-
Notifications
You must be signed in to change notification settings - Fork 665
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Glossary: added the new term chat-bot * Security: added 3 new security bulletins. * Translations updated. * Fixes and improvements.
- Loading branch information
1 parent
812232a
commit e6c272e
Showing
182 changed files
with
1,479 additions
and
920 deletions.
There are no files selected for viewing
45 changes: 45 additions & 0 deletions
45
en/_includes/security/security-bulletins/cve-2023-23583.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
## 28/12/2023: CVE-2023-23583 Reptar vulnerability in Ice Lake (IPU Out-of-Band) {#CVE-2023-23583} | ||
|
||
CVE ID: CVE-2023-23583 | ||
|
||
CVE link: | ||
|
||
<https://nvd.nist.gov/vuln/detail/CVE-2023-5043> | ||
|
||
### Summary {#brief-description} | ||
|
||
The Reptar vulnerability affects Intel-based server systems, and the manufacturer has released the necessary patches. The {{ yandex-cloud }} infrastructure has been updated. | ||
|
||
The vulnerability potentially led to privilege escalation. | ||
|
||
### Technologies affected {#technologies-affected} | ||
|
||
Intel (microcode) | ||
|
||
### Vulnerable products and versions {#vulnerable-products-and-versions} | ||
|
||
<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html> | ||
|
||
<https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html> | ||
|
||
### Base vector and severity level of the vulnerability according to CVSS v.3.0 {#severity-level} | ||
|
||
7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | ||
|
||
### Recommendations for vulnerability detection and additional materials {#recommendations-for-vulnerability-detection} | ||
|
||
Procedure for checking the vulnerability and supporting materials (PoC code, video demonstration or others): | ||
|
||
<https://lock.cmpxchg8b.com/reptar.html> | ||
|
||
Update or patch version: | ||
|
||
<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html> | ||
|
||
### Safe version of vulnerable product or patch {#safe-version} | ||
|
||
The vulnerability has been fixed as of version 1.9.0. | ||
|
||
### Are cloud services affected? {#impact-on-yandex-cloud-services} | ||
|
||
No. |
70 changes: 70 additions & 0 deletions
70
en/_includes/security/security-bulletins/cve-2023-44487.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
## 28/12/2023: CVE-2023-44487 HTTP/2 Rapid Reset DDoS Attack {#CVE-2023-44487} | ||
|
||
CVE ID: CVE-2023-44487 | ||
|
||
CVE link: | ||
|
||
<https://nvd.nist.gov/vuln/detail/CVE-2023-44487> | ||
|
||
### Original report {#original-report} | ||
|
||
<https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088> | ||
|
||
### Summary {#brief-description} | ||
|
||
{{ yandex-cloud }} has implemented all necessary measures against CVE-2023-44487 known as _HTTP/2 Rapid Reset_. | ||
|
||
This vulnerability is related to the HTTP/2 protocol. Under certain conditions, can be exploited to execute a denial-of-service attack on webservers such as NGINX, envoy and other products that implement the server-side portion of the HTTP/2 specification. To protect your systems from this attack, we’re recommending an immediate update to your web server. | ||
|
||
### Technologies affected {#technologies-affected} | ||
|
||
NGINX, HTTP/2 | ||
|
||
### Vulnerable products and versions {#vulnerable-products-and-versions} | ||
|
||
* NGINX Open Source 1.x: 1.25.2 - 1.9.5 | ||
* org.apache.tomcat.embed:tomcat-embed-core package, versions [,8.5.94], [9.0.0,9.0.81], [10.0.0,10.1.14], [11.0.0-M3,11.0.0-M12] | ||
* NGINX Ingress Controller | ||
* 3.x 3.0.0 - 3.3.0 3.3.1 | ||
* 2.x 2.0.0 - 2.4.2 | ||
* 1.x 1.12.2 - 1.12.5 | ||
* Envoy 1.27.1, 1.26.5, 1.25.10 or 1.24.10 | ||
* NGINX Plus R2x R25 - R30 | ||
* BIG-IP (all modules) 17.x 17.1.0 | ||
* BIG-IP Next (all modules) 20.x 20.0.1 | ||
* BIG-IP Next SPK 1.x 1.5.0 - 1.8.2 | ||
* <https://my.f5.com/manage/s/article/K000137106> | ||
|
||
### Base vector and severity level of the vulnerability according to CVSS v.3.0 {#severity-level} | ||
|
||
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | ||
|
||
### Recommendations for vulnerability detection and additional materials {#recommendations-for-vulnerability-detection} | ||
|
||
Procedure for checking the vulnerability and supporting materials (PoC code, video demonstration or others): | ||
|
||
<https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/> | ||
|
||
<https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76> | ||
|
||
<https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-5953331> | ||
|
||
Update or patch version: | ||
|
||
* Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.94, 9.0.81, 10.1.14, 11.0.0-M12 or higher. | ||
|
||
* Upgrade envoyproxy/envoy to version 1.24.11, 1.25.10, 1.26.5, 1.27.1 or higher. | ||
|
||
* Use http2_max_concurrent_streams directive NGINX | ||
|
||
<https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/> | ||
|
||
* Use [{{ sws-full-name }}](https://cloud.yandex.ru/services/smartwebsecurity) | ||
|
||
### Safe version of vulnerable product or patch {#safe-version} | ||
|
||
Not yet. | ||
|
||
### Are cloud services affected? {#impact-on-yandex-cloud-services} | ||
|
||
No. |
42 changes: 42 additions & 0 deletions
42
en/_includes/security/security-bulletins/cve-2023-46850.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
## 28/12/2023: CVE-2023-46850 OpenVPN v.2.6.7 Security patch {#CVE-2023-46850} | ||
|
||
CVE IDs: CVE-2023-46849, CVE-2023-46850 | ||
|
||
CVE link: | ||
|
||
<https://nvd.nist.gov/vuln/detail/CVE-2023-46849> | ||
<https://nvd.nist.gov/vuln/detail/CVE-2023-46850> | ||
|
||
### Original report {#original-report} | ||
|
||
<https://openvpn.net/community-downloads/> | ||
|
||
### Summary {#brief-description} | ||
|
||
CVE-2023-46850: it can lead to sending the contents of the process memory to the other side of the connection, as well as potentially to remote code execution. | ||
|
||
CVE-2023-46849: this may lead to the remote initiation of an emergency shutdown of the access server. | ||
|
||
### Technologies affected {#technologies-affected} | ||
|
||
OpenVPN | ||
|
||
### Vulnerable products and versions {#vulnerable-products-and-versions} | ||
|
||
From v2.6.0 before v2.6.6 | ||
|
||
### Base vector and severity level of the vulnerability according to CVSS v.3.0 {#severity-level} | ||
|
||
Network. | ||
|
||
### Procedure for checking the vulnerability and supporting materials (PoC code, video demonstration or others) {#poc} | ||
|
||
No PoC yet. | ||
|
||
### Safe version of vulnerable product or patch {#safe-version} | ||
|
||
The vulnerability has been fixed as of version 2.6.7. | ||
|
||
### Are cloud services affected? {#impact-on-yandex-cloud-services} | ||
|
||
Yes. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.