Security Updates Delivered with ASCG v3.0

Brocade Support Link

0 more products

22786

08 November 2023

07 November 2023

CLOSED

HIGH

Dear Brocade Customer:

This Advisory aims to inform you of Brocade ASCG security updates in Brocade ASCG v3.0.  Please review the recently posted security advisories listed here:

 

Updated Security Advisories to show these are now addressed in Brocade ASCG v3.0

Newly Posted Security Advisories for Brocade ASCG v3.0

https://support.broadcom.com/external/content/SecurityAdvisories/0/22702
CVE-2023-29491    A vulnerability was found in ncurses and occurs when used by a setuid application
 
https://support.broadcom.com/external/content/SecurityAdvisories/0/22703
CVE-2020-13776    A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits.
 
CVE-2020-12655    A flaw was discovered in the XFS source in the Linux kernel
 
CVE-2023-32233   User-after-free vulnerability in Netfilter
 
https://support.broadcom.com/external/content/SecurityAdvisories/0/22715
CVE-2023-5648    Several security-related HTTP Headers were missing
 
CVE-2023-5649    An Improper Input Validation vulnerability for the registered case credentials
 
CVE-2019-11254    YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML
 
CVE-2022-22576    An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0
 
CVE-2015-4042     Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23
 
https://support.broadcom.com/external/content/SecurityAdvisories/0/22720
CVE-2014-9471   The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code
 
https://support.broadcom.com/external/content/SecurityAdvisories/0/22721
CVE-2023-38408   The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution
 
CVE-2020-15778    scp functionality in OpenSSH is vulnerable to command injection via backtick characters
 
CVE-2022-44793     handle_ipv6IpForwarding in Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug
 
https://support.broadcom.com/external/content/SecurityAdvisories/0/22771
CVE-2021-3421      flaw in the RPM package in the read functionality
 
CVE-2022-35252    Curl is vulnerable to a denial-of-service (DoS) issue
 
CVE-2023-20900, CVE-2023-35001, CVE-2023-4004, CVE-2023-3390, CVE-2023-3776, CVE-2023-3090, CVE-2023-35788, CVE-2023-20593, CVE-2023-2002
Applying Rocky Linux security update RLSA-2023:5312 and Rocky Linux security update RLSA-2023:5244
 

If you have any questions about any of these Advisories, please contact Brocade Security.
 
Thank you,

Brocade Product Security

 

 

Revision History

Version

Change

Date

1.0

Initial Publication

 November 7, 2023

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.