From 0898a210d6a6a56a8f0e07cebf8de74b7354a607 Mon Sep 17 00:00:00 2001 From: Karl Cardenas Date: Tue, 16 Jul 2024 08:48:18 -0700 Subject: [PATCH] docs: updated --- .gitignore | 3 +++ docs/docs-content/security-bulletins/cve-reports.md | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 41bd8081b1..276028fd8f 100644 --- a/.gitignore +++ b/.gitignore @@ -70,6 +70,9 @@ artifact.zip # Ignore _partials/index.ts _partials/index.ts +# Ignore statoc/img/packs +static/img/packs + .vale-config/ vale/styles/spectrocloud/ diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md index b85e30c8cd..1a933d8477 100644 --- a/docs/docs-content/security-bulletins/cve-reports.md +++ b/docs/docs-content/security-bulletins/cve-reports.md @@ -28,10 +28,12 @@ To fix all the vulnerabilities impacting your products, we recommends patching y regarding any third-party components. For vulnerabilities originating in our products, we will provide mitigations and workarounds where applicable - + | Impacted Product & Version | Vulnerability Type | Vulnerability Summary | CVE ID | CVSS Severity | | -------------------------- | ------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ------------------------------------------------------ | +| Palette 4.4.8 | Third-party component: PyYAML library through v5.4 | A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. | [CVE-2020-14343](https://nvd.nist.gov/vuln/detail/CVE-2020-14343) | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2020-14343) | | Palette 4.4.8 | Third-party component: Ubuntu | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | [CVE-2024-24790](https://ubuntu.com/security/CVE-2024-24790) | [9.8](https://ubuntu.com/security/CVE-2024-24790) | +| Palette 4.4.8 | Third-party component: Certif | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. | [CVE-2023-37920](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) | | Palette 4.4.8 | Third-party component: Github | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. | [CVE-2024-32002](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) | [9.0](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) | | Palette 4.4.8 | Third-party component: KRB5 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow) and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." | [CVE-2022-42898](https://nvd.nist.gov/vuln/detail/CVE-2022-42898) | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2022-42898) | | Palette 4.4.8 | Third-party component: CLI Tool runc | Runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier due to an internal file descriptor leak an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace allowing for a container escape by giving access to the host file system. | [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | @@ -42,7 +44,6 @@ workarounds where applicable | Palette 4.4.8 | Third-party component: Linux Kernel | In the Linux kernel the following vulnerability has been resolved: `bpf:` Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab the map may still be accessed by non-sleepable program or sleepable program. However `bpf_map_fd_put_ptr()` decreases the ref-counter of the inner map directly through `bpf_map_put()` if the ref-counter is the last one (which is true for most cases) the inner map will be freed by `ops->map_free()` in a kworker. But for now most `.map_free()` callbacks don't use synchronize_rcu() or its variants to wait for the elapse of a RCU grace period so after the invocation of ops->map_free completes the bpf program which is accessing the inner map may incur use-after-free problem. | [CVE-2023-52447](https://nvd.nist.gov/vuln/detail/CVE-2023-52447) | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-52447) | | Palette 4.4.8 | Third-party component: glibc library | A heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called or called with the ident argument set to NULL and the program name (the basename of argv[0]) is bigger than 1024 bytes resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. | [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | | Palette 4.4.8 | Third-party component: GNU C Library | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable | [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) | -| Palette 4.4.8 | Third-party component: Ubuntu | The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an “Expect: 100-continue” header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state | [CVE-2024-24791](https://ubuntu.com/security/CVE-2024-24791) | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-24791) | | Palette 4.4.8 | Third-party component: OpenSSL | The function `PEM_read_bio_ex()` reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE") any header data and the payload data. If the function succeeds then the "name_out" "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case `PEM_read_bio_ex()` will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. | [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) | | Palette 4.4.8 | Third-party component: Open-telemetry-Go | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0 the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. | [CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | | Palette 4.4.8 | Third-party component: glibc library | An off-by-one heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes leading to an incorrect calculation of the buffer size to store the message resulting in an application crash. This issue affects glibc 2.37 and newer. | [CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779) | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-6779) | @@ -60,3 +61,4 @@ workarounds where applicable | Palette 4.4.8 | Third-party component: Diffie-Hellman Key Agreement Protocol | The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size rather than an observation about numbers that are not public keys. | [CVE-2022-40735](https://nvd.nist.gov/vuln/detail/CVE-2022-40735) | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-40735) | | Palette 4.4.8 | Third-party component: OpenSSL | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. | [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) | | Palette 4.4.8 | Third-party component: Linux Kernel | A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The `aoecmd_cfg_pkts()` function improperly updates the refcnt on `struct net_device` and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. | [CVE-2023-6270](https://nvd.nist.gov/vuln/detail/CVE-2023-6270) | [7.0](https://nvd.nist.gov/vuln/detail/CVE-2023-6270) | +