CoreOS Security Update 38.20230918.3.0 (MINDBREEZE28907)
ID: MINDBREEZE28907
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS
Severity: 7.8 High
Status: Final
First published: November 29, 2023
CVEs: CVE-2023-4016, CVE-2023-4563, CVE-2023-4244, CVE-2023-4911
Summary
- ps buffer overflow
- Use-after-free in nft_verdict_dump due to a race between set GC and transaction
- buffer overflow in ld.so possibly leading to privilege escalation
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
- Mindbreeze InSpire 23.6 HF2 Release
- Mindbreeze InSpire SaaS 23.6 HF2 Release