Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2023-52425 [HIGH] CWE-400 libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is

CVE-2023-6516 [HIGH] CWE-770 Specific recursive query patterns may lead to an out-of-memory condition Specific recursive query patterns may lead to an out-of-memory condition FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the o

CVE-2024-26461 [HIGH] CWE-770 Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep

CVE-2023-4408 [HIGH] Parsing large DNS messages may cause excessive CPU load Parsing large DNS messages may cause excessive CPU load FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro

CVE-2024-26585 [MEDIUM] CWE-362 tls: fix race between tx work scheduling and socket close tls: fix race between tx work scheduling and socket close FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with w

CVE-2024-25629 [MEDIUM] CWE-125 c-ares out of bounds read in ares__read_line() c-ares out of bounds read in ares__read_line() FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is com

CVE-2024-22365 [MEDIUM] linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentiall

CVE-2024-0690 [MEDIUM] CWE-116 Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration Ansible-core: possible information leak in tasks that ignore ansible_no_log configuration FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rece

CVE-2024-26458 [MEDIUM] Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secur

CVE-2024-26462 [MEDIUM] CWE-401 Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most rec

CVE-2023-52429 [MEDIUM] CWE-754 dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes and crash because of a missing check for struct dm_ioctl.t dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes and crash because of a missing check for struct dm_ioctl.target_count. FAQ: Is Azure Linux the only Microsoft product that i

CVE-2023-52426 [MEDIUM] CWE-776 libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up t

CVE-2024-0684 [MEDIUM] CWE-787 Coreutils: heap overflow in split --line-bytes with very long lines Coreutils: heap overflow in split --line-bytes with very long lines FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open sour

CVE-2024-1151 [MEDIUM] CWE-787 Kernel: stack overflow problem in open vswitch kernel module leading to dos Kernel: stack overflow problem in open vswitch kernel module leading to dos FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions

CVE-2023-6935 [MEDIUM] CWE-203 Marvin Attack vulnerability in SP Math All RSA Marvin Attack vulnerability in SP Math All RSA FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is comp

CVE-2024-24758 [LOW] CWE-200 Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secu

CVE-2024-26596 [MEDIUM] net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versio

CVE-2024-26583 [MEDIUM] CWE-362 tls: fix race between async notify and socket close tls: fix race between async notify and socket close FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the dis

CVE-2024-0853 [MEDIUM] CWE-295 OCSP verification bypass with TLS session reuse OCSP verification bypass with TLS session reuse FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is co

CVE-2024-25620 [MEDIUM] CWE-22 Dependency management path traversal in helm Dependency management path traversal in helm FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed