Msrc Cbl2 Rpm-Ostree 2022.1-7 On Cbl Mariner 2.0 vulnerabilities

CVE-2023-53159 [MEDIUM] CWE-126 The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host. The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Li

CVE-2025-24898 [MEDIUM] CWE-416 rust openssl ssl::select_next_proto use after free rust openssl ssl::select_next_proto use after free FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2024-27308 [HIGH] CWE-416 Mio's tokens for named pipes may be delivered after deregistration Mio's tokens for named pipes may be delivered after deregistration FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source

CVE-2023-26964 [HIGH] CWE-770 An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Den An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Denial of Service (DoS). FAQ: Is Azure Linux the only Microsoft product

CVE-2023-22466 [MEDIUM] CWE-665 Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe Tokio's reject_remote_clients configuration may get dropped when creating a Windows named pipe FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with th