Msrc Azl3 Rpm-Ostree 2024.4-1 On Azure Linux 3.0 vulnerabilities

CVE-2024-27308 [HIGH] CWE-416 Mio's tokens for named pipes may be delivered after deregistration Mio's tokens for named pipes may be delivered after deregistration FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2023-26964 [HIGH] CWE-770 An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Den An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Denial of Service (DoS). FAQ: Is Azure Linux the only Microsoft product

CVE-2022-24713 [HIGH] CWE-1333 Regular expression denial of service in Rust's regex crate Regular expression denial of service in Rust's regex crate FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with

CVE-2022-23639 [HIGH] CWE-362 Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils Improper Restriction of Operations within the Bounds of a Memory Buffer and Race Condition in crossbeam-utils FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment t

CVE-2021-45707 [CRITICAL] CWE-787 An issue was discovered in the nix crate 0.16.0 and later before 0.20.2 0.21.x before 0.21.2 and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more tha An issue was discovered in the nix crate 0.16.0 and later before 0.20.2 0.21.x before 0.21.2 and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups. FAQ: Is Azure Linux the only Microsoft

CVE-2021-32714 [MEDIUM] CWE-190 Integer Overflow in Chunked Transfer-Encoding Integer Overflow in Chunked Transfer-Encoding FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2021-32715 [LOW] CWE-444 Lenient Parsing of Content-Length Header When Prefixed with Plus Sign Lenient Parsing of Content-Length Header When Prefixed with Plus Sign FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open so