From e8f5616b51ee403d99172705f88fcb60ddc9b70f Mon Sep 17 00:00:00 2001 From: Vikman Fernandez-Castro Date: Mon, 15 Jan 2024 11:29:51 +0100 Subject: [PATCH 1/2] Add the security updates to 4.5.3 release notes --- source/release-notes/release-4-5-3.rst | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/source/release-notes/release-4-5-3.rst b/source/release-notes/release-4-5-3.rst index e1cfdcb195..5c52618ec4 100644 --- a/source/release-notes/release-4-5-3.rst +++ b/source/release-notes/release-4-5-3.rst @@ -31,10 +31,24 @@ RESTful API - `#18493 `__ Added support for nested queries in the ``q`` API parameter. - `#18432 `__ Updated ``force`` flag message in the ``agent_upgrade`` CLI. +Security updates +---------------- + +This release fixes the following vulnerabilities: + +Agent +^^^^^ + +============== ======================================================== ============= +CVE Reference Description +============== ======================================================== ============= +CVE-2023-42463 `#19069 `__ Fixed a stack overflow hazard in ``wazuh-logcollector`` that could allow a local privilege escalation. Found by Keith Yeo. +============== ======================================================== ============= + Resolved issues --------------- -This release resolves known issues as the following: +This release resolves known issues as the following: Manager ^^^^^^^ @@ -55,7 +69,6 @@ Reference Description ======================================================== ============= `#18773 `__ Fixed a bug in the memory handle at the agent's data provider helper. `#18903 `__ Fixed a data mismatch in the OS name between the global and agents' databases. -`#19069 `__ Fixed an array limit check in ``wazuh-logcollector``. `#19286 `__ Fixed wrong Windows agent binaries metadata. `#19397 `__ Fixed error during the Windows agent upgrade. ======================================================== ============= @@ -121,4 +134,4 @@ More details about these changes are provided in the changelog of each component - `wazuh/wazuh-dashboard-plugins 7.16.x `_ - `wazuh/wazuh-dashboard-plugins 7.17.x `_ - `wazuh/wazuh-splunk `_ -- `wazuh/wazuh-packages `_ \ No newline at end of file +- `wazuh/wazuh-packages `_ From 4c71e1258dd928ebac936646b136ae3f5e466764 Mon Sep 17 00:00:00 2001 From: Javier Medeot Date: Mon, 15 Jan 2024 09:24:40 -0300 Subject: [PATCH 2/2] Add profile link --- source/release-notes/release-4-5-3.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/release-notes/release-4-5-3.rst b/source/release-notes/release-4-5-3.rst index 5c52618ec4..56fafc852d 100644 --- a/source/release-notes/release-4-5-3.rst +++ b/source/release-notes/release-4-5-3.rst @@ -42,7 +42,7 @@ Agent ============== ======================================================== ============= CVE Reference Description ============== ======================================================== ============= -CVE-2023-42463 `#19069 `__ Fixed a stack overflow hazard in ``wazuh-logcollector`` that could allow a local privilege escalation. Found by Keith Yeo. +CVE-2023-42463 `#19069 `__ Fixed a stack overflow hazard in ``wazuh-logcollector`` that could allow a local privilege escalation. Found by Keith Yeo (`@kyeojy `__). ============== ======================================================== ============= Resolved issues