# Critical Photon OS Security Update ## Summary Advisory Id : PHSA-2023-4.0-0417 Type : Security Severity : ['Critical', 'Important', 'Moderate'] Issue date : 2023-06-30 Affected Release: 4.0 ## Details Updates of ['bindutils', 'kube-bench', 'libXi', 'ntp', 'docker-compose', 'samba-client', 'binutils', 'binutils-aarch64-linux-gnu', 'protobuf', 'libarchive', 'libtiff', 'nodejs'] packages of Photon OS have been released. ## Affected Packages ### Critical kube-bench - ['[CVE-2019-15562](https://nvd.nist.gov/vuln/detail/CVE-2019-15562)'] ### Important bindutils - ['[CVE-2023-2911](https://nvd.nist.gov/vuln/detail/CVE-2023-2911)', '[CVE-2023-2828](https://nvd.nist.gov/vuln/detail/CVE-2023-2828)'] libXi - ['[CVE-2016-7946](https://nvd.nist.gov/vuln/detail/CVE-2016-7946)', '[CVE-2016-7945](https://nvd.nist.gov/vuln/detail/CVE-2016-7945)'] docker-compose - ['[CVE-2023-25173](https://nvd.nist.gov/vuln/detail/CVE-2023-25173)', '[CVE-2023-27561](https://nvd.nist.gov/vuln/detail/CVE-2023-27561)', '[CVE-2023-28642](https://nvd.nist.gov/vuln/detail/CVE-2023-28642)', '[CVE-2019-19921](https://nvd.nist.gov/vuln/detail/CVE-2019-19921)'] samba-client - ['[CVE-2020-25720](https://nvd.nist.gov/vuln/detail/CVE-2020-25720)'] binutils - ['[CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584)', '[CVE-2022-47696](https://nvd.nist.gov/vuln/detail/CVE-2022-47696)', '[CVE-2022-47673](https://nvd.nist.gov/vuln/detail/CVE-2022-47673)'] binutils-aarch64-linux-gnu - ['[CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584)'] libtiff - ['[CVE-2023-3618](https://nvd.nist.gov/vuln/detail/CVE-2023-3618)', '[CVE-2023-25434](https://nvd.nist.gov/vuln/detail/CVE-2023-25434)'] nodejs - ['[CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)'] ### Moderate ntp - ['[CVE-2023-26555](https://nvd.nist.gov/vuln/detail/CVE-2023-26555)', '[CVE-2023-26553](https://nvd.nist.gov/vuln/detail/CVE-2023-26553)', '[CVE-2023-26554](https://nvd.nist.gov/vuln/detail/CVE-2023-26554)', '[CVE-2023-26552](https://nvd.nist.gov/vuln/detail/CVE-2023-26552)', '[CVE-2023-26551](https://nvd.nist.gov/vuln/detail/CVE-2023-26551)'] docker-compose - ['[CVE-2023-25809](https://nvd.nist.gov/vuln/detail/CVE-2023-25809)', '[CVE-2023-25153](https://nvd.nist.gov/vuln/detail/CVE-2023-25153)', '[CVE-2022-23471](https://nvd.nist.gov/vuln/detail/CVE-2022-23471)'] binutils - ['[CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588)', '[CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585)'] binutils-aarch64-linux-gnu - ['[CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588)', '[CVE-2022-38533](https://nvd.nist.gov/vuln/detail/CVE-2022-38533)', '[CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585)'] protobuf - ['[CVE-2022-3509](https://nvd.nist.gov/vuln/detail/CVE-2022-3509)'] libarchive - ['[CVE-2021-36976](https://nvd.nist.gov/vuln/detail/CVE-2021-36976)'] libtiff - ['[CVE-2023-0802](https://nvd.nist.gov/vuln/detail/CVE-2023-0802)', '[CVE-2023-0800](https://nvd.nist.gov/vuln/detail/CVE-2023-0800)', '[CVE-2023-0798](https://nvd.nist.gov/vuln/detail/CVE-2023-0798)', '[CVE-2023-0796](https://nvd.nist.gov/vuln/detail/CVE-2023-0796)', '[CVE-2023-0795](https://nvd.nist.gov/vuln/detail/CVE-2023-0795)', '[CVE-2023-0797](https://nvd.nist.gov/vuln/detail/CVE-2023-0797)', '[CVE-2023-0803](https://nvd.nist.gov/vuln/detail/CVE-2023-0803)', '[CVE-2023-25435](https://nvd.nist.gov/vuln/detail/CVE-2023-25435)', '[CVE-2023-0799](https://nvd.nist.gov/vuln/detail/CVE-2023-0799)', '[CVE-2023-0801](https://nvd.nist.gov/vuln/detail/CVE-2023-0801)', '[CVE-2023-2731](https://nvd.nist.gov/vuln/detail/CVE-2023-2731)', '[CVE-2023-0804](https://nvd.nist.gov/vuln/detail/CVE-2023-0804)', '[CVE-2023-26965](https://nvd.nist.gov/vuln/detail/CVE-2023-26965)', '[CVE-2023-3316](https://nvd.nist.gov/vuln/detail/CVE-2023-3316)'] nodejs - ['[CVE-2023-0465](https://nvd.nist.gov/vuln/detail/CVE-2023-0465)', '[CVE-2023-1255](https://nvd.nist.gov/vuln/detail/CVE-2023-1255)', '[CVE-2023-2650](https://nvd.nist.gov/vuln/detail/CVE-2023-2650)'] ## Solution Update the affected packages (tdnf update package) ## Updated Packages Information bindutils-9.16.38-4.ph4.x86_64.rpm | size : 2.0M , sha256 : 601af28f1f6637b96790f1db199c1771ae8be726a7601074de2b15adb07c469b , build time : Thu, 29 Jun 2023 22:24:39 UTC kube-bench-0.6.12-1.ph4.x86_64.rpm | size : 4.9M , sha256 : 75965611704777973c1200c756a3e67cd1d33c87f577ea8fbbd1bd31e32c3076 , build time : Thu, 29 Jun 2023 22:26:27 UTC libXi-1.7.10-1.ph4.x86_64.rpm | size : 36K , sha256 : 347b8845d064e49d89407899f7209d9474354a105c3321dd4cd788c3f50cb7b6 , build time : Thu, 29 Jun 2023 22:24:45 UTC libXi-devel-1.7.10-1.ph4.x86_64.rpm | size : 164K , sha256 : 7b9e5e3af10302c33e2ec740448048ab95eb94b65f32d23def9fb6df83f8881f , build time : Thu, 29 Jun 2023 22:24:45 UTC ntp-4.2.8p16-1.ph4.x86_64.rpm | size : 2.0M , sha256 : 757822ccb546d94afc443f4d01b5c398334f7a52b9af2a53b7fe681f45e708bc , build time : Thu, 29 Jun 2023 22:33:20 UTC ntp-perl-4.2.8p16-1.ph4.x86_64.rpm | size : 28K , sha256 : 548874f2160b3d77be9b64fc04c74ef1488415566cff189e6f200986e185fcf8 , build time : Thu, 29 Jun 2023 22:33:20 UTC docker-compose-2.19.0-1.ph4.x86_64.rpm | size : 13M , sha256 : acd54877c6a446dcc03b9fe38ad015bdbd2dbd08dce18442ef58826cd4fae265 , build time : Thu, 29 Jun 2023 22:26:26 UTC samba-client-4.18.3-1.ph4.x86_64.rpm | size : 1.2M , sha256 : 49863dfe5362d57e7442fc80807bdb42448b0f1da0d7bb33cb3b32d1f706fe0f , build time : Thu, 29 Jun 2023 22:36:14 UTC samba-client-devel-4.18.3-1.ph4.x86_64.rpm | size : 212K , sha256 : 4765c79857d40f0a7074d53c933b666b343b861b1fa7b586f8d2ca1dbd58f9c7 , build time : Thu, 29 Jun 2023 22:36:14 UTC samba-client-libs-4.18.3-1.ph4.x86_64.rpm | size : 6.1M , sha256 : b8a29c13e41f5cdd76cf600fbc895b75ad9e0b64073a1fa8d992064cad379daa , build time : Thu, 29 Jun 2023 22:36:14 UTC binutils-2.35-8.ph4.x86_64.rpm | size : 4.6M , sha256 : bfbdeeee7ef3976714cea35efae28cf2828db25581906da4685e26ccc4be1529 , build time : Thu, 29 Jun 2023 22:20:44 UTC binutils-aarch64-linux-gnu-2.35-3.ph4.x86_64.rpm | size : 2.8M , sha256 : e5434c37a23d80a5c4f2abae784e6ee7ca86fcc6d615d9d87d204b8946573283 , build time : Thu, 29 Jun 2023 22:24:37 UTC binutils-devel-2.35-8.ph4.x86_64.rpm | size : 1.1M , sha256 : 0ab1295e84e767c4fdc045bfe450cac5e5f47191cd5807147837ef09e5e841c1 , build time : Thu, 29 Jun 2023 22:20:44 UTC binutils-libs-2.35-8.ph4.x86_64.rpm | size : 884K , sha256 : 4b43dc90c18bf64e7440b481887a80d21f2b7a31200f1915ebec9d14ba74d3eb , build time : Thu, 29 Jun 2023 22:20:44 UTC binutils-aarch64-linux-gnu-2.35-3.ph4.x86_64.rpm | size : 2.8M , sha256 : e5434c37a23d80a5c4f2abae784e6ee7ca86fcc6d615d9d87d204b8946573283 , build time : Thu, 29 Jun 2023 22:24:37 UTC protobuf-3.19.6-2.ph4.x86_64.rpm | size : 2.0M , sha256 : 3cae5bdca29f721f8d81f3d30060ac14040a2ca2e18844731292d886a35dcec4 , build time : Thu, 29 Jun 2023 22:24:50 UTC protobuf-c-1.3.3-6.ph4.x86_64.rpm | size : 104K , sha256 : ec1a91758869c8b7de5f967be0839b83ab2fd0191087ad38aa48b89d1d91e071 , build time : Thu, 29 Jun 2023 23:03:52 UTC protobuf-c-devel-1.3.3-6.ph4.x86_64.rpm | size : 20K , sha256 : d7135d3e947c3be6daa4503293d7a6ed0f38e6bac13bf6142706012d79e3db25 , build time : Thu, 29 Jun 2023 23:03:52 UTC protobuf-c-static-1.3.3-6.ph4.x86_64.rpm | size : 8.0K , sha256 : 582fb6713c357f48e9b76322dddd3dbeeae07affcb219d3cdea1fca6e3c2df81 , build time : Thu, 29 Jun 2023 23:03:52 UTC protobuf-devel-3.19.6-2.ph4.x86_64.rpm | size : 364K , sha256 : 51d8d9906482ebc420f7cc566d858ae3523043913d93b650ddac862e1131904d , build time : Thu, 29 Jun 2023 22:24:50 UTC protobuf-java-3.19.6-2.ph4.x86_64.rpm | size : 1.6M , sha256 : c225e7a833b11c791cbe1c31316a12ac55023e0eb6924d1f2b615d5b28cce766 , build time : Thu, 29 Jun 2023 22:24:50 UTC protobuf-python3-3.19.6-2.ph4.x86_64.rpm | size : 232K , sha256 : a0e3d03a4f22d86ddc3df455b0ab4af5e8cb95752798b2d884002802bd75c3b5 , build time : Thu, 29 Jun 2023 22:24:50 UTC protobuf-static-3.19.6-2.ph4.x86_64.rpm | size : 8.0K , sha256 : 84a3db4cd49adda114d4d7aec20632ac425631d132caab909ad9a078931ae729 , build time : Thu, 29 Jun 2023 22:24:50 UTC libarchive-3.4.3-10.ph4.x86_64.rpm | size : 368K , sha256 : 9c61a61523beb5cd4d2135870d1515e8a2d6070eaa455638dd161c92db79cf70 , build time : Thu, 29 Jun 2023 22:24:38 UTC libarchive-devel-3.4.3-10.ph4.x86_64.rpm | size : 164K , sha256 : 910f76f4c9797eb8b05ba5f420769f0f8abd6512d91880ce39f0b8d2153f5167 , build time : Thu, 29 Jun 2023 22:24:38 UTC libtiff-4.5.1-1.ph4.x86_64.rpm | size : 380K , sha256 : a7b3a343265919e493ff18437f347eecbec99c93b7896b7d8958d911d08af1af , build time : Thu, 29 Jun 2023 22:24:45 UTC libtiff-devel-4.5.1-1.ph4.x86_64.rpm | size : 152K , sha256 : 493bf66c279f40fff0f0ec011e272c209905e504f25f639d20d7775b737d57bf , build time : Thu, 29 Jun 2023 22:24:45 UTC nodejs-18.16.1-1.ph4.x86_64.rpm | size : 25M , sha256 : 85e7c9f6acffd30afe5a6cd4e5c666eb9c881e51a40e2794c5b07de757d1612c , build time : Thu, 29 Jun 2023 22:24:41 UTC nodejs-devel-18.16.1-1.ph4.x86_64.rpm | size : 872K , sha256 : 1ace43df5bdb51902208937537af35edbc7da72641ef04a483ed46562f2a7982 , build time : Thu, 29 Jun 2023 22:24:41 UTC