Alert GCSA-23131 - Adobe Security Bulletin - Ottobre 2023

 




















******************************************************************

Alert ID: GCSA-23131
Data: 11 Ottobre 2023
Titolo: Adobe Security Bulletin - Ottobre 2023

******************************************************************

:: Descrizione del problema

Adobe ha rilasciato i seguenti aggiornamenti di sicurezza

APSB23-49 Security update available for Adobe Bridge
APSB23-50 Security update available for Adobe Commerce
APSB23-51 Security update available for Adobe Photoshop

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Adobe Bridge versione 12.0.4 e precedenti
Adobe Bridge versione 13.0.3 e precedenti
Adobe Commerce versione 2.4.7-beta1 e precedenti
Adobe Commerce versione 2.4.6-p2 e precedenti
Adobe Commerce versione 2.4.5-p4 e precedenti
Adobe Commerce versione 2.4.4-p5 e precedenti
Adobe Commerce versione 2.4.3-ext-4 e precedenti
Adobe Commerce versione 2.4.2-ext-4 e precedenti
Adobe Commerce versione 2.4.1-ext-4 e precedenti
Adobe Commerce versione 2.4.0-ext-4 e precedenti
Adobe Commerce versione 2.3.7-p4-ext-4 e precedenti
Magento Open Source versione 2.4.7-beta1 e precedenti
Magento Open Source versione 2.4.6-p2 e precedenti
Magento Open Source versione 2.4.5-p4 e precedenti
Magento Open Source versione 2.4.4-p5 e precedenti
Adobe Photoshop 2022 versione 23.5.5 e precedenti
Adobe Photoshop 2023 versione 24.7 e precedenti


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Acquisizione di privilegi piu' elevati (EoP)
Denial of Service (DoS)
Rivelazione di informazioni (ID)
Bypass delle restrizioni di sicurezza (SRB)
Cross-Site Scripting (XXS)


:: Soluzioni

Aggiornare i software alle ultime versioni:

Adobe Bridge 13.0.4 (Windows e Mac)
Adobe Bridge 14.0.0 (Windows e Mac)
Adobe Commerce 2.4.7-beta2
Adobe Commerce 2.4.6-p3
Adobe Commerce 2.4.5-p5
Adobe Commerce 2.4.4-p6
Adobe Commerce 2.4.3-ext-5
Adobe Commerce 2.4.2-ext-5
Adobe Commerce 2.4.1-ext-5
Adobe Commerce 2.4.0-ext-5
Adobe Commerce 2.3.7-p4-ext-5
Magento Open Source 2.4.7-beta2
Magento Open Source 2.4.6-p3
Magento Open Source 2.4.5-p5
Magento Open Source 2.4.4-p6
Photoshop 2023 24.7.1 (Windows e Mac)
Photoshop 2024 25.0 (Windows e Mac)


:: Riferimenti

Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security/security-bulletin.html
https://helpx.adobe.com/security/products/bridge/apsb23-49.html
https://helpx.adobe.com/security/products/magento/apsb23-50.html
https://helpx.adobe.com/security/products/photoshop/apsb23-51.html

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38216
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38217
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38220
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38221
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38249
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38250
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38251
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26367
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26366
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26370



GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert

-----BEGIN PGP SIGNATURE-----

iD8DBQFlJmwowZxMk2USYEIRCF11AJ4jbhduNI8M74/5XO1vnGjwBeonmACgpwwg
vhl1hZFU7iMLhZOKCtFyyD8=
=s8kf
-----END PGP SIGNATURE-----