Merge pull request #6950 from wazuh/change/6944-cve-4.7

Add the security updates to 4.5.3 release notes
wazuh · Jan 15, 2024 · fd03f11 · fd03f11
2 parents 27de886 + 07ac864
commit fd03f11
Showing 1 changed file with 16 additions and 3 deletions.
diff --git a/source/release-notes/release-4-5-3.rst b/source/release-notes/release-4-5-3.rst
@@ -31,10 +31,24 @@ RESTful API
 -  `#18493 <https://github.com/wazuh/wazuh/pull/18493>`__ Added support for nested queries in the ``q`` API parameter.
 -  `#18432 <https://github.com/wazuh/wazuh/pull/18432>`__ Updated ``force`` flag message in the ``agent_upgrade`` CLI.
 
+Security updates
+----------------
+
+This release fixes the following vulnerabilities:
+
+Agent
+^^^^^
+
+==============    ========================================================    =============
+CVE               Reference                                                   Description
+==============    ========================================================    =============
+CVE-2023-42463    `#19069 <https://github.com/wazuh/wazuh/pull/19069>`__      Fixed a stack overflow hazard in ``wazuh-logcollector`` that could allow a local privilege escalation. Found by Keith Yeo (`@kyeojy <https://twitter.com/kyeojy>`__).
+==============    ========================================================    =============
+
 Resolved issues
 ---------------
 
-This release resolves known issues as the following: 
+This release resolves known issues as the following:
 
 Manager
 ^^^^^^^
@@ -55,7 +69,6 @@ Reference                                                   Description
 ========================================================    =============
 `#18773 <https://github.com/wazuh/wazuh/pull/18773>`__      Fixed a bug in the memory handle at the agent's data provider helper.
 `#18903 <https://github.com/wazuh/wazuh/pull/18903>`__      Fixed a data mismatch in the OS name between the global and agents' databases.
-`#19069 <https://github.com/wazuh/wazuh/pull/19069>`__      Fixed an array limit check in ``wazuh-logcollector``.
 `#19286 <https://github.com/wazuh/wazuh/pull/19286>`__      Fixed wrong Windows agent binaries metadata.
 `#19397 <https://github.com/wazuh/wazuh/pull/19397>`__      Fixed error during the Windows agent upgrade.
 ========================================================    =============
@@ -121,4 +134,4 @@ More details about these changes are provided in the changelog of each component
 -  `wazuh/wazuh-dashboard-plugins 7.16.x <https://github.com/wazuh/wazuh-dashboard-plugins/blob/v4.5.3-7.16.3/CHANGELOG.md>`_
 -  `wazuh/wazuh-dashboard-plugins 7.17.x <https://github.com/wazuh/wazuh-dashboard-plugins/blob/v4.5.3-7.17.13/CHANGELOG.md>`_
 -  `wazuh/wazuh-splunk <https://github.com/wazuh/wazuh-splunk/blob/v4.5.3-8.2/CHANGELOG.md>`_
--  `wazuh/wazuh-packages <https://github.com/wazuh/wazuh-packages/releases/tag/v4.5.3>`_
+-  `wazuh/wazuh-packages <https://github.com/wazuh/wazuh-packages/releases/tag/v4.5.3>`_