Atlassian and the Internet Strategies Consortium (ISC) have disclosed a lot of security flaws impacting their merchandise that might presumably be exploited to realize denial-of-service (DoS) and distant code execution.
The Australian software program program suppliers provider said that the 4 high-severity flaws had been fixed in new variations shipped last month. This accommodates –
- CVE-2022-25647 (CVSS ranking: 7.5) – A deserialization flaw inside the Google Gson package deal deal impacting Patch Administration in Jira Service Administration Information Coronary heart and Server
- CVE-2023-22512 (CVSS ranking: 7.5) – A DoS flaw in Confluence Information Coronary heart and Server
- CVE-2023-22513 (CVSS ranking: 8.5) – A RCE flaw in Bitbucket Information Coronary heart and Server
- CVE-2023-28709 (CVSS ranking: 7.5) – A DoS flaw in Apache Tomcat server impacting Bamboo Information Coronary heart and Server
The failings have been addressed inside the following variations –
- Jira Service Administration Server and Information Coronary heart (variations 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11.0, or later)
- Confluence Server and Information Coronary heart (variations 7.19.13, 7.19.14, 8.5.1, 8.6.0, or later)
- Bitbucket Server and Information Coronary heart (variations 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14.0, or later)
- Bamboo Server and Information Coronary heart (variations 9.2.4, 9.3.1, or later)
Two Extreme-Severity Flaws in BIND Mounted
In a related progress, ISC has launched fixes for two high-severity bugs affecting the Berkeley Internet Title Space (BIND) 9 Space Title System (DNS) software program program suite that may pave the easiest way for a DoS scenario –
- CVE-2023-3341 (CVSS ranking: 7.5) – A stack exhaustion flaw in administration channel code would possibly set off named to terminate unexpectedly (fixed in variations 9.16.44, 9.18.19, 9.19.17, 9.16.44-S1, and 9.18.19-S1)
- CVE-2023-4236 (CVSS ranking: 7.5) – The named service would possibly terminate unexpectedly under extreme DNS-over-TLS query load (fixed in variations 9.18.19 and 9.18.19-S1)
The latest patches arrive three months after ISC rolled out fixes for 3 totally different flaws inside the software program program (CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911, CVSS scores: 7.5) that may finish in a DoS scenario.
Thanks for being a valued member of the Nirantara household! We admire your continued assist and belief in our apps.
If you have not already, we encourage you to obtain and expertise these incredible apps. Keep linked, knowledgeable, fashionable, and discover wonderful journey provides with the Nirantara household!
Thank you for being a valued member of the Nirantara family! We appreciate your continued support and trust in our apps.
- Nirantara Social - Stay connected with friends and loved ones. Download now: Nirantara Social
- Nirantara News - Get the latest news and updates on the go. Install the Nirantara News app: Nirantara News
- Nirantara Fashion - Discover the latest fashion trends and styles. Get the Nirantara Fashion app: Nirantara Fashion
- Nirantara TechBuzz - Stay up-to-date with the latest technology trends and news. Install the Nirantara TechBuzz app: Nirantara Fashion
- InfiniteTravelDeals24 - Find incredible travel deals and discounts. Install the InfiniteTravelDeals24 app: InfiniteTravelDeals24
If you haven't already, we encourage you to download and experience these fantastic apps. Stay connected, informed, stylish, and explore amazing travel offers with the Nirantara family!
Source link