High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
2023-9-22 16:0:0 Author: thehackernews.com(查看原文) 阅读量:6 收藏

Server Security / Vulnerability

Atlassian Products and ISC BIND Server

Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution.

The Australian software services provider said that the four high-severity flaws were fixed in new versions shipped last month. This includes -

  • CVE-2022-25647 (CVSS score: 7.5) - A deserialization flaw in the Google Gson package impacting Patch Management in Jira Service Management Data Center and Server
  • CVE-2023-22512 (CVSS score: 7.5) - A DoS flaw in Confluence Data Center and Server
  • CVE-2023-22513 (CVSS score: 8.5) - A RCE flaw in Bitbucket Data Center and Server
  • CVE-2023-28709 (CVSS score: 7.5) - A DoS flaw in Apache Tomcat server impacting Bamboo Data Center and Server

The flaws have been addressed in the following versions -

  • Jira Service Management Server and Data Center (versions 4.20.25, 5.4.9, 5.9.2, 5.10.1, 5.11.0, or later)
  • Confluence Server and Data Center (versions 7.19.13, 7.19.14, 8.5.1, 8.6.0, or later)
  • Bitbucket Server and Data Center (versions 8.9.5, 8.10.5, 8.11.4, 8.12.2, 8.13.1, 8.14.0, or later)
  • Bamboo Server and Data Center (versions 9.2.4, 9.3.1, or later)

Two High-Severity Flaws in BIND Fixed

In a related development, ISC has released fixes for two high-severity bugs affecting the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could pave the way for a DoS condition -

  • CVE-2023-3341 (CVSS score: 7.5) - A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (fixed in versions 9.16.44, 9.18.19, 9.19.17, 9.16.44-S1, and 9.18.19-S1)
  • CVE-2023-4236 (CVSS score: 7.5) - The named service may terminate unexpectedly under high DNS-over-TLS query load (fixed in versions 9.18.19 and 9.18.19-S1)

The latest patches arrive three months after ISC rolled out fixes for three other flaws in the software (CVE-2023-2828, CVE-2023-2829, and CVE-2023-2911, CVSS scores: 7.5) that could result in a DoS condition.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


文章来源: https://thehackernews.com/2023/09/high-severity-flaws-uncovered-in.html
如有侵权请联系:admin#unsafe.sh