CoreOS Security Update 38.20230709.3.0 (MINDBREEZE27758)

ID: MINDBREEZE27758
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS
Severity: 7.8 High
Status: Final
First published: September 29, 2023
CVEs: CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-28321, CVE-2023-28322, CVE-2023-2124, CVE-2023-35001, CVE-2023-31248

Summary

openssl: Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)
openssl: Denial of service by excessive resource usage in verifying X509 policy constraints (CVE-2023-0464)
openssl: Invalid certificate policies in leaf certificates are silently ignored (CVE-2023-0465)
openssl: Certificate policy check not enabled (CVE-2023-0466)
curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
curl: more POST-after-PUT confusion (CVE-2023-28322)
kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)
kernel: stack-out-of-bounds-read in nft_byteorder_eval() (CVE-2023-35001)
kernel: use-after-free in nft_chain_lookup_byid() (CVE-2023-31248)

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

Mindbreeze InSpire 23.5 Release
Mindbreeze InSpire SaaS 23.5 Release

CoreOS Security Update 38.20230709.3.0 (MINDBREEZE27758)

Summary

Social Media

Security

Support

Newsletter

Language