diff --git a/source/release-notes/release-4-5-3.rst b/source/release-notes/release-4-5-3.rst index e1cfdcb195..56fafc852d 100644 --- a/source/release-notes/release-4-5-3.rst +++ b/source/release-notes/release-4-5-3.rst @@ -31,10 +31,24 @@ RESTful API - `#18493 `__ Added support for nested queries in the ``q`` API parameter. - `#18432 `__ Updated ``force`` flag message in the ``agent_upgrade`` CLI. +Security updates +---------------- + +This release fixes the following vulnerabilities: + +Agent +^^^^^ + +============== ======================================================== ============= +CVE Reference Description +============== ======================================================== ============= +CVE-2023-42463 `#19069 `__ Fixed a stack overflow hazard in ``wazuh-logcollector`` that could allow a local privilege escalation. Found by Keith Yeo (`@kyeojy `__). +============== ======================================================== ============= + Resolved issues --------------- -This release resolves known issues as the following: +This release resolves known issues as the following: Manager ^^^^^^^ @@ -55,7 +69,6 @@ Reference Description ======================================================== ============= `#18773 `__ Fixed a bug in the memory handle at the agent's data provider helper. `#18903 `__ Fixed a data mismatch in the OS name between the global and agents' databases. -`#19069 `__ Fixed an array limit check in ``wazuh-logcollector``. `#19286 `__ Fixed wrong Windows agent binaries metadata. `#19397 `__ Fixed error during the Windows agent upgrade. ======================================================== ============= @@ -121,4 +134,4 @@ More details about these changes are provided in the changelog of each component - `wazuh/wazuh-dashboard-plugins 7.16.x `_ - `wazuh/wazuh-dashboard-plugins 7.17.x `_ - `wazuh/wazuh-splunk `_ -- `wazuh/wazuh-packages `_ \ No newline at end of file +- `wazuh/wazuh-packages `_