Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-5931-01

Red Hat Security Advisory 2023-5931-01 - Updated Satellite 6.13 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include code execution and denial of service vulnerabilities.

Packet Storm
#vulnerability#web#mac#linux#red_hat#ddos#dos#js#git#rce#ruby#ssl

The following data is constructed from data provided by Red Hat’s json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5931.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat’s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

  • Packet Storm Staff

====================================================================
Red Hat Security Advisory

Synopsis: Important: Satellite 6.13.5 Async Security Update
Advisory ID: RHSA-2023:5931-01
Product: Red Hat Satellite 6
Advisory URL: https://access.redhat.com/errata/RHSA-2023:5931
Issue date: 2023-10-19
Revision: 01
CVE Names: CVE-2022-1292
====================================================================

Summary:

Updated Satellite 6.13 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.

Security fix(es):

  • Yggdrasil-worker-forwarder (gRPC): Rapid Reset Attack through HTTP/2 enabled web service which leads to DDoS attack (CVE-2023-44487 & CVE-2023-39325)

A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

  • Foreman: OS command injection via ct_command and fcct_command (CVE-2022-3874)

  • Foreman: Arbitrary code execution through yaml global parameters (CVE-2023-0462)

  • GitPython: Remote code execution and improper input validation vulnerability (CVE-2022-24439 & CVE-2023-40267)

  • Ruby-git & tfm-rubygem-git: Code injection vulnerability (CVE-2022-47318 & CVE-2022-46648)

  • Python-django: Multiple flaws (CVE-2023-31047 & CVE-2023-36053)

  • Puppet-agent (openssl): Multiple flaws (CVE-2022-1292 CVE-2022-2068)

This update fixes the following bugs:

2238346 - Red Hat supported provisioning templates are not recognized by RH icon on the row for a given template
2238348 - when creating a backup on rhel7 and restoring on rhel8, the restore process will fail with permission issues
2238350 - Virtual machine goes in re-provisioning mode while registration host using Global registration template.
2238359 - Capsule redundantly synces *-Export-Library repos
2238361 - Can’t update the redhat_repository_url without changing the cdn_configuration to custom_cdn
2238363 - katello-certs-check does not cause the installer to halt execution on failure
2238367 - Satellite Web UI >> Hosts >> All Hosts page loading slow even after power isn’t selected from the new option “Manage columns".
2238369 - Content-export incremental with syncable format based does not include productid file into repodata directory
2238371 - SELinux is preventing pulpcore-worker from read access on the key labeled pulpcore_server_t
2239041 - Reclaim space for repository fails with Cannot delete some instances of model ‘Artifact’ because they are referenced through protected foreign keys: 'ContentArtifact.artifact’.”
2238353 - The “hammer export” command using single thread encryption causes a performance bottleneck.
2240781 - Remediation from CRC via Satellite shows “Failed” status even after successful remediation of Insights recommendations.
2241914 - “NoMethodError: undefined method `fact_values’” while trying to perform inventory upload

Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-1292

References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html/upgrading_and_updating_red_hat_satellite/index
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Related news

Red Hat Security Advisory 2024-4118-03

Red Hat Security Advisory 2024-4118-03 - An update is now available for Red Hat Ceph Storage 5.3. Issues addressed include denial of service and traversal vulnerabilities.

Red Hat Security Advisory 2024-1037-03

Red Hat Security Advisory 2024-1037-03 - Red Hat OpenShift Container Platform release 4.13.36 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-0484-03

Red Hat Security Advisory 2024-0484-03 - Red Hat OpenShift Container Platform release 4.13.31 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-0050-03

Red Hat Security Advisory 2024-0050-03 - Red Hat OpenShift Container Platform release 4.14.8 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7699-03

Red Hat Security Advisory 2023-7699-03 - Red Hat OpenShift Pipelines Client tkn for 1.10.6 has been released. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7662-03

Red Hat Security Advisory 2023-7662-03 - An update for windows-machine-config-operator-bundle-container and windows-machine-config-operator-container is now available for Red Hat OpenShift Container Platform 4.11. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2023-7522-01

Red Hat Security Advisory 2023-7522-01 - Red Hat OpenShift Virtualization release 4.13.6 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7288-01

Red Hat Security Advisory 2023-7288-01 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.

Gentoo Linux Security Advisory 202311-01

Gentoo Linux Security Advisory 202311-1 - A vulnerability has been discovered in GitPython where crafted input to Repo.clone_from can lead to code execution. Versions greater than or equal to 3.1.30 are affected.

Red Hat Security Advisory 2023-6240-01

Red Hat Security Advisory 2023-6240-01 - An update for cnf-tests-container, dpdk-base-container, performance-addon-operator-must-gather NUMA-aware secondary scheduler and numaresources-operator is now available for Red Hat OpenShift Container Platform 4.13.

Red Hat Security Advisory 2023-6217-01

Red Hat Security Advisory 2023-6217-01 - Red Hat OpenShift Container Platform low-latency extras release 4.14, which provides an update for cnf-tests-container, dpdk-base-container, NUMA-aware secondary scheduler and numaresources-operator is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6200-01

Red Hat Security Advisory 2023-6200-01 - The multicluster engine for Kubernetes 2.1.9 General Availability release images, which contains security fixes and update container images. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6161-01

Red Hat Security Advisory 2023-6161-01 - The Migration Toolkit for Containers 1.7.14 is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5896-01

Red Hat Security Advisory 2023-5896-01 - Red Hat OpenShift Container Platform release 4.12.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6080-01

Red Hat Security Advisory 2023-6080-01 - Red Hat Integration Camel for Spring Boot 4.0.1 release and security update is now available. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6061-01

Red Hat Security Advisory 2023-6061-01 - Red Hat OpenShift Pipelines 1.12.1 has been released. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5982-01

Red Hat Security Advisory 2023-5982-01 - An update for foreman_ygg_worker, puppet-agent, qpid-proton, and yggdrasil is now available for Satellite Client 6 for RHEL 6, Satellite Client 6 for RHEL 7, Satellite Client 6 for RHEL 8, and Satellite Client 6 for RHEL 9. Issues addressed include code execution and denial of service vulnerabilities.

Red Hat Security Advisory 2023-5980-01

Red Hat Security Advisory 2023-5980-01 - Updated Satellite 6.11 packages that fix several bugs are now available for Red Hat Satellite. Issues addressed include code execution and denial of service vulnerabilities.

Red Hat Security Advisory 2023-5979-01

Red Hat Security Advisory 2023-5979-01 - Updated Satellite 6.12 packages that fixes important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2023-5974-01

Red Hat Security Advisory 2023-5974-01 - An update for network-observability-console-plugin-container, network-observability-ebpf-agent-container, network-observability-flowlogs-pipeline-container, network-observability-operator-bundle-container, and network-observability-operator-container is now available for NETWORK-OBSERVABILITY-1.4.0-RHEL-9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5971-01

Red Hat Security Advisory 2023-5971-01 - An update for osp-director-agent-container, osp-director-downloader-container, osp-director-operator-bundle-container, and osp-director-operator-container is now available for Red Hat OpenStack Platform 17.1.1. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5970-01

Red Hat Security Advisory 2023-5970-01 - An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 17.1.1. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5965-01

Red Hat Security Advisory 2023-5965-01 - An update for collectd-libpod-stats and etcd is now available for Red Hat OpenStack Platform 16.2.5. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5964-01

Red Hat Security Advisory 2023-5964-01 - An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2.5. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5952-01

Red Hat Security Advisory 2023-5952-01 - An update is now available for Red Hat OpenShift Service Mesh 2.4 for RHEL 8.

Red Hat Security Advisory 2023-5951-01

Red Hat Security Advisory 2023-5951-01 - An update is now available for Red Hat OpenShift Service Mesh 2.3 for RHEL 8.

Red Hat Security Advisory 2023-5951-01

Red Hat Security Advisory 2023-5951-01 - An update is now available for Red Hat OpenShift Service Mesh 2.3 for RHEL 8.

Red Hat Security Advisory 2023-5867-01

Red Hat Security Advisory 2023-5867-01 - An update for grafana is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5865-01

Red Hat Security Advisory 2023-5865-01 - An update for grafana is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5863-01

Red Hat Security Advisory 2023-5863-01 - An update for grafana is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5863-01

Red Hat Security Advisory 2023-5863-01 - An update for grafana is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5851-01

Red Hat Security Advisory 2023-5851-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5851-01

Red Hat Security Advisory 2023-5851-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5835-01

Red Hat Security Advisory 2023-5835-01 - The rhc-worker-script packages provide Remote Host Configuration worker for executing an interpreted programming language script on hosts managed by Red Hat Insights. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5835-01

Red Hat Security Advisory 2023-5835-01 - The rhc-worker-script packages provide Remote Host Configuration worker for executing an interpreted programming language script on hosts managed by Red Hat Insights. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5810-01

Red Hat Security Advisory 2023-5810-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Red Hat Security Advisory 2023-5810-01

Red Hat Security Advisory 2023-5810-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Red Hat Security Advisory 2023-5809-01

Red Hat Security Advisory 2023-5809-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Red Hat Security Advisory 2023-5769-01

Red Hat Security Advisory 2023-5769-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5765-01

Red Hat Security Advisory 2023-5765-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

What to know about the HTTP/2 Rapid Reset DDoS attacks

Cisco Talos is actively tracking the novel distributed denial-of-service (DDoS) attacks cloud services provider Cloudflare disclosed earlier this week. The techniques described in Cloudflare’s blog post resulted in a record-breaking DDoS attack and could facilitate much larger attacks in the future.  CVE-2023-44487 CVE-2023-44487, a vulnerability in the

GHSA-4374-p667-p6c8: HTTP/2 rapid reset can cause excessive work in net/http

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; s...

Patch Tuesday, October 2023 Edition

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS.

HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks

Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a coordinated disclosure. The cumulative susceptibility to this attack is being tracked as CVE-2023-44487,

CVE-2023-4380

A logic flaw exists in Ansible. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.

GHSA-9jfq-54vc-9rr2: Foreman Transpilation Enables OS Command Injection

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.

CVE-2022-3874: Invalid Bug ID

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system.

CVE-2023-0462: cve-details

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

Red Hat Security Advisory 2023-4991-01

Red Hat Security Advisory 2023-4991-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

RHSA-2023:4991: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.3 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.3 Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-40267: An improper input validation vulnerability was found in GitPython. This flaw allows an attacker to inject a maliciously crafted remote URL into the clone command, possibly leading to remote code execution.

Red Hat Security Advisory 2023-4971-01

Red Hat Security Advisory 2023-4971-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

RHSA-2023:4971: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-23931: A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output. * CVE-2...

Ubuntu Security Notice USN-6326-1

Ubuntu Security Notice 6326-1 - It was discovered that GitPython did not block insecure options from user inputs in the clone command. An attacker could possibly use this issue to execute arbitrary commands on the host.

Red Hat Security Advisory 2023-4693-01

Red Hat Security Advisory 2023-4693-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4692-01

Red Hat Security Advisory 2023-4692-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include cross site request forgery, denial of service, and remote shell upload vulnerabilities.

RHSA-2023:4693: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4380: No description is available for this CVE. * CVE-2023-23931: A vulnerability was found in python-cryptography. In affected versions, `Cipher.update_into` would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as `bytes`) to be mutated, thus violating the fundamen...

RHSA-2023:4692: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24580: A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service. * CVE-2023-36053: A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number o...

GHSA-pr76-5cm5-w9cj: GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments

GitPython before 3.1.32 does not block insecure non-multi options in `clone` and `clone_from`, making it vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

CVE-2023-40267: Merge pull request #1609 from Beuc/block-insecure-options-clone-non-m… · gitpython-developers/GitPython@ca965ec

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.

Red Hat Security Advisory 2023-4591-01

Red Hat Security Advisory 2023-4591-01 - Red Hat Update Infrastructure offers a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux instances. Issues addressed include bypass and denial of service vulnerabilities.

RHSA-2023:4591: Red Hat Security Advisory: RHUI 4.5.0 release - Security, Bug Fixes, and Enhancements

An updated version of Red Hat Update Infrastructure (RHUI) is now available. RHUI 4.5 fixes several security and operational bugs and also adds several new features.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30608: A flaw was found in sqlparse. The SQL parser contains a regular expression vulnerable to a Regular Expression Denial of Service (ReDoS). The vulnerability may lead to a denial of service (DoS). * CVE-2023-31047: A bypass of validation flaw was found in python-django. When uploading multiple files using one form field, an attacker could upload multiple files without validation due to the server only validating the last file uploaded.

Debian Security Advisory 5465-1

Debian Linux Security Advisory 5465-1 - Seokchan Yoon discovered that missing sanitising in the email and URL validators of Django, a Python web development framework, could result in denial of service.

Debian Security Advisory 5465-1

Debian Linux Security Advisory 5465-1 - Seokchan Yoon discovered that missing sanitising in the email and URL validators of Django, a Python web development framework, could result in denial of service.

Ubuntu Security Notice USN-6203-2

Ubuntu Security Notice 6203-2 - USN-6203-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 ESM. Seokchan Yoon discovered that Django incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.

Ubuntu Security Notice USN-6203-1

Ubuntu Security Notice 6203-1 - Seokchan Yoon discovered that Django incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.

GHSA-jh3w-4vvf-mjgr: Django has regular expression denial of service vulnerability in EmailValidator/URLValidator

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, `EmailValidator` and `URLValidator` are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

CVE-2023-36053: Django security releases issued: 4.2.3, 4.1.10, and 3.2.20

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

CVE-2023-32686: Kiwi TCMS 12.3

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. This issue has been patched in version 12.3.

Ubuntu Security Notice USN-6054-2

Ubuntu Security Notice 6054-2 - USN-6054-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Moataz Al-Sharida and nawaik discovered that Django incorrectly handled uploading multiple files using one form field. A remote attacker could possibly use this issue to bypass certain validations.

GHSA-r3xc-prgr-mg9p: Django bypasses validation when using one form field to upload multiple files

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

CVE-2023-31047: Django security releases issued: 4.2.1, 4.1.9, and 3.2.19

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

Ubuntu Security Notice USN-6054-1

Ubuntu Security Notice 6054-1 - Moataz Al-Sharida and nawaik discovered that Django incorrectly handled uploading multiple files using one form field. A remote attacker could possibly use this issue to bypass certain validations.

Ubuntu Security Notice USN-5968-1

Ubuntu Security Notice 5968-1 - It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a maliciously crafted remote URL, an attacker could possibly use this issue to execute arbitrary commands on the host.

CVE-2022-47986: IBM Aspera Faspex 4.4.2 PL2 has addressed multiple vulnerabilities (CVE-2022-28330, CVE-2023-22868, CVE-2022-30556, CVE-2022-31813, CVE-2022-30522, CVE-2022-47986, CVE-2022-28615, CVE-2022-26377, CVE-

IBM Aspera Faspex 4.4.1 could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.

CVE-2022-47318: In ls-files do not unescape file paths with eval by jcouball · Pull Request #602 · ruby-git/ruby-git

ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.

GHSA-pfpr-3463-c6jh: ruby-git has potential remote code execution vulnerability

The git gem, between versions 1.2.0 and 1.12.0, incorrectly parsed the output of the `git ls-files` command using `eval()` to unescape quoted file names. If a file name was added to the git repository contained special characters, such as `\n`, then the `git ls-files` command would print the file name in quotes and escape any special characters. If the `Git#ls_files` method encountered a quoted file name it would use `eval()` to unquote and unescape any special characters, leading to potential remote code execution. Version 1.13.0 of the git gem was released which correctly parses any quoted file names.

Red Hat Security Advisory 2022-8917-01

Red Hat Security Advisory 2022-8917-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-8917-01

Red Hat Security Advisory 2022-8917-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-8913-01

Red Hat Security Advisory 2022-8913-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-8913-01

Red Hat Security Advisory 2022-8913-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.1 serves as a replacement for Red Hat JBoss Web Server 5.7.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include a code execution vulnerability.

RHSA-2022:8917: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.1 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.1 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection

RHSA-2022:8917: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.1 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.1 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection

RHSA-2022:8913: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.1 release and security update

Red Hat JBoss Web Server 5.7.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection

RHSA-2022:8913: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.1 release and security update

Red Hat JBoss Web Server 5.7.1 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-2068: openssl: the c_rehash script allows command injection

GHSA-hcpj-qp55-gfph: GitPython vulnerable to Remote Code Execution due to improper user input validation

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

CVE-2022-24439: Snyk Vulnerability Database | Snyk

All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.

RHSA-2022:7058: Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob

RHSA-2022:7058: Red Hat Security Advisory: OpenShift sandboxed containers 1.3.1 security fix and bug fix update

OpenShift sandboxed containers 1.3.1 is now available.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2832: blender: Null pointer reference in blender thumbnail extractor * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-30632: golang: path/filepath: stack exhaustion in Glob

RHSA-2022:6714: Red Hat Security Advisory: RHACS 3.72 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24675: golang: encoding/pem: fix stack overflow in Decode * CVE-2022-24921: golang: regexp: stack exhaustion via a deeply nested expression * CVE-2022-28327: golang: crypto/elliptic: panic caused by oversized scalar * CVE-2022-29526: golang: syscall: faccessat checks wrong gr...

RHSA-2022:6183: Red Hat Security Advisory: Logging Subsystem 5.4.5 Security and Bug Fix Update

Logging Subsystem 5.4.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

RHSA-2022:6183: Red Hat Security Advisory: Logging Subsystem 5.4.5 Security and Bug Fix Update

Logging Subsystem 5.4.5 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-30631: golang: compress/gzip: stack exhaustion in Reader.Read * CVE-2022-32148: golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working

Red Hat Security Advisory 2022-6224-01

Red Hat Security Advisory 2022-6224-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2022-6224-01

Red Hat Security Advisory 2022-6224-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a code execution vulnerability.

Ubuntu Security Notice USN-5488-1

Ubuntu Security Notice 5488-1 - Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run.

CVE-2022-2068

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Ubuntu Security Notice USN-5402-2

Ubuntu Security Notice 5402-2 - USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 16.04 ESM. Elison Niven discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run. Aliaksei Levin discovered that OpenSSL incorrectly handled resources when decoding certificates and keys. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS.

CVE-2022-1292

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution