Last Revised: 05/10/2024
Vulnerabilities impacting supported product versions are listed in the following table as reported by Red Hat, Apache Tomcat and PostgreSQL security advisories. Refer to the Avaya Product Life Cycle Policy for information about supported product versions.
The severity is determined by the highest Common Vulnerability Scoring System (CVSS) score of the Common Vulnerabilities and Exposures (CVE) IDs listed in a vendor's security advisory. Refer to the Common Vulnerability Scoring System: Specification Document for additional information about CVSS score calculations.
Products listed in the Affected Products column have affected software installed as reported in the vendor security advisory.
Additional information is available via the Avaya Support Site and through your Avaya product support representative.
An Avaya system product includes an Avaya provided operating system.
| Vendor Security Advisory | CVE(s) | Severity | Affected Product(s) |
|---|---|---|---|
| RHSA-2023:7884 postgresql:15 security update (Issued: 2023-12-20) | CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 CVE-2023-39418 | High |
|
| RHSA-2023:7876 opensc security update (Issued: 2023-12-19) | CVE-2023-40660 CVE-2023-40661 | Medium |
|
| RHSA-2023:7877 openssl security update (Issued: 2023-12-19) | CVE-2023-3446 CVE-2023-3817 CVE-2023-5678 | Medium |
|
| RHSA-2023:7841 gstreamer1-plugins-bad-free security update (Issued: 2023-12-14) | CVE-2023-44446 | High |
|
| RHSA-2023:7836 avahi security update (Issued: 2023-12-14) | CVE-2021-3468 CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473 | Medium |
|
| RHSA-2023:7790 postgresql:10 security update (Issued: 2023-12-13) | CVE-2023-5869 | High |
|
| RHSA-2023:7783 postgresql security update (Issued: 2023-12-13) | CVE-2023-5869 | High |
|
| RHSA-2023:7743 curl security update (Issued: 2023-12-12) | CVE-2022-43552 | Medium |
|
| RHSA-2023:7716 webkit2gtk3 security update (Issued: 2023-12-11) | CVE-2023-42917 | High |
|
| RHSA-2023:7714 postgresql:12 security update (Issued: 2023-12-11) | CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 | High |
|
| RHSA-2023:7581 postgresql:13 security update (Issued: 2023-11-29) | CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 CVE-2023-39417 | High |
|
| RHSA-2023:7549 kernel security and bug fix update (Issued: 2023-11-28) | CVE-2022-45884 CVE-2022-45886 CVE-2022-45919 CVE-2023-1192 CVE-2023-2163 CVE-2023-3812 CVE-2023-5178 CVE-2023-52562 | High |
|
| RHSA-2023:7513 linux-firmware security update (Issued: 2023-11-27) | CVE-2023-20569 CVE-2023-20593 | Medium |
|
| RHSA-2023:7508 firefox security update (Issued: 2023-11-27) | CVE-2023-6204 CVE-2023-6205 CVE-2023-6206 CVE-2023-6207 CVE-2023-6208 CVE-2023-6209 CVE-2023-6212 | High |
|
| RHSA-2023:7500 thunderbird security update (Issued: 2023-11-27) | CVE-2023-6204 CVE-2023-6205 CVE-2023-6206 CVE-2023-6207 CVE-2023-6208 CVE-2023-6209 CVE-2023-6212 | High |
|
| RHSA-2023:7467 samba security update (Issued: 2023-11-22) | CVE-2023-3961 CVE-2023-4091 CVE-2023-42669 | Medium |
|
| RHSA-2023:7423 kernel security update (Issued: 2023-11-21) | CVE-2022-40982 CVE-2023-3611 CVE-2023-3776 CVE-2023-4128 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208 CVE-2023-31436 | High |
|
| RHSA-2023:7279 open-vm-tools security update (Issued: 2023-11-15) | CVE-2023-34058 CVE-2023-34059 | High |
|
| RHSA-2023:7265 open-vm-tools security update (Issued: 2023-11-15) | CVE-2023-34058 CVE-2023-34059 | High |
|
| RHSA-2023:7207 c-ares security update (Issued: 2023-11-14) | CVE-2020-22217 CVE-2023-31130 | Medium |
|
| RHSA-2023:7096 python-cryptography security update (Issued: 2023-11-14) | CVE-2023-23931 | Medium |
|
| RHSA-2023:7058 rhc security, bug fix, and enhancement update (Issued: 2023-11-14) | CVE-2022-41723 | High |
|
| RHSA-2023:7205 nodejs:20 security update (Issued: 2023-11-14) | CVE-2023-38552 CVE-2023-39331 CVE-2023-39332 CVE-2023-39333 CVE-2023-44487 CVE-2023-45143 | Critical |
|
| RHSA-2023:6944 protobuf-c security update (Issued: 2023-11-14) | CVE-2022-48468 | Medium |
|
| RHSA-2023:7160 opensc security and bug fix update (Issued: 2023-11-14) | CVE-2023-2977 | Medium |
|
| RHSA-2023:6943 cloud-init security, bug fix, and enhancement update (Issued: 2023-11-14) | CVE-2023-1786 | Medium |
|
| RHSA-2023:7083 emacs security update (Issued: 2023-11-14) | CVE-2022-48337 CVE-2022-48339 | High |
|
| RHSA-2023:7015 wireshark security update (Issued: 2023-11-14) | CVE-2023-0666 CVE-2023-2856 CVE-2023-2858 CVE-2023-2952 | Medium |
|
| RHSA-2023:7190 avahi security update (Issued: 2023-11-14) | CVE-2023-1981 | Medium |
|
| RHSA-2023:7176 python-pip security update (Issued: 2023-11-14) | CVE-2007-4559 | Medium |
|
| RHSA-2023:7112 shadow-utils security and bug fix update (Issued: 2023-11-14) | CVE-2023-4641 | Medium |
|
| RHSA-2023:7046 dnsmasq security and bug fix update (Issued: 2023-11-14) | CVE-2023-28450 | High |
|
| RHSA-2023:7166 tpm2-tss security and enhancement update (Issued: 2023-11-14) | CVE-2023-22745 | Medium |
|
| RHSA-2023:7052 libreswan security update (Issued: 2023-11-14) | CVE-2023-38710 CVE-2023-38711 CVE-2023-38712 | Medium |
|
| RHSA-2023:7177 bind security update (Issued: 2023-11-14) | CVE-2022-3094 | High |
|
| RHSA-2023:7165 cups security and bug fix update (Issued: 2023-11-14) | CVE-2023-32324 CVE-2023-34241 | High |
|
| RHSA-2023:7057 yajl security update (Issued: 2023-11-14) | CVE-2023-33460 | Medium |
|
| RHSA-2023:7053 ghostscript security and bug fix update (Issued: 2023-11-14) | CVE-2023-4042 CVE-2023-28879 CVE-2023-38559 | High |
|
| RHSA-2023:6976 libfastjson security update (Issued: 2023-11-14) | CVE-2020-12762 | High |
|
| RHSA-2023:7189 fwupd security update (Issued: 2023-11-14) | CVE-2022-3287 | Medium |
|
| RHSA-2023:7109 linux-firmware security, bug fix, and enhancement update (Issued: 2023-11-14) | CVE-2023-20569 | Medium |
|
| RHSA-2023:7116 c-ares security update (Issued: 2023-11-14) | CVE-2022-4904 | High |
|
| RHSA-2023:7016 libpq security update (Issued: 2023-11-14) | CVE-2022-41862 | Low |
|
| RHSA-2023:7187 procps-ng security update (Issued: 2023-11-14) | CVE-2023-4016 | Low |
|
| RHSA-2023:7174 perl-HTTP-Tiny security update (Issued: 2023-11-14) | CVE-2023-31486 | High |
|
| RHSA-2023:7010 sysstat security and bug fix update (Issued: 2023-11-14) | CVE-2023-33204 | High |
|
| RHSA-2023:7065 tomcat security and bug fix update (Issued: 2023-11-14) | CVE-2023-24998 CVE-2023-28708 CVE-2023-28709 | High |
|
| RHSA-2023:7151 python3 security update (Issued: 2023-11-14) | CVE-2007-4559 | Medium |
|
| RHSA-2023:7055 webkit2gtk3 security and bug fix update (Issued: 2023-11-14) | CVE-2022-32885 CVE-2022-32919 CVE-2022-32933 CVE-2022-46705 CVE-2022-46725 CVE-2023-27932 CVE-2023-27954 CVE-2023-28198 CVE-2023-32370 CVE-2023-32393 CVE-2023-38133 CVE-2023-38572 CVE-2023-38592 CVE-2023-38594 CVE-2023-38595 CVE-2023-38597 CVE-2023-38599 CVE-2023-38600 CVE-2023-38611 CVE-2023-39434 CVE-2023-40397 CVE-2023-40451 CVE-2023-42833 | Critical |
|
| RHSA-2023:7202 container-tools:4.0 security and bug fix update (Issued: 2023-11-14) | CVE-2023-29406 | Medium |
|
| RHSA-2023:7029 libX11 security update (Issued: 2023-11-14) | CVE-2023-3138 | High |
|
| RHSA-2023:7077 kernel security, bug fix, and enhancement update (Issued: 2023-11-14) | CVE-2021-43975 CVE-2022-3594 CVE-2022-3640 CVE-2022-4744 CVE-2022-28388 CVE-2022-38457 CVE-2022-40133 CVE-2022-40982 CVE-2022-42895 CVE-2022-45869 CVE-2022-45887 CVE-2023-0458 CVE-2023-0590 CVE-2023-0597 CVE-2023-1073 CVE-2023-1074 CVE-2023-1075 CVE-2023-1079 CVE-2023-1118 CVE-2023-1206 CVE-2023-1252 CVE-2023-1382 CVE-2023-1855 CVE-2023-1989 CVE-2023-1998 CVE-2023-2269 CVE-2023-2513 CVE-2023-3141 CVE-2023-3161 CVE-2023-3212 CVE-2023-3268 CVE-2023-3609 CVE-2023-3611 CVE-2023-3772 CVE-2023-4128 CVE-2023-4132 CVE-2023-4155 CVE-2023-4206 CVE-2023-4207 CVE-2023-4208 CVE-2023-4732 CVE-2023-23455 CVE-2023-26545 CVE-2023-28328 CVE-2023-28772 CVE-2023-30456 CVE-2023-31084 CVE-2023-31436 CVE-2023-33203 CVE-2023-33951 CVE-2023-33952 CVE-2023-35823 CVE-2023-35824 CVE-2023-35825 CVE-2023-51043 CVE-2024-0443 | High |
|
| RHSA-2023:6967 qt5-qtbase security update (Issued: 2023-11-14) | CVE-2023-33285 CVE-2023-34410 CVE-2023-37369 CVE-2023-38197 | Medium |
|
| RHSA-2023:6939 container-tools:rhel8 security and bug fix update (Issued: 2023-11-14) | CVE-2022-3064 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-3978 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-24540 CVE-2023-25173 CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 CVE-2023-29400 CVE-2023-29406 | High |
|
| RHSA-2023:7139 samba security, bug fix, and enhancement update (Issued: 2023-11-14) | CVE-2022-2127 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 | High |
|
| RHSA-2023:7034 python39:3.9 and python39-devel:3.9 security update (Issued: 2023-11-14) | CVE-2007-4559 CVE-2023-32681 | Medium |
|
| RHSA-2023:6938 container-tools:4.0 security and bug fix update (Issued: 2023-11-14) | CVE-2022-3064 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2023-3978 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-24540 CVE-2023-25809 CVE-2023-27561 CVE-2023-28642 CVE-2023-29400 CVE-2023-29406 | High |
|
| RHSA-2023:7050 python38:3.8 and python38-devel:3.8 security update (Issued: 2023-11-14) | CVE-2007-4559 CVE-2023-32681 | Medium |
|
| RHSA-2023:7042 python27:2.7 security and bug fix update (Issued: 2023-11-14) | CVE-2023-32681 | Medium |
|
| RHSA-2023:6980 virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Issued: 2023-11-14) | CVE-2021-3750 CVE-2023-3301 | High |
|
| RHSA-2023:6980 virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Issued: 2023-11-14) | CVE-2021-3750 CVE-2023-3301 | High |
|
| RHSA-2023:6885 python security update (Issued: 2023-11-13) | CVE-2023-40217 | High |
|
| RHSA-2023:6823 python3 security update (Issued: 2023-11-08) | CVE-2023-40217 | High |
|
| RHSA-2023:6283 insights-client security update (Issued: 2023-11-02) | CVE-2023-3972 | High |
|
| RHSA-2023:6236 binutils security update (Issued: 2023-11-01) | CVE-2022-4285 | Medium |
|
| RHSA-2023:6194 thunderbird security update (Issued: 2023-10-30) | CVE-2023-5721 CVE-2023-5724 CVE-2023-5725 CVE-2023-5728 CVE-2023-5730 CVE-2023-5732 CVE-2023-44488 | High |
|
| RHSA-2023:6187 firefox security update (Issued: 2023-10-30) | CVE-2023-5721 CVE-2023-5724 CVE-2023-5725 CVE-2023-5728 CVE-2023-5730 CVE-2023-5732 CVE-2023-44488 | High |
|
| RHSA-2023:5997 python3 security update (Issued: 2023-10-23) | CVE-2023-40217 | High |
|
| RHSA-2023:5998 python39:3.9 and python39-devel:3.9 security update (Issued: 2023-10-23) | CVE-2023-40217 | High |
|
| RHSA-2023:5994 python27:2.7 security update (Issued: 2023-10-23) | CVE-2023-40217 | High |
|
| RHSA-2023:5928 tomcat security update (Issued: 2023-10-19) | CVE-2023-44487 | High |
|
| RHSA-2023:5927 php:8.0 security update (Issued: 2023-10-19) | CVE-2023-0567 CVE-2023-0568 CVE-2023-0662 CVE-2023-3247 CVE-2023-3823 CVE-2023-3824 | Critical |
|
| RHSA-2023:5869 nodejs:18 security update (Issued: 2023-10-18) | CVE-2023-38552 CVE-2023-39333 CVE-2023-44487 CVE-2023-45143 | High |
|
| RHSA-2023:5761 java-1.8.0-openjdk security update (Issued: 2023-10-18) | CVE-2023-22067 CVE-2023-22081 | Medium |
|
| RHSA-2023:5850 nodejs:16 security update (Issued: 2023-10-18) | CVE-2023-44487 | High |
|
| RHSA-2023:5736 java-11-openjdk security and bug fix update (Issued: 2023-10-18) | CVE-2023-22081 | Medium |
|
| RHSA-2023:5731 java-1.8.0-openjdk security update (Issued: 2023-10-18) | CVE-2022-40433 CVE-2023-22067 CVE-2023-22081 | Medium |
|
| RHSA-2023:5751 java-17-openjdk security and bug fix update (Issued: 2023-10-18) | CVE-2023-22025 CVE-2023-22081 | Medium |
|
| RHSA-2023:5837 nghttp2 security update (Issued: 2023-10-18) | CVE-2023-44487 | High |
|
| RHSA-2023:5742 java-11-openjdk security and bug fix update (Issued: 2023-10-18) | CVE-2023-22081 | Medium |
|
| RHSA-2023:5721 go-toolset:rhel8 security update (Issued: 2023-10-16) | CVE-2023-29406 CVE-2023-29409 CVE-2023-39325 CVE-2023-44487 | High |
|
| RHSA-2023:5713 nginx:1.22 security update (Issued: 2023-10-16) | CVE-2023-44487 | High |
|
| RHSA-2023:5712 nginx:1.20 security update (Issued: 2023-10-16) | CVE-2023-44487 | High |
|
| RHSA-2023:5691 bind security update (Issued: 2023-10-12) | CVE-2023-3341 | High |
|
| RHSA-2023:5615 libssh2 security update (Issued: 2023-10-10) | CVE-2020-22218 | High |
|
| RHSA-2023:5622 kernel security and bug fix update (Issued: 2023-10-10) | CVE-2023-3609 CVE-2023-32233 CVE-2023-35001 | High |
|
Avaya software-only products operate on general-purpose operating systems. Occasionally, vulnerabilities may be discovered in the underlying operating system or applications that come with the operating system. These vulnerabilities may not impact the software-only product directly but may threaten the integrity of the underlying platform.
In the event an affected package is installed, review the Avaya product software-only RPM updates documentation before following the mitigation actions provided by the operating system vendor. DO NOT install Security Service Packs (SSP) on software-only products. Failure to follow these requirements may result in system breakage.
Avaya strongly recommends following networking and security best practices by implementing firewalls, ACLs, physical security or other appropriate access restrictions. Though Avaya believes such restrictions should always be in place, risk to Avaya products and the surrounding network from this potential vulnerability may be mitigated by ensuring these practices are implemented until such time as an Avaya provided product update or the recommended Avaya action is applied. Further restrictions as deemed necessary based on the customer's security policies may be required during this interim period, but the System Product operating system or application should not be modified unless the change is approved by Avaya. Making changes that are not approved may void the Avaya product service contract.
The following links point to product security fix downloads. The Related Documents area on these pages provide a link to a product documentation which should contain specific details about security fixes. If a product and version does not exist in the list, refer to the Avaya Support Portal. Search for Documents and/or Downloads using the Product Support drop down menu.
NOTE: Security Service Packs (SSP) should not be installed on software-only products.
All information is believed to be correct at the time of publication, is provided "as is", and is applicable only to product versions eligible for manufacturer support in accordance with Avaya Product Life Cycle Policy. Avaya LLC., on behalf itself and its subsidiaries and affiliates (hereinafter collectively referred to as "Avaya"), disclaims all warranties, either extras or implied, including but not limited to the warranties of merchantability and fitness for a particular purpose and furthermore, Avaya makes no representations or warranties that the steps recommended will eliminate security or virus threats to customers' systems. In no event shall Avaya be liable for any damages whatsoever arising out of or in connection with the information or recommended action provided herein, including direct, indirect, incidental, statutory , consequential damages, loss of business profits or special damages, even if Avaya has been advised of the possibility of such damages.
The information provided here does not affect the support agreements in place for Avaya products. Support for Avaya products continues to be executed as per existing agreements with Avaya.
© 2023 Avaya Inc. All Rights Reserved. All trademarks identifying Avaya products by the ® or ™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners.