CoreOS Security Update 38.20231027.3.1 (MINDBREEZE29501)

ID: MINDBREEZE29501 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: 7.8 High 
Status: Final 
First published: February 8, 2024 
CVEs: CVE-2023-5345, CVE-2023-42754, CVE-2023-42756 

Summary

• use-after-free vulnerability in the smb client component 
• NULL pointer dereference in ipv4_send_dest_unreach() 
• race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP 

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 23.7 Release 
• Mindbreeze InSpire SaaS 23.7 Release