Msrc Azure Linux 3.0 X64 vulnerabilities

CVE-2023-5764 [HIGH] CWE-1336 Ansible: template injection Ansible: template injection FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transpa

CVE-2023-6337 [HIGH] CWE-770 Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep

CVE-2023-2861 [MEDIUM] CWE-284 Qemu: 9pfs: improper access control on special files Qemu: 9pfs: improper access control on special files FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the di

CVE-2023-6932 [HIGH] CWE-416 Use-after-free in Linux kernel's ipv4: igmp component Use-after-free in Linux kernel's ipv4: igmp component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the di

CVE-2023-51764 [MEDIUM] CWE-345 Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in rec Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation te

CVE-2023-46218 [MEDIUM] This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that the This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do

CVE-2023-48795 [MEDIUM] CWE-354 The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from th The SSH transport protocol with certain OpenSSH extensions found in OpenSSH before 9.6 and other products allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message) and a client and server may conseq

CVE-2023-45866 [HIGH] CWE-287 Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection and accept HID keyboard reports potentially permitting injection Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection and accept HID keyboard reports potentially permitting injection of HID messages when no user interaction has occurred in the Central

CVE-2023-5115 [MEDIUM] CWE-36 Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and mo

CVE-2023-49990 [MEDIUM] CWE-120 Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c. Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the co

CVE-2023-6507 [MEDIUM] CWE-269 Groups not dropped before running subprocess when using empty 'extra_groups' parameter Groups not dropped before running subprocess when using empty 'extra_groups' parameter FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and

CVE-2023-46219 [MEDIUM] CWE-311 When saving HSTS data to an excessively long file name curl could end up removing all contents making subsequent requests using that file unaware of the HSTS status they should otherwise use. When saving HSTS data to an excessively long file name curl could end up removing all contents making subsequent requests using that file unaware of the HSTS status they should otherwise use. FAQ: Is Azure Linux the only Microsoft product that includes this open-source libra

CVE-2023-51385 [MEDIUM] CWE-78 In ssh in OpenSSH before 9.6 OS command injection might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example In ssh in OpenSSH before 9.6 OS command injection might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example an untrusted Git repository can have a submodule with shell metachar

CVE-2023-51384 [MEDIUM] In ssh-agent in OpenSSH before 9.6 certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys these constrai In ssh-agent in OpenSSH before 9.6 certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys these constraints are only applied to the first key even if a PKCS#11 token returns multi

CVE-2023-6111 [HIGH] CWE-416 Use-after-free in Linux kernel's netfilter: nf_tables component Use-after-free in Linux kernel's netfilter: nf_tables component FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source librari

CVE-2023-5528 [HIGH] CWE-20 Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the

CVE-2023-48161 [HIGH] CWE-787 Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerabi

CVE-2023-47234 [HIGH] An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory p An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). FAQ: Is Azure Linux the only Microsoft product that include

CVE-2023-5408 [HIGH] CWE-269 Openshift: modification of node role labels Openshift: modification of node role labels FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Mi

CVE-2023-47235 [HIGH] An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed because the presence of EOR does not lead to a treat-as-withdraw An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed because the presence of EOR does not lead to a treat-as-withdraw outcome. FAQ: Is Azure Linux the only Microsoft product that includes this o