Msrc Azl3 Rpm-Ostree 2022.1-7 On Azure Linux 3.0 vulnerabilities

CVE-2024-27308 [HIGH] CWE-416 Mio's tokens for named pipes may be delivered after deregistration Mio's tokens for named pipes may be delivered after deregistration FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2022-47085 [HIGH] An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs. An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially af

CVE-2023-34411 [HIGH] CWE-611 The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9 The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to

CVE-2023-26964 [HIGH] CWE-770 An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Den An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Denial of Service (DoS). FAQ: Is Azure Linux the only Microsoft product

CVE-2022-31394 [HIGH] CWE-770 Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software allowing attackers to perform HTTP2 attacks. Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software allowing attackers to perform HTTP2 attacks. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affect

CVE-2023-22466 [MEDIUM] CWE-665 Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th

CVE-2022-24713 [HIGH] CWE-1333 Regular expression denial of service in Rust's regex crate Regular expression denial of service in Rust's regex crate FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2022-23639 [HIGH] CWE-362 Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment t

CVE-2021-45707 [CRITICAL] CWE-787 An issue was discovered in the nix crate 0.16.0 and later before 0.20.2 0.21.x before 0.21.2 and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more tha An issue was discovered in the nix crate 0.16.0 and later before 0.20.2 0.21.x before 0.21.2 and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups. FAQ: Is Azure Linux the only Microsoft

CVE-2021-32714 [MEDIUM] CWE-190 Integer Overflow in Chunked Transfer-Encoding Integer Overflow in Chunked Transfer-Encoding FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2021-32715 [LOW] CWE-444 Lenient Parsing of Content-Length Header When Prefixed with Plus Sign Lenient Parsing of Content-Length Header When Prefixed with Plus Sign FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open so