Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.
Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.
There is no fixed version for Ubuntu:22.04 xz-utils.
There is no fixed version for Ubuntu:22.04 openssh.
Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu.
+ See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
+There is no fixed version for Ubuntu:22.04 libgcrypt20.
There is no fixed version for Ubuntu:22.04 krb5.
There is no fixed version for Ubuntu:22.04 krb5.
There is no fixed version for Ubuntu:22.04 krb5.
Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.
+Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.
Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.
Note:
+This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.
Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu.
- See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
-There is no fixed version for Ubuntu:22.04 expat.
There is no fixed version for Ubuntu:22.04 systemd.
There is no fixed version for Ubuntu:22.04 shadow.
There is no fixed version for Ubuntu:22.04 patch.
There is no fixed version for Ubuntu:22.04 ncurses.
There is no fixed version for Ubuntu:22.04 ncurses.
There is no fixed version for Ubuntu:22.04 krb5.
There is no fixed version for Ubuntu:22.04 gcc-12.
Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu.
- See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
-There is no fixed version for Ubuntu:22.04 bash.
Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.
Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.
Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.
There is no fixed version for Ubuntu:22.04 xz-utils.
There is no fixed version for Ubuntu:22.04 openssh.
Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu.
+ See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
+There is no fixed version for Ubuntu:22.04 libgcrypt20.
Note: Versions mentioned in the description apply only to the upstream less package and not the less package as distributed by Ubuntu.
+ See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.
+Upgrade Ubuntu:22.04 less to version 590-1ubuntu0.22.04.2 or higher.
There is no fixed version for Ubuntu:22.04 krb5.
There is no fixed version for Ubuntu:22.04 krb5.
There is no fixed version for Ubuntu:22.04 krb5.
golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
+Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.
Note:
+This issue is related to CVE-2023-44487
+Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.
golang.org/x/crypto/ssh is a SSH client and server
+Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.
+Note:
+Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.
+The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.
+Impact:
+While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.
Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.
Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.
Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu.
+ See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
+There is no fixed version for Ubuntu:22.04 gnutls28.
Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu.
+ See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.
+There is no fixed version for Ubuntu:22.04 gnutls28.
golang.org/x/crypto/ssh is a SSH client and server
-Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.
-Note:
-Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.
-The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.
-Impact:
-While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.
Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.
Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.
MPL-2.0 license
Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu.
+
Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
+A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
There is no fixed version for Ubuntu:22.04 expat.
Upgrade Ubuntu:22.04 bash to version 5.1-6ubuntu1.1 or higher.
There is no fixed version for Ubuntu:22.04 systemd.
There is no fixed version for Ubuntu:22.04 shadow.
Upgrade Ubuntu:22.04 shadow to version 1:4.8.1-2ubuntu2.2 or higher.
There is no fixed version for Ubuntu:22.04 patch.
Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.14 or higher.
There is no fixed version for Ubuntu:22.04 ncurses.
There is no fixed version for Ubuntu:22.04 ncurses.
There is no fixed version for Ubuntu:22.04 krb5.
There is no fixed version for Ubuntu:22.04 gcc-12.
Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu.
- See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
-There is no fixed version for Ubuntu:22.04 bash.
Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.
Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.
Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.
Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.
+Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.
+Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.
+One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.
+When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.
+Two common types of DoS vulnerabilities:
+High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
+Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package
Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.
Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.
Note: + This vulnerability is only exploitable on Windows OS.
+A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.
+Directory Traversal vulnerabilities can be generally divided into two types:
+st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.
If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.
+curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
+ Note %2e is the URL encoded version of . (dot).
Zip-Slip.One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.
The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:
2018-04-15 22:04:29 ..... 19 19 good.txt
+ 2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys
+ Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.
Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu.
+ See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
+There is no fixed version for Ubuntu:22.04 libgcrypt20.
Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.
Note:
+This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.
golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.
+Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.
Note:
+This issue is related to CVE-2023-44487
+Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.
golang.org/x/crypto/ssh is a SSH client and server
+Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.
+Note:
+Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.
+The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.
+Impact:
+While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.
Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.
Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.
Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu.
- See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
-There is no fixed version for Ubuntu:22.04 bash.
Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.
Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.
Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.
Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu.
- See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.
-There is no fixed version for Ubuntu:22.04 xz-utils.
Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu.
+
Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu.
See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.
+A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
There is no fixed version for Ubuntu:22.04 openssh.
There is no fixed version for Ubuntu:22.04 libgcrypt20.
golang.org/x/crypto/ssh is a SSH client and server
+Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.
+Note:
+Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.
+The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.
+Impact:
+While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.
Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.
Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.
Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu.
- See How to fix? for Ubuntu:22.04 relevant fixed versions and status.
A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.
-There is no fixed version for Ubuntu:22.04 bash.
Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.