CoreOS Security Update 38.20230918.3.0 (MINDBREEZE28907)

ID: MINDBREEZE28907 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: 7.8 High 
Status: Final 
First published: November 29, 2023 
CVEs: CVE-2023-4016, CVE-2023-4563, CVE-2023-4244, CVE-2023-4911 

Summary

• ps buffer overflow
• Use-after-free in nft_verdict_dump due to a race between set GC and transaction
• buffer overflow in ld.so possibly leading to privilege escalation

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 23.6 HF2 Release 
• Mindbreeze InSpire SaaS 23.6 HF2 Release