Security Updates Delivered with ASCG v3.0
Dear Brocade Customer:
This Advisory aims to inform you of Brocade ASCG security updates in Brocade ASCG v3.0. Please review the recently posted security advisories listed here:
Updated Security Advisories to show these are now addressed in Brocade ASCG v3.0
Newly Posted Security Advisories for Brocade ASCG v3.0
CVE-2023-29491 A vulnerability was found in ncurses and occurs when used by a setuid application
CVE-2020-13776 A flaw was found in systemd, where it mishandles numerical usernames beginning with decimal digits, or "0x" followed by hexadecimal digits.
CVE-2023-5648 Several security-related HTTP Headers were missing
CVE-2014-9471 The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code
CVE-2023-38408 The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution
CVE-2021-3421 flaw in the RPM package in the read functionality
If you have any questions about any of these Advisories, please contact Brocade Security.
Thank you,
Brocade Product Security
Revision History
Version |
Change |
Date |
1.0 |
Initial Publication |
November 7, 2023 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.