CoreOS Security Update (MINDBREEZE29833)

Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: 8.4 High 
Status: Final 
First published: March 18, 2024 
CVEs: CVE-2023-48795, CVE-2023-6246, CVE-2023-6779, CVE-2023-6780, CVE-2023-50495, CVE-2023-6111, CVE-2023-2602, CVE-2023-2603, CVE-2023-48795, CVE-2023-51385 


  • openssh: Prefix truncation attack on Binary Packet Protocol (BPP)
  • openssh: potential command injection via shell metacharacters
  • glibc: heap-based buffer overflow in __vsyslog_internal()
  • glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()
  • glibc: integer overflow in __vsyslog_internal()
  • kernel: netfilter: use-after-free when removing catchall element in GC sync path
  • ncurses: segmentation fault via _nc_wrap_entry()
  • libcap: Memory Leak on pthread_create() Error
  • libcap: Integer Overflow in _libcap_strdup()


Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

  • Mindbreeze InSpire 24.1 Release 
  • Mindbreeze InSpire SaaS 24.1 Release