CoreOS Security Update (MINDBREEZE29833)

ID: MINDBREEZE29833
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS
Severity: 8.4 High
Status: Final
First published: March 18, 2024
CVEs: CVE-2023-48795, CVE-2023-6246, CVE-2023-6779, CVE-2023-6780, CVE-2023-50495, CVE-2023-6111, CVE-2023-2602, CVE-2023-2603, CVE-2023-48795, CVE-2023-51385

Summary

openssh: Prefix truncation attack on Binary Packet Protocol (BPP)
openssh: potential command injection via shell metacharacters
glibc: heap-based buffer overflow in __vsyslog_internal()
glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()
glibc: integer overflow in __vsyslog_internal()
kernel: netfilter: use-after-free when removing catchall element in GC sync path
ncurses: segmentation fault via _nc_wrap_entry()
libcap: Memory Leak on pthread_create() Error
libcap: Integer Overflow in _libcap_strdup()

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

Mindbreeze InSpire 24.1 Release
Mindbreeze InSpire SaaS 24.1 Release

CoreOS Security Update (MINDBREEZE29833)

Summary

Social Media

Security

Support

Newsletter

Language