Msrc Azure Linux 3.0 Arm vulnerabilities

CVE-2023-2977 [HIGH] CWE-125 A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 con A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer

CVE-2023-34411 [HIGH] CWE-611 The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9 The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to

CVE-2023-34241 [MEDIUM] CWE-416 CUPS vulnerable to use-after-free in cupsdAcceptClient() CUPS vulnerable to use-after-free in cupsdAcceptClient() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with whi

CVE-2023-2816 [HIGH] CWE-266 Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versi

CVE-2023-32324 [HIGH] CWE-787 OpenPrinting CUPS vulnerable to heap buffer overflow OpenPrinting CUPS vulnerable to heap buffer overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2023-33460 [MEDIUM] CWE-401 There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to

CVE-2023-2253 [MEDIUM] CWE-770 A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows A flaw was found in the `/v2/_catalog` endpoint in distribution/distribution which accepts a parameter to control the maximum number of records returned (query string: `n`). This vulnerability allows a malicious user to submit an unreasonably large value for `n` causi

CVE-2023-32732 [MEDIUM] CWE-440 Denial-of-Service in gRPC Denial-of-Service in gRPC FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpare

CVE-2023-32067 [HIGH] CWE-400 0-byte UDP payload DoS in c-ares 0-byte UDP payload DoS in c-ares FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed

CVE-2023-28319 [HIGH] CWE-416 A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails libcurl would free the memory A use after free vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distr

CVE-2023-28321 [MEDIUM] CWE-295 An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl An improper certificate validation vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use t

CVE-2023-2700 [MEDIUM] CWE-401 A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtual A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup. FAQ: I

CVE-2023-2650 [MEDIUM] CWE-770 Possible DoS translating ASN.1 object identifiers Possible DoS translating ASN.1 object identifiers FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro i

CVE-2023-1981 [MEDIUM] CWE-400 A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call causing the avahi daemon to crash. A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call causing the avahi daemon to crash. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our custome

CVE-2023-28322 [LOW] CWE-200 An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send even when t An information disclosure vulnerability exists in curl Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Lin

CVE-2023-31975 [LOW] CWE-401 yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy. FAQ: Is Azure Linux the only Microsoft product

CVE-2023-1668 [HIGH] CWE-670 A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0 OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel a A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0 OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP p

CVE-2023-26964 [HIGH] CWE-770 An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Den An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Denial of Service (DoS). FAQ: Is Azure Linux the only Microsoft product

CVE-2023-31084 [MEDIUM] An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event wait_event_interrupti An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event wait_event_interruptible is called; the condition is dvb_frontend_test_event(feprivevents). In d

CVE-2023-0225 [MEDIUM] CWE-732 A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore p