CLSA-2023-1683235759

Import Source

JSON Data

https://api.osv.dev/v1/vulns/CLSA-2023-1683235759

Upstream

Published

2023-05-04T21:29:24Z

Modified

2026-06-04T09:45:49.757492904Z

Summary

Fix CVE(s): CVE-2022-3996, CVE-2023-0464, CVE-2023-0466

Details

SECURITY UPDATE: Excessive resource use verifying X.509 policy constraints
- debian/patches/CVE-2023-0464.patch: Limit X.509 certificate tree size to avoid exponential use of computational resources
- CVE-2023-0464
SECURITY UPDATE: Incorrecly documented X509VERIFYPARAMadd0policy()
- debian/patches/CVE-2023-0466.patch: Align documentation with actual implementation
- CVE-2023-0466
SECURITY UPDATE: Double locking in X.509 policy cache handling
- debian/patches/CVE-2022-3996.patch: Revert previously introduced redundant flag setting and so avoid locking at all
- CVE-2022-3996

References

Affected packages

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1ubuntu4.21+tuxcare.els6

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1683235759.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1ubuntu4.21+tuxcare.els6

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1683235759.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1ubuntu4.21+tuxcare.els6

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1683235759.json"

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.2g-1ubuntu4.21+tuxcare.els6

source

"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/ubuntu16.04els/CLSA-2023-1683235759.json"