Ubuntu Security Notice 6483-1 - Neeraj Pal discovered that HTML Tidy incorrectly handled parsing certain HTML data. If a user or automated system were tricked into parsing specially crafted HTML data, a remote attacker could cause HTML Tidy to consume resources, leading to a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6483-1  
November 15, 2023

tidy-html5 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10  
- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

tidy-html5 could be made to crash or run programs if it opened a specially  
crafted file.

Software Description:  
- tidy-html5: HTML/XML syntax checker and reformatter

Details:

Neeraj Pal discovered that HTML Tidy incorrectly handled parsing certain  
HTML data. If a user or automated system were tricked into parsing  
specially crafted HTML data, a remote attacker could cause HTML Tidy to  
consume resources, leading to a denial of service, or possibly execute  
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.10:  
   libtidy5deb1                    2:5.6.0-11ubuntu0.23.10.1  
   tidy                            2:5.6.0-11ubuntu0.23.10.1

Ubuntu 23.04:  
   libtidy5deb1                    2:5.6.0-11ubuntu0.23.04.1  
   tidy                            2:5.6.0-11ubuntu0.23.04.1

Ubuntu 22.04 LTS:  
   libtidy5deb1                    2:5.6.0-11ubuntu0.22.04.1  
   tidy                            2:5.6.0-11ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   libtidy5deb1                    2:5.6.0-11ubuntu0.20.04.1  
   tidy                            2:5.6.0-11ubuntu0.20.04.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6483-1  
   CVE-2021-33391

Package Information:  
   https://launchpad.net/ubuntu/+source/tidy-html5/2:5.6.0-11ubuntu0.23.10.1  
   https://launchpad.net/ubuntu/+source/tidy-html5/2:5.6.0-11ubuntu0.23.04.1  
   https://launchpad.net/ubuntu/+source/tidy-html5/2:5.6.0-11ubuntu0.22.04.1  
   https://launchpad.net/ubuntu/+source/tidy-html5/2:5.6.0-11ubuntu0.20.04.1

Ubuntu Security Notice USN-6483-1

Ubuntu Security Notice 6482-1 - It was discovered that Quagga incorrectly handled certain BGP messages. A remote attacker could possibly use this issue to cause Quagga to crash, resulting in a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6482-1November 15, 2023quagga vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Quagga could be made to crash if it received specially crafted networktraffic.Software Description:- quagga: BGP/OSPF/RIP routing daemonDetails:It was discovered that Quagga incorrectly handled certain BGP messages. Aremote attacker could possibly use this issue to cause Quagga to crash,resulting in a denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   quagga                          1.2.4-4ubuntu0.4   quagga-bgpd                     1.2.4-4ubuntu0.4In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6482-1   CVE-2022-37032, CVE-2023-46753Package Information:   https://launchpad.net/ubuntu/+source/quagga/1.2.4-4ubuntu0.4

Ubuntu Security Notice USN-6482-1

Ubuntu Security Notice 6481-1 - It was discovered that FRR incorrectly handled certain malformed NLRI data. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. It was discovered that FRR incorrectly handled certain BGP UPDATE messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6481-1November 15, 2023frr vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 23.04- Ubuntu 22.04 LTSSummary:FRR could be made to crash if it received specially crafted networktraffic.Software Description:- frr: FRRouting suite of internet protocolsDetails:It was discovered that FRR incorrectly handled certain malformed NLRI data.A remote attacker could possibly use this issue to cause FRR to crash,resulting in a denial of service. (CVE-2023-46752)It was discovered that FRR incorrectly handled certain BGP UPDATE messages.A remote attacker could possibly use this issue to cause FRR to crash,resulting in a denial of service. (CVE-2023-46753)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10:   frr                             8.4.4-1.1ubuntu1.1Ubuntu 23.04:   frr                             8.4.2-1ubuntu1.5Ubuntu 22.04 LTS:   frr                             8.1-1ubuntu1.7In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6481-1   CVE-2023-46752, CVE-2023-46753Package Information:   https://launchpad.net/ubuntu/+source/frr/8.4.4-1.1ubuntu1.1   https://launchpad.net/ubuntu/+source/frr/8.4.2-1ubuntu1.5   https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu1.7

Ubuntu Security Notice USN-6481-1

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Wireshark Analyzer 4.2.0

Red Hat Security Advisory 2023-7294-01 - An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7294.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel security updateAdvisory ID:        RHSA-2023:7294-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7294Issue date:         2023-11-15Revision:           01CVE Names:          CVE-2023-3609====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.6 Advanced Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails (CVE-2023-3609)* kernel: net/sched: cls_fw component can be exploited as result of failure in tcf_change_indev function (CVE-2023-3776)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-3609References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2225097https://bugzilla.redhat.com/show_bug.cgi?id=2225201

Red Hat Security Advisory 2023-7294-01

Red Hat Security Advisory 2023-7288-01 - An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. Issues addressed include bypass, code execution, cross site scripting, and denial of service vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7288.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Red Hat Product OCP Tools 4.14 Openshift Jenkins security update  
Advisory ID:        RHSA-2023:7288-01  
Product:            OpenShift Developer Tools and Services  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7288  
Issue date:         2023-11-16  
Revision:           01  
CVE Names:          CVE-2022-25857  
====================================================================

Summary: 

An update for Openshift Jenkins is now available for Red Hat Product OCP Tools 4.14. 

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (Rapid Reset Attack) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

* snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)

* maven-shared-utils: Command injection via Commandline class (CVE-2022-29599)

* apache-commons-text: variable interpolation RCE (CVE-2022-42889)

* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin (CVE-2023-24422)

* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin (CVE-2023-25761)

* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin (CVE-2023-25762)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2022-25857

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003  
https://bugzilla.redhat.com/show_bug.cgi?id=2066479  
https://bugzilla.redhat.com/show_bug.cgi?id=2126789  
https://bugzilla.redhat.com/show_bug.cgi?id=2135435  
https://bugzilla.redhat.com/show_bug.cgi?id=2164278  
https://bugzilla.redhat.com/show_bug.cgi?id=2170039  
https://bugzilla.redhat.com/show_bug.cgi?id=2170041  
https://bugzilla.redhat.com/show_bug.cgi?id=2242803  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296

Red Hat Security Advisory 2023-7288-01

Red Hat Security Advisory 2023-7279-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Issues addressed include a bypass vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7279.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: open-vm-tools security updateAdvisory ID:        RHSA-2023:7279-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7279Issue date:         2023-11-15Revision:           01CVE Names:          CVE-2023-34058====================================================================Summary: An update for open-vm-tools is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.Security Fix(es):* open-vm-tools: SAML token signature bypass (CVE-2023-34058)* open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper (CVE-2023-34059)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-34058References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2246080https://bugzilla.redhat.com/show_bug.cgi?id=2246096

Red Hat Security Advisory 2023-7279-01

Red Hat Security Advisory 2023-7277-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7277.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: open-vm-tools security updateAdvisory ID:        RHSA-2023:7277-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7277Issue date:         2023-11-15Revision:           01CVE Names:          CVE-2023-34058====================================================================Summary: An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.Security Fix(es):* open-vm-tools: SAML token signature bypass (CVE-2023-34058)* open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper (CVE-2023-34059)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-34058References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2246080https://bugzilla.redhat.com/show_bug.cgi?id=2246096

Red Hat Security Advisory 2023-7277-01

Red Hat Security Advisory 2023-7276-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a bypass vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7276.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: open-vm-tools security updateAdvisory ID:        RHSA-2023:7276-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7276Issue date:         2023-11-15Revision:           01CVE Names:          CVE-2023-34058====================================================================Summary: An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.Security Fix(es):* open-vm-tools: SAML token signature bypass (CVE-2023-34058)* open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper (CVE-2023-34059)For more details about the security issue(s), including the impact, a CVSSscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-34058References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2246080https://bugzilla.redhat.com/show_bug.cgi?id=2246096

Red Hat Security Advisory 2023-7276-01

Red Hat Security Advisory 2023-7267-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a bypass vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7267.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: open-vm-tools security updateAdvisory ID:        RHSA-2023:7267-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7267Issue date:         2023-11-15Revision:           01CVE Names:          CVE-2023-34058====================================================================Summary: An update for open-vm-tools is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.Security Fix(es):* open-vm-tools: SAML token signature bypass (CVE-2023-34058)* open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper (CVE-2023-34059)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-34058References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2246080https://bugzilla.redhat.com/show_bug.cgi?id=2246096

Source

Packet Storm