• https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
• https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-libs package and not the python3-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extraction directory. You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information. Only Python versions 3.12 or later are affected by these vulnerabilities, earlier versions don't include the extraction filter feature.

Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.

Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-70.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-12718
• https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
• https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
• https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
• https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
• https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
• https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
• https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1
• https://github.com/python/cpython/issues/127987

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-libs package and not the python3-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data".

You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information.

Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.

Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-70.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-4517
• https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
• https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
• https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
• https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
• https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
• https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
• https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit.

It has been discovered that the effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-8.el8_8.1 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-2828
• http://www.openwall.com/lists/oss-security/2023/06/21/6
• https://kb.isc.org/docs/cve-2023-2828
• https://lists.debian.org/debian-lts-announce/2023/07/msg00021.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEFCEVCTYEMKTWA7V7EYPI5YQQ4JWDLI/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3K6AJK7RRSR53HRF5GGKPA6PDUDWOD2/
• https://security.netapp.com/advisory/ntap-20230703-0010/
• https://www.debian.org/security/2023/dsa-5439

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

The code that processes control channel messages sent to named calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing named to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-8.el8_8.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-3341
• http://www.openwall.com/lists/oss-security/2023/09/20/2
• https://kb.isc.org/docs/cve-2023-3341
• https://lists.debian.org/debian-lts-announce/2024/01/msg00021.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPJLLTJCSDJJII7IIZPLTBQNWP7MZH7F/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U35OARLQCPMVCBBPHWBXY5M6XJLD2TZ5/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSK5V4W4OHPM3JTJGWAQD6CZW7SFD75B/
• https://security.netapp.com/advisory/ntap-20231013-0003/
• https://www.debian.org/security/2023/dsa-5504

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-3.el8_6.1 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-38177
• https://access.redhat.com/errata/RHSA-2022:6778
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
• http://www.openwall.com/lists/oss-security/2022/09/21/3
• https://kb.isc.org/docs/cve-2022-38177
• https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
• https://security.gentoo.org/glsa/202210-25
• https://security.netapp.com/advisory/ntap-20221228-0010/
• https://www.debian.org/security/2022/dsa-5235

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-3.el8_6.1 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-38178
• https://access.redhat.com/errata/RHSA-2022:6778
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
• http://www.openwall.com/lists/oss-security/2022/09/21/3
• https://kb.isc.org/docs/cve-2022-38178
• https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/
• https://security.gentoo.org/glsa/202210-25
• https://security.netapp.com/advisory/ntap-20221228-0009/
• https://www.debian.org/security/2022/dsa-5235

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.26-4.el8_4 or higher.

References

• https://kb.isc.org/v1/docs/cve-2021-25215
• https://security.netapp.com/advisory/ntap-20210521-0006/
• https://access.redhat.com/security/cve/CVE-2021-25215
• https://www.debian.org/security/2021/dsa-4909
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://lists.debian.org/debian-lts-announce/2021/05/msg00001.html
• http://www.openwall.com/lists/oss-security/2021/04/29/1
• http://www.openwall.com/lists/oss-security/2021/04/29/2
• http://www.openwall.com/lists/oss-security/2021/04/29/3
• http://www.openwall.com/lists/oss-security/2021/04/29/4
• https://access.redhat.com/errata/RHSA-2021:1989
• https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VEC2XG4Q2ODTN2C4CGXEIXU3EUTBMK7L/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDSRPCJQ7MZC6CENH5PO3VQOFI7VSWBE/

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

The DNS message parsing code in named includes a section whose computational complexity is overly high. It does not cause problems for typical DNS traffic, but crafted queries and responses may cause excessive CPU load on the affected named instance by exploiting this flaw. This issue affects both authoritative servers and recursive resolvers. This issue affects BIND 9 versions 9.0.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-14.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4408
• http://www.openwall.com/lists/oss-security/2024/02/13/1
• https://kb.isc.org/docs/cve-2023-4408
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
• https://security.netapp.com/advisory/ntap-20240426-0001/

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-14.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-50387
• https://datatracker.ietf.org/doc/html/rfc4035
• http://www.openwall.com/lists/oss-security/2024/02/16/2
• http://www.openwall.com/lists/oss-security/2024/02/16/3
• https://bugzilla.suse.com/show_bug.cgi?id=1219823
• https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
• https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
• https://kb.isc.org/docs/cve-2023-50387
• https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html
• https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
• https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387
• https://news.ycombinator.com/item?id=39367411
• https://news.ycombinator.com/item?id=39372384
• https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
• https://security.netapp.com/advisory/ntap-20240307-0007/
• https://www.athene-center.de/aktuelles/key-trap
• https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf
• https://www.isc.org/blogs/2024-bind-security-release/
• https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/
• https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/
• https://github.com/knqyf263/CVE-2023-50387

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-14.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-50868
• http://www.openwall.com/lists/oss-security/2024/02/16/2
• http://www.openwall.com/lists/oss-security/2024/02/16/3
• https://bugzilla.suse.com/show_bug.cgi?id=1219826
• https://datatracker.ietf.org/doc/html/rfc5155
• https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
• https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1
• https://kb.isc.org/docs/cve-2023-50868
• https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html
• https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/
• https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html
• https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/
• https://security.netapp.com/advisory/ntap-20240307-0008/
• https://www.isc.org/blogs/2024-bind-security-release/

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.4-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-16.el8_10.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-1737
• http://www.openwall.com/lists/oss-security/2024/07/31/2
• http://www.openwall.com/lists/oss-security/2024/07/23/1
• https://kb.isc.org/docs/cve-2024-1737
• https://kb.isc.org/docs/rrset-limits-in-zones
• https://security.netapp.com/advisory/ntap-20240731-0003/

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests. This issue affects BIND 9 versions 9.0.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.9.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.49-S1, and 9.18.11-S1 through 9.18.27-S1.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-16.el8_10.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-1975
• http://www.openwall.com/lists/oss-security/2024/07/31/2
• http://www.openwall.com/lists/oss-security/2024/07/23/1
• https://kb.isc.org/docs/cve-2024-1975
• https://security.netapp.com/advisory/ntap-20240731-0002/

NVD Description

Note: Versions mentioned in the description apply only to the upstream bind-export-libs package and not the bind-export-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.

Remediation

Upgrade Centos:8 bind-export-libs to version 32:9.11.36-16.el8_10.4 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-11187
• https://kb.isc.org/docs/cve-2024-11187
• https://security.netapp.com/advisory/ntap-20250207-0002/
• https://lists.debian.org/debian-lts-announce/2025/02/msg00011.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream libnghttp2 package and not the libnghttp2 package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Remediation

Upgrade Centos:8 libnghttp2 to version 0:1.33.0-5.el8_8 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-44487
• https://chaos.social/@icing/111210915918780532
• https://github.com/hyperium/hyper/issues/3337
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
• https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
• http://www.openwall.com/lists/oss-security/2023/10/10/6
• http://www.openwall.com/lists/oss-security/2023/10/10/7
• https://github.com/grpc/grpc/releases/tag/v1.59.2
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ
• http://www.openwall.com/lists/oss-security/2023/10/13/4
• http://www.openwall.com/lists/oss-security/2023/10/13/9
• http://www.openwall.com/lists/oss-security/2023/10/18/4
• http://www.openwall.com/lists/oss-security/2023/10/18/8
• http://www.openwall.com/lists/oss-security/2023/10/19/6
• http://www.openwall.com/lists/oss-security/2023/10/20/8
• https://access.redhat.com/security/cve/cve-2023-44487
• https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
• https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
• https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
• https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
• https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
• https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
• https://blog.vespa.ai/cve-2023-44487/
• https://bugzilla.proxmox.com/show_bug.cgi?id=4988
• https://bugzilla.redhat.com/show_bug.cgi?id=2242803
• https://bugzilla.suse.com/show_bug.cgi?id=1216123
• https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
• https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
• https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
• https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
• https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
• https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
• https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
• https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
• https://github.com/Azure/AKS/issues/3947
• https://github.com/Kong/kong/discussions/11741
• https://github.com/advisories/GHSA-qppj-fm5r-hxr3
• https://github.com/advisories/GHSA-vx74-f528-fxqg
• https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
• https://github.com/akka/akka-http/issues/4323
• https://github.com/alibaba/tengine/issues/1872
• https://github.com/apache/apisix/issues/10320
• https://github.com/apache/httpd-site/pull/10
• https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
• https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
• https://github.com/apache/trafficserver/pull/10564
• https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
• https://github.com/bcdannyboy/CVE-2023-44487
• https://github.com/caddyserver/caddy/issues/5877
• https://github.com/caddyserver/caddy/releases/tag/v2.7.5
• https://github.com/dotnet/announcements/issues/277
• https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
• https://github.com/eclipse/jetty.project/issues/10679
• https://github.com/envoyproxy/envoy/pull/30055
• https://github.com/etcd-io/etcd/issues/16740
• https://github.com/facebook/proxygen/pull/466
• https://github.com/golang/go/issues/63417
• https://github.com/grpc/grpc-go/pull/6703
• https://github.com/h2o/h2o/pull/3291
• https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
• https://github.com/haproxy/haproxy/issues/2312
• https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
• https://github.com/junkurihara/rust-rpxy/issues/97
• https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
• https://github.com/kazu-yamamoto/http2/issues/93
• https://github.com/kubernetes/kubernetes/pull/121120
• https://github.com/line/armeria/pull/5232
• https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
• https://github.com/micrictor/http2-rst-stream
• https://github.com/microsoft/CBL-Mariner/pull/6381
• https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
• https://github.com/nghttp2/nghttp2/pull/1961
• https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
• https://github.com/ninenines/cowboy/issues/1615
• https://github.com/nodejs/node/pull/50121
• https://github.com/openresty/openresty/issues/930
• https://github.com/opensearch-project/data-prepper/issues/3474
• https://github.com/oqtane/oqtane.framework/discussions/3367
• https://github.com/projectcontour/contour/pull/5826
• https://github.com/tempesta-tech/tempesta/issues/1986
• https://github.com/varnishcache/varnish-cache/issues/3996
• https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
• https://istio.io/latest/news/security/istio-security-2023-004/
• https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
• https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
• https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html
• https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html
• https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html
• https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
• https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
• https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
• https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
• https://my.f5.com/manage/s/article/K000137106
• https://netty.io/news/2023/10/10/4-1-100-Final.html
• https://news.ycombinator.com/item?id=37830987
• https://news.ycombinator.com/item?id=37830998
• https://news.ycombinator.com/item?id=37831062
• https://news.ycombinator.com/item?id=37837043
• https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
• https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
• https://security.gentoo.org/glsa/202311-09
• https://security.netapp.com/advisory/ntap-20231016-0001/
• https://security.netapp.com/advisory/ntap-20240426-0007/
• https://security.netapp.com/advisory/ntap-20240621-0006/
• https://security.netapp.com/advisory/ntap-20240621-0007/
• https://security.paloaltonetworks.com/CVE-2023-44487
• https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
• https://ubuntu.com/security/CVE-2023-44487
• https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
• https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
• https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
• https://www.debian.org/security/2023/dsa-5521
• https://www.debian.org/security/2023/dsa-5522
• https://www.debian.org/security/2023/dsa-5540
• https://www.debian.org/security/2023/dsa-5549
• https://www.debian.org/security/2023/dsa-5558
• https://www.debian.org/security/2023/dsa-5570
• https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
• https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
• https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
• https://www.openwall.com/lists/oss-security/2023/10/10/6
• https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
• https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• https://github.com/studiogangster/CVE-2023-44487

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Remediation

Upgrade Centos:8 libxml2 to version 0:2.9.7-21.el8_10.1 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-6021
• https://bugzilla.redhat.com/show_bug.cgi?id=2372406
• https://access.redhat.com/errata/RHSA-2025:10698
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/926

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack.

The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected.

These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0.

The OpenSSL asn1parse command line application is also impacted by this issue.

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1k-9.el8_7 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-4450
• https://access.redhat.com/errata/RHSA-2023:1405
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b
• https://security.gentoo.org/glsa/202402-08
• https://www.openssl.org/news/secadv/20230207.txt

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1k-6.el8_5 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-0778
• https://access.redhat.com/errata/RHSA-2022:1065
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/
• http://packetstormsecurity.com/files/167344/OpenSSL-1.0.2-1.1.1-3.0-BN_mod_sqrt-Infinite-Loop.html
• http://seclists.org/fulldisclosure/2022/May/33
• http://seclists.org/fulldisclosure/2022/May/35
• http://seclists.org/fulldisclosure/2022/May/38
• https://cert-portal.siemens.com/productcert/pdf/ssa-712929.pdf
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=3118eb64934499d93db3230748a452351d1d9a65
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=380085481c64de749a6dd25cdf0bcf4360b30f83
• https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a466912611aa6cbdf550cd10601390e587451246
• https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html
• https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002
• https://security.gentoo.org/glsa/202210-02
• https://security.netapp.com/advisory/ntap-20220321-0002/
• https://security.netapp.com/advisory/ntap-20220429-0005/
• https://security.netapp.com/advisory/ntap-20240621-0006/
• https://support.apple.com/kb/HT213255
• https://support.apple.com/kb/HT213256
• https://support.apple.com/kb/HT213257
• https://www.debian.org/security/2022/dsa-5103
• https://www.openssl.org/news/secadv/20220315.txt
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://www.oracle.com/security-alerts/cpujul2022.html
• https://www.tenable.com/security/tns-2022-06
• https://www.tenable.com/security/tns-2022-07
• https://www.tenable.com/security/tns-2022-08
• https://www.tenable.com/security/tns-2022-09
• https://github.com/jkakavas/CVE-2022-0778-POC

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications.

The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash.

This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.

Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream.

The OpenSSL cms and smime command line applications are similarly affected.

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1k-9.el8_7 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-0215
• https://access.redhat.com/errata/RHSA-2023:1405
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344
• https://security.gentoo.org/glsa/202402-08
• https://security.netapp.com/advisory/ntap-20230427-0007/
• https://security.netapp.com/advisory/ntap-20230427-0009/
• https://security.netapp.com/advisory/ntap-20240621-0006/
• https://www.openssl.org/news/secadv/20230207.txt

NVD Description

Note: Versions mentioned in the description apply only to the upstream platform-python package and not the platform-python package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.

You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information.

Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.

Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-70.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-4138
• https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
• https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
• https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
• https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
• https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
• https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
• https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

NVD Description

Note: Versions mentioned in the description apply only to the upstream platform-python package and not the platform-python package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-51.el8_8.1 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-24329
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/
• https://github.com/python/cpython/issues/102153
• https://github.com/python/cpython/pull/99421
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/
• https://pointernull.com/security/python-url-parse-problem.html
• https://security.netapp.com/advisory/ntap-20230324-0004/
• https://www.kb.cert.org/vuls/id/127587

NVD Description

Note: Versions mentioned in the description apply only to the upstream platform-python package and not the platform-python package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-70.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-4435
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
• https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
• https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
• https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
• https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
• https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
• https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-libs package and not the python3-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.

You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information.

Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.

Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-70.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-4138
• https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
• https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
• https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
• https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
• https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
• https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
• https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-libs package and not the python3-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-51.el8_8.1 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-24329
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/
• https://github.com/python/cpython/issues/102153
• https://github.com/python/cpython/pull/99421
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/
• https://pointernull.com/security/python-url-parse-problem.html
• https://security.netapp.com/advisory/ntap-20230324-0004/
• https://www.kb.cert.org/vuls/id/127587

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-libs package and not the python3-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-70.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-4435
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
• https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
• https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
• https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
• https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
• https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
• https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.

When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1k-9.el8_7 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-0286
• https://access.redhat.com/errata/RHSA-2023:1405
• https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt
• https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658
• https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d
• https://security.gentoo.org/glsa/202402-08
• https://www.openssl.org/news/secadv/20230207.txt

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.

Remediation

Upgrade Centos:8 pam to version 0:1.3.1-36.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-10963
• https://bugzilla.redhat.com/show_bug.cgi?id=2324291
• https://access.redhat.com/errata/RHSA-2024:10379

NVD Description

Note: Versions mentioned in the description apply only to the upstream libarchive package and not the libarchive package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

Remediation

Upgrade Centos:8 libarchive to version 0:3.3.3-6.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-5914
• https://bugzilla.redhat.com/show_bug.cgi?id=2370861
• https://github.com/libarchive/libarchive/releases/tag/v3.8.0
• https://access.redhat.com/errata/RHSA-2025:14135
• https://github.com/libarchive/libarchive/pull/2598

NVD Description

Note: Versions mentioned in the description apply only to the upstream platform-python package and not the platform-python package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.

You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information.

Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.

Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-70.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-4330
• https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
• https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
• https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
• https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
• https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
• https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
• https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-libs package and not the python3-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.

You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using TarFile.extractall() or TarFile.extract() using the filter= parameter with a value of "data" or "tar". See the tarfile extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter  for more information.

Note that for Python 3.14 or later the default value of filter= changed from "no filtering" to `"data", so if you are relying on this new default behavior then your usage is also affected.

Note that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it's important to avoid installing source distributions with suspicious links.

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-70.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2025-4330
• https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f
• https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a
• https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a
• https://github.com/python/cpython/issues/135034
• https://github.com/python/cpython/pull/135037
• https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/
• https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da
• https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01
• https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9
• https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e
• https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a
• https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1

NVD Description

Note: Versions mentioned in the description apply only to the upstream less package and not the less package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.

Remediation

Upgrade Centos:8 less to version 0:530-3.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-48624
• https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144
• https://github.com/gwsw/less/compare/v605...v606
• https://greenwoodsoftware.com/less/
• https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html
• https://security.netapp.com/advisory/ntap-20240605-0010/

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-225.el8_8.6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4527
• http://www.openwall.com/lists/oss-security/2023/09/25/1
• https://access.redhat.com/errata/RHSA-2023:5455
• https://bugzilla.redhat.com/show_bug.cgi?id=2234712
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
• https://security.gentoo.org/glsa/202310-03
• https://security.netapp.com/advisory/ntap-20231116-0012/

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-225.el8_8.6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4527
• http://www.openwall.com/lists/oss-security/2023/09/25/1
• https://access.redhat.com/errata/RHSA-2023:5455
• https://bugzilla.redhat.com/show_bug.cgi?id=2234712
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
• https://security.gentoo.org/glsa/202310-03
• https://security.netapp.com/advisory/ntap-20231116-0012/

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-minimal-langpack package and not the glibc-minimal-langpack package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-225.el8_8.6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4527
• http://www.openwall.com/lists/oss-security/2023/09/25/1
• https://access.redhat.com/errata/RHSA-2023:5455
• https://bugzilla.redhat.com/show_bug.cgi?id=2234712
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
• https://security.gentoo.org/glsa/202310-03
• https://security.netapp.com/advisory/ntap-20231116-0012/

NVD Description

Note: Versions mentioned in the description apply only to the upstream platform-python package and not the platform-python package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

Remediation

Upgrade Centos:8 platform-python to version 0:3.6.8-62.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-0450
• http://www.openwall.com/lists/oss-security/2024/03/20/5
• https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85
• https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba
• https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675
• https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51
• https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549
• https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183
• https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b
• https://github.com/python/cpython/issues/109858
• https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html
• https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/
• https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/
• https://security.netapp.com/advisory/ntap-20250411-0005/
• https://www.bamsoftware.com/hacks/zipbomb/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3-libs package and not the python3-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

An issue was found in the CPython zipfile module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.

The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

Remediation

Upgrade Centos:8 python3-libs to version 0:3.6.8-62.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-0450
• http://www.openwall.com/lists/oss-security/2024/03/20/5
• https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85
• https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba
• https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675
• https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51
• https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549
• https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183
• https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b
• https://github.com/python/cpython/issues/109858
• https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html
• https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/
• https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/
• https://security.netapp.com/advisory/ntap-20250411-0005/
• https://www.bamsoftware.com/hacks/zipbomb/

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-225.el8_8.6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4813
• http://www.openwall.com/lists/oss-security/2023/10/03/8
• https://security.netapp.com/advisory/ntap-20231110-0003/
• https://access.redhat.com/errata/RHBA-2024:2413
• https://access.redhat.com/errata/RHSA-2023:5455
• https://bugzilla.redhat.com/show_bug.cgi?id=2237798

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-225.el8_8.6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4806
• http://www.openwall.com/lists/oss-security/2023/10/03/4
• http://www.openwall.com/lists/oss-security/2023/10/03/5
• http://www.openwall.com/lists/oss-security/2023/10/03/6
• http://www.openwall.com/lists/oss-security/2023/10/03/8
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
• https://security.gentoo.org/glsa/202310-03
• https://security.netapp.com/advisory/ntap-20240125-0008/
• https://access.redhat.com/errata/RHBA-2024:2413
• https://access.redhat.com/errata/RHSA-2023:5455
• https://bugzilla.redhat.com/show_bug.cgi?id=2237782

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-225.el8_8.6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4813
• http://www.openwall.com/lists/oss-security/2023/10/03/8
• https://security.netapp.com/advisory/ntap-20231110-0003/
• https://access.redhat.com/errata/RHBA-2024:2413
• https://access.redhat.com/errata/RHSA-2023:5455
• https://bugzilla.redhat.com/show_bug.cgi?id=2237798

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-225.el8_8.6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4806
• http://www.openwall.com/lists/oss-security/2023/10/03/4
• http://www.openwall.com/lists/oss-security/2023/10/03/5
• http://www.openwall.com/lists/oss-security/2023/10/03/6
• http://www.openwall.com/lists/oss-security/2023/10/03/8
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
• https://security.gentoo.org/glsa/202310-03
• https://security.netapp.com/advisory/ntap-20240125-0008/
• https://access.redhat.com/errata/RHBA-2024:2413
• https://access.redhat.com/errata/RHSA-2023:5455
• https://bugzilla.redhat.com/show_bug.cgi?id=2237782

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-minimal-langpack package and not the glibc-minimal-langpack package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-225.el8_8.6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4813
• http://www.openwall.com/lists/oss-security/2023/10/03/8
• https://security.netapp.com/advisory/ntap-20231110-0003/
• https://access.redhat.com/errata/RHBA-2024:2413
• https://access.redhat.com/errata/RHSA-2023:5455
• https://bugzilla.redhat.com/show_bug.cgi?id=2237798

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-minimal-langpack package and not the glibc-minimal-langpack package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nss_gethostbyname2_r and nss_getcanonname_r hooks without implementing the nss*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-225.el8_8.6 or higher.

References

• https://access.redhat.com/security/cve/CVE-2023-4806
• http://www.openwall.com/lists/oss-security/2023/10/03/4
• http://www.openwall.com/lists/oss-security/2023/10/03/5
• http://www.openwall.com/lists/oss-security/2023/10/03/6
• http://www.openwall.com/lists/oss-security/2023/10/03/8
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/
• https://security.gentoo.org/glsa/202310-03
• https://security.netapp.com/advisory/ntap-20240125-0008/
• https://access.redhat.com/errata/RHBA-2024:2413
• https://access.redhat.com/errata/RHSA-2023:5455
• https://bugzilla.redhat.com/show_bug.cgi?id=2237782

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssl-libs package and not the openssl-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

Remediation

Upgrade Centos:8 openssl-libs to version 1:1.1.1k-9.el8_7 or higher.

References

• https://access.redhat.com/security/cve/CVE-2022-4304
• https://access.redhat.com/errata/RHSA-2023:1405
• https://security.gentoo.org/glsa/202402-08
• https://www.openssl.org/news/secadv/20230207.txt

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Remediation

Upgrade Centos:8 systemd to version 0:239-45.el8_4.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2021-33910
• https://www.debian.org/security/2021/dsa-4942
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
• https://security.gentoo.org/glsa/202107-48
• http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
• https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b
• https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9
• https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
• https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
• https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538
• https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61
• https://www.openwall.com/lists/oss-security/2021/07/20/2
• http://www.openwall.com/lists/oss-security/2021/08/04/2
• http://www.openwall.com/lists/oss-security/2021/08/17/3
• http://www.openwall.com/lists/oss-security/2021/09/07/3
• https://access.redhat.com/errata/RHSA-2021:2717
• https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
• https://security.netapp.com/advisory/ntap-20211104-0008/

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd-libs package and not the systemd-libs package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Remediation

Upgrade Centos:8 systemd-libs to version 0:239-45.el8_4.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2021-33910
• https://www.debian.org/security/2021/dsa-4942
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
• https://security.gentoo.org/glsa/202107-48
• http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
• https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b
• https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9
• https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
• https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
• https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538
• https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61
• https://www.openwall.com/lists/oss-security/2021/07/20/2
• http://www.openwall.com/lists/oss-security/2021/08/04/2
• http://www.openwall.com/lists/oss-security/2021/08/17/3
• http://www.openwall.com/lists/oss-security/2021/09/07/3
• https://access.redhat.com/errata/RHSA-2021:2717
• https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
• https://security.netapp.com/advisory/ntap-20211104-0008/

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd-pam package and not the systemd-pam package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Remediation

Upgrade Centos:8 systemd-pam to version 0:239-45.el8_4.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2021-33910
• https://www.debian.org/security/2021/dsa-4942
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
• https://security.gentoo.org/glsa/202107-48
• http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
• https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b
• https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9
• https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
• https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
• https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538
• https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61
• https://www.openwall.com/lists/oss-security/2021/07/20/2
• http://www.openwall.com/lists/oss-security/2021/08/04/2
• http://www.openwall.com/lists/oss-security/2021/08/17/3
• http://www.openwall.com/lists/oss-security/2021/09/07/3
• https://access.redhat.com/errata/RHSA-2021:2717
• https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
• https://security.netapp.com/advisory/ntap-20211104-0008/

NVD Description

Note: Versions mentioned in the description apply only to the upstream systemd-udev package and not the systemd-udev package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash.

Remediation

Upgrade Centos:8 systemd-udev to version 0:239-45.el8_4.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2021-33910
• https://www.debian.org/security/2021/dsa-4942
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
• https://security.gentoo.org/glsa/202107-48
• http://packetstormsecurity.com/files/163621/Sequoia-A-Deep-Root-In-Linuxs-Filesystem-Layer.html
• https://github.com/systemd/systemd/commit/b34a4f0e6729de292cb3b0c03c1d48f246ad896b
• https://github.com/systemd/systemd/pull/20256/commits/441e0115646d54f080e5c3bb0ba477c892861ab9
• https://github.com/systemd/systemd-stable/commit/4a1c5f34bd3e1daed4490e9d97918e504d19733b
• https://github.com/systemd/systemd-stable/commit/764b74113e36ac5219a4b82a05f311b5a92136ce
• https://github.com/systemd/systemd-stable/commit/b00674347337b7531c92fdb65590ab253bb57538
• https://github.com/systemd/systemd-stable/commit/cfd14c65374027b34dbbc4f0551456c5dc2d1f61
• https://www.openwall.com/lists/oss-security/2021/07/20/2
• http://www.openwall.com/lists/oss-security/2021/08/04/2
• http://www.openwall.com/lists/oss-security/2021/08/17/3
• http://www.openwall.com/lists/oss-security/2021/09/07/3
• https://access.redhat.com/errata/RHSA-2021:2717
• https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2LSDMHAKI4LGFOCSPXNVVSEWQFAVFWR7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
• https://security.netapp.com/advisory/ntap-20211104-0008/

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

nscd: Null pointer crashes after notfound response

If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Centos:8 glibc to version 0:2.28-251.el8_10.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-33600
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0013/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-common package and not the glibc-common package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

nscd: Null pointer crashes after notfound response

If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Centos:8 glibc-common to version 0:2.28-251.el8_10.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-33600
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0013/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006

NVD Description

Note: Versions mentioned in the description apply only to the upstream glibc-minimal-langpack package and not the glibc-minimal-langpack package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

nscd: Null pointer crashes after notfound response

If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd.

This vulnerability is only present in the nscd binary.

Remediation

Upgrade Centos:8 glibc-minimal-langpack to version 0:2.28-251.el8_10.2 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-33600
• http://www.openwall.com/lists/oss-security/2024/07/22/5
• https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html
• https://security.netapp.com/advisory/ntap-20240524-0013/
• https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Centos. See How to fix? for Centos:8 relevant fixed versions and status.

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Remediation

Upgrade Centos:8 pam to version 0:1.3.1-36.el8_10 or higher.

References

• https://access.redhat.com/security/cve/CVE-2024-10041
• https://bugzilla.redhat.com/show_bug.cgi?id=2319212
• https://access.redhat.com/errata/RHSA-2024:10379