{ "document": { "aggregate_severity": { "text": "High" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos8.5els/vex/2023/cve-2023-39325-els_os-centos8_5els.json" } ], "tracking": { "current_release_date": "2026-04-08T20:10:00Z", "generator": { "date": "2026-04-08T20:11:08Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2023-39325-ELS_OS-CENTOS8.5ELS", "initial_release_date": "2023-10-11T22:15:00Z", "revision_history": [ { "date": "2023-10-11T22:15:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-08T20:10:00Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2023-39325" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8.5", "product": { "name": "Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8.5:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "product": { "name": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "product_id": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libstdc++-devel@8.5.0-4.el8_5.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "product": { "name": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "product_id": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libstdc++-devel@8.5.0-4.el8_5.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product": { "name": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product_id": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam@1.3.1-15.el8.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product": { "name": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product_id": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam@1.3.1-15.el8.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product_id": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam-devel@1.3.1-15.el8.tuxcare.els2?arch=x86_64" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product_id": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam-devel@1.3.1-15.el8.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "pam-0:1.3.1-15.el8.tuxcare.els1.i686", "product": { "name": "pam-0:1.3.1-15.el8.tuxcare.els1.i686", "product_id": "pam-0:1.3.1-15.el8.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam@1.3.1-15.el8.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "pam-0:1.3.1-15.el8.tuxcare.els2.i686", "product": { "name": "pam-0:1.3.1-15.el8.tuxcare.els2.i686", "product_id": "pam-0:1.3.1-15.el8.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam@1.3.1-15.el8.tuxcare.els2?arch=i686" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "product": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "product_id": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam-devel@1.3.1-15.el8.tuxcare.els2?arch=i686" } } }, { "category": "product_version", "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "product": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "product_id": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/cloudlinux/pam-devel@1.3.1-15.el8.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "CloudLinux" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686" }, "product_reference": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64" }, "product_reference": "libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64" }, "product_reference": "pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.tuxcare.els1.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686" }, "product_reference": "pam-0:1.3.1-15.el8.tuxcare.els1.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64" }, "product_reference": "pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-0:1.3.1-15.el8.tuxcare.els2.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686" }, "product_reference": "pam-0:1.3.1-15.el8.tuxcare.els2.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686" }, "product_reference": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64" }, "product_reference": "pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64" }, "product_reference": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "relates_to_product_reference": "CentOS-8.5" }, { "category": "default_component_of", "full_product_name": { "name": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686 as a component of Community Enterprise Operating System 8.5", "product_id": "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686" }, "product_reference": "pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "relates_to_product_reference": "CentOS-8.5" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-39325", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "description", "text": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" }, { "category": "other", "text": "TuxCare has assessed that this vulnerability does not impact any currently supported TuxCare products. This evaluation may change as new information becomes available. For additional details regarding this vulnerability and affected products, refer to the provided references.", "title": "Statement" } ], "product_status": { "known_not_affected": [ "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64" ], "under_investigation": [ "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-39325" }, { "category": "external", "summary": "https://go.dev/cl/534215", "url": "https://go.dev/cl/534215" }, { "category": "external", "summary": "https://go.dev/cl/534235", "url": "https://go.dev/cl/534235" }, { "category": "external", "summary": "https://go.dev/issue/63417", "url": "https://go.dev/issue/63417" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "url": "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202311-09", "url": "https://security.gentoo.org/glsa/202311-09" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20231110-0008/", "url": "https://security.netapp.com/advisory/ntap-20231110-0008/" } ], "release_date": "2023-10-11T22:15:00Z", "remediations": [ { "category": "none_available", "details": "Affected", "product_ids": [ "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-0:1.3.1-15.el8.tuxcare.els2.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els1.x86_64", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.i686", "CentOS-8.5:pam-devel-0:1.3.1-15.el8.tuxcare.els2.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" }, { "category": "impact", "details": "important", "product_ids": [ "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.i686", "CentOS-8.5:libstdc++-devel-0:8.5.0-4.el8_5.tuxcare.els1.x86_64" ] } ] } ] }