---

Log

AVG-2833 created at 27 Feb 2023 22:14:07
Packages	+ glibc + lib32-glibc
Issues	+ CVE-2023-25139
Status	+ Fixed
Severity	+ Unknown
Affected	+ 2.37-1
Fixed	+ 2.37-2
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2023-25139 created at 27 Feb 2023 22:14:07

CVE-2023-25136 edited at 27 Feb 2023 22:07:26
Remote	- Unknown + Remote
Description	+ pre-authentication double-free in unpriviledged sandboxed client process when the connecting clients banner causes the SSH_OLD_DHGEX to be set on the server
References	+ https://www.openwall.com/lists/oss-security/2023/02/02/2 + https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 + https://bugzilla.mindrot.org/show_bug.cgi?id=3522
Notes	+ introduced in 9.1, actual exploitability still being investigated

AVG-2832 created at 27 Feb 2023 21:58:15
Packages	+ openssh
Issues	+ CVE-2023-25136
Status	+ Fixed
Severity	+ Unknown
Affected	+ 9.1p1-3
Fixed	+ 9.2p1-1
Ticket
Advisory qualified	+ No
References
Notes

CVE-2023-25136 created at 27 Feb 2023 21:58:15

AVG-2831 edited at 27 Feb 2023 21:54:43
Status	- Unknown + Fixed

AVG-2831 created at 27 Feb 2023 21:54:24
Packages	+ tomcat8
Issues	+ CVE-2023-24998
Status	+ Unknown
Severity	+ Medium
Affected	+ 8.5.84-1
Fixed	+ 8.5.85-1
Ticket
Advisory qualified	+ No
References
Notes

CVE-2023-2499 deleted at 27 Feb 2023 21:52:29
Severity	- Unknown
Remote	- Unknown
Type	- Unknown
Description
References
Notes

AVG-2830 edited at 27 Feb 2023 21:52:18
Issues	- CVE-2023-2499 + CVE-2023-24998
Severity	- Unknown + Medium

AVG-2830 created at 27 Feb 2023 21:51:59
Packages	+ tomcat9
Issues	+ CVE-2023-2499
Status	+ Fixed
Severity	+ Unknown
Affected	+ 9.0.70-1
Fixed	+ 9.0.71-1
Ticket
Advisory qualified	+ No
References
Notes

CVE-2023-2499 created at 27 Feb 2023 21:51:59

AVG-2829 edited at 27 Feb 2023 21:50:40
Severity	- Unknown + Medium

CVE-2023-24998 edited at 27 Feb 2023 21:50:40
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ a packaged renamed copy of Apache Commons FileUpload packaged in tomcat was vulnerable to denial of service triggered by a malicious upload or series of uploads
References	+ https://seclists.org/oss-sec/2023/q1/108
Notes	+ source does not specify severity (yet) but DoS is usually medium so I'm putting medium here

AVG-2829 created at 27 Feb 2023 21:44:00
Packages	+ tomcat10
Issues	+ CVE-2023-24998
Status	+ Fixed
Severity	+ Unknown
Affected	+ 10.1.4-1
Fixed	+ 10.1.5-1
Ticket
Advisory qualified	+ No
References
Notes

CVE-2023-24998 created at 27 Feb 2023 21:44:00