Red Hat Security Advisory 2023-4699-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:4699-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4699  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-20593 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4  
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

* hw: amd: Cross-Process Information Leak (CVE-2023-20593)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation  
2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.4):

Source:  
kernel-3.10.0-693.112.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-693.112.1.el7.noarch.rpm  
kernel-doc-3.10.0-693.112.1.el7.noarch.rpm

x86_64:  
kernel-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debug-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-devel-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-headers-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-tools-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-693.112.1.el7.x86_64.rpm  
perf-3.10.0-693.112.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
python-perf-3.10.0-693.112.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.4):

x86_64:  
kernel-debug-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-693.112.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-693.112.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-20593  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5MQlAAoJENzjgjWX9erE2/EP/Rd0miatRmM9eRRTnyTpl7yi  
h18yUtT7QaoyvN2dRPeNJb/dNSczJUCAytEC4wNnoP+gMkYFGRgok5CKIaUKBE3b  
1EDkl/n1AR3YPMwKswwdSUQBuTiLlNWtRI/kwtCvoiapdGsJt9N4EY22FQuPMur8  
+4tsOrC+lLQ7tg1eoVXXJMufFvNHDFrAZDYV37HXQ94KevKe5/9+V9/zer2htcZ/  
7JOU6xhLSF4M7hSq/bMyU2MradXEwc/2muntL1gcVk1QB/eTE0N/v/yOo0WXXgB7  
44nH/zx/0vx+KjVhBHlzvlCprLl5PRKT0PfzNCw20wN7ruvixsvYNoaIqbyL4mZh  
lghnhfBNy3UkGmsV+84fxf3nHlC29S35hco0UpTOINLWWdza4Oe4OfzbvAQUa9A7  
0AegDnx6xBXsuDJ7nOm8p9QlJ7GxHdCUZ8srwhzWrrfLGq5uxG61tXA4PoGdZhVF  
2nf5wnK15PhKaLf6+zVS6uFBVgXlPE9QvEWOzjDNx0S+2m7bQxZjqLjCeOmvT4Th  
qXDOWxcCo5HYYNyPHqyBrkmfRq0h9WbzYjM75i517g5XhiRdAO0j+uPX55DqshJ9  
+z+pZrf/c6sMaBxX2pR3bZpRMnqZQZZcQn8GoI8fJheGBG1hmUJOBbi7FonpG2EG  
cty1g4CFIFBDxk87a7qQ  
=j/00  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4699-01

TSPlus version 16.0.2.14 suffers from an insecure permissions vulnerability.

    # Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions# Date: 2023-08-09# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia# Vendor Homepage: https://tsplus.net/# Version: Up to 16.0.2.14# Tested on: Windows# CVE : CVE-2023-31067TSplus Remote Access (v. 16.0.2.14) is an alternative to Citrix and Microsoft RDS for remote desktop access and Windows application delivery. Web-enable your legacy apps, create SaaS solutions or remotely access your centralized corporate tools and files.The TSplus Remote Access solution comes with an embedded web server to allow remote users to easely connect remotely.However, insecure file and folder permissions are set and this could allow a malicious user to manipulate file content (e.g.: changing the code of html pages or js scripts) or change legitimate files (e.g. Setup-VirtualPrinter-Client.exe) in order to compromise a system or to gain elevated privileges.This is the list of insecure files and folders with their respective permissions:Everyone:(OI)(CF)(F) and Everyone(F)Permission: Everyone:(OI)(CI)(F)C:\Program Files (x86)\TSplus\Clients\wwwC:\Program Files (x86)\TSplus\Clients\www\addonsC:\Program Files (x86)\TSplus\Clients\www\ConnectionClientC:\Program Files (x86)\TSplus\Clients\www\downloadsC:\Program Files (x86)\TSplus\Clients\www\printsC:\Program Files (x86)\TSplus\Clients\www\RemoteAppClientC:\Program Files (x86)\TSplus\Clients\www\softwareC:\Program Files (x86)\TSplus\Clients\www\varC:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteappC:\Program Files (x86)\TSplus\Clients\www\downloads\sharedC:\Program Files (x86)\TSplus\Clients\www\software\javaC:\Program Files (x86)\TSplus\Clients\www\software\jsC:\Program Files (x86)\TSplus\Clients\www\software\html5\jwresC:\Program Files (x86)\TSplus\Clients\www\software\html5\localesC:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\topmenuC:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\key\partsC:\Program Files (x86)\TSplus\Clients\www\software\java\imgC:\Program Files (x86)\TSplus\Clients\www\software\java\thirdC:\Program Files (x86)\TSplus\Clients\www\software\java\img\cpC:\Program Files (x86)\TSplus\Clients\www\software\java\img\srvC:\Program Files (x86)\TSplus\Clients\www\software\java\third\imagesC:\Program Files (x86)\TSplus\Clients\www\software\java\third\jsC:\Program Files (x86)\TSplus\Clients\www\software\java\third\images\bramusC:\Program Files (x86)\TSplus\Clients\www\software\java\third\js\prototypeC:\Program Files (x86)\TSplus\Clients\www\var\logC:\Program Files (x86)\TSplus\UserDesktop\themesC:\Program Files (x86)\TSplus\UserDesktop\themes\BlueBarC:\Program Files (x86)\TSplus\UserDesktop\themes\DefaultC:\Program Files (x86)\TSplus\UserDesktop\themes\GreyBarC:\Program Files (x86)\TSplus\UserDesktop\themes\LogonC:\Program Files (x86)\TSplus\UserDesktop\themes\MenuOnTopC:\Program Files (x86)\TSplus\UserDesktop\themes\SeamlessC:\Program Files (x86)\TSplus\UserDesktop\themes\ThinClientC:\Program Files (x86)\TSplus\UserDesktop\themes\Vista------------------------------------------------------------------------------Permission: Everyone:(F)C:\Program Files (x86)\TSplus\Clients\www\all.min.cssC:\Program Files (x86)\TSplus\Clients\www\custom.cssC:\Program Files (x86)\TSplus\Clients\www\popins.cssC:\Program Files (x86)\TSplus\Clients\www\robots.txtC:\Program Files (x86)\TSplus\Clients\www\addons\Setup-VirtualPrinter-Client.exeC:\Program Files (x86)\TSplus\Clients\www\cgi-bin\hb.exe.configC:\Program Files (x86)\TSplus\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.configC:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteapp\index.htmlC:\Program Files (x86)\TSplus\Clients\www\RemoteAppClient\index.htmlC:\Program Files (x86)\TSplus\Clients\www\software\common.cssC:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres\jwwebsockify.jarC:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres\web.jarC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\exitlist.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\exitupload.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\getlist.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\getupload.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\postupload.htmlC:\Program Files (x86)\TSplus\Clients\www\software\html5\own\uploaderr.htmlC:\Program Files (x86)\TSplus\Clients\www\software\java\index.htmlC:\Program Files (x86)\TSplus\Clients\www\software\java\img\index.htmlC:\Program Files (x86)\TSplus\Clients\www\software\java\img\port.binC:\Program Files (x86)\TSplus\Clients\www\software\java\third\jws.jsC:\Program Files (x86)\TSplus\Clients\www\software\java\third\sha256.jsC:\Program Files (x86)\TSplus\Clients\www\software\java\third\js\prototype\prototype.jsC:\Program Files (x86)\TSplus\Clients\www\software\js\jquery.min.js

TSPlus 16.0.2.14 Insecure Permissions

Red Hat Security Advisory 2023-4698-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:4698-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4698  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-35788   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
7.7 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server E4S (v. 7.7) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()  
(CVE-2023-35788)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()

6. Package List:

Red Hat Enterprise Linux Server E4S (v. 7.7):

Source:  
kpatch-patch-3_10_0-1062_71_1-1-3.el7.src.rpm  
kpatch-patch-3_10_0-1062_72_1-1-2.el7.src.rpm  
kpatch-patch-3_10_0-1062_76_1-1-1.el7.src.rpm

ppc64le:  
kpatch-patch-3_10_0-1062_71_1-1-3.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_71_1-debuginfo-1-3.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_72_1-1-2.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_72_1-debuginfo-1-2.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_76_1-1-1.el7.ppc64le.rpm  
kpatch-patch-3_10_0-1062_76_1-debuginfo-1-1.el7.ppc64le.rpm

x86_64:  
kpatch-patch-3_10_0-1062_71_1-1-3.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_71_1-debuginfo-1-3.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_72_1-1-2.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_72_1-debuginfo-1-2.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_76_1-1-1.el7.x86_64.rpm  
kpatch-patch-3_10_0-1062_76_1-debuginfo-1-1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-35788  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5MPuAAoJENzjgjWX9erEdJcP/0fPZxQc82JROsbSp+T8cauP  
14927/sHy9zak5TIGqVBMwXDj1QH732Y5EvAhSJhxQjoooRG9ukG4dix3vEvPccL  
EOWB13kKBmUh7+BCguxeeP7vEIL4gJ2LH5QzpiHGt+lodwZoF+V0MTU61A8u9pcq  
cb+Z1oRr8MK6/PCTYqjxGjM7qU8dcyY7fVinQ5YY1TxrbUvnVGaNSI7AOeZwu2jy  
CBFs6oCikm8RRhbXGL7nIEfUIM+2n7pxxCjqotzIc1zknDYl67QVko5VWfzsdTcF  
SaUbQovkSGtIa5sxwh2qCG/V8uBYj1cMRcjUmWQ72IJymkLWMgh3sXjPesktHQJj  
qC54f0tnSHB/Ws995smD1UdXLeBJ2ZwQIVCYR3ISMP0xc5b6oX7G3lJuMvLX67sa  
mr158DC7dEbzC4SHmSwpO97ISr7ZQqqMHJjrXDzaqiTYKwrrBrYjIO55G1OVQPM7  
k82aW29ncj5qf0MIpmAO/kQVmzit/rRcNcGtDnUEsnpkTaPwcIK2o97L4Meidolx  
Eazn3lV8q0nDhq1ZYa6iTokMQlm8jt2UmcLdWypBfhPKc1IQal4acDR0A5l432TC  
FUVC8QVWWlwjGpvIh4A0n/fnQh0adBexwQS0sUFB7kNemFm6gfcOi5YWN9OWNnVm  
9cOVgjRwe9TNjnTPohiK  
=qAjS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4698-01

Red Hat Security Advisory 2023-4696-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include information leakage, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:4696-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4696  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-20593 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.6  
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

* hw: amd: Cross-Process Information Leak (CVE-2023-20593)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation  
2217845 - CVE-2023-20593 hw: amd: Cross-Process Information Leak

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.6):

Source:  
kernel-3.10.0-957.105.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-957.105.1.el7.noarch.rpm  
kernel-doc-3.10.0-957.105.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debug-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-devel-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-headers-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-tools-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-957.105.1.el7.x86_64.rpm  
perf-3.10.0-957.105.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
python-perf-3.10.0-957.105.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.6):

x86_64:  
kernel-debug-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-957.105.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-957.105.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-20593  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5MPrAAoJENzjgjWX9erEL2gP/jVYm6I22uhADJVQI22tx4nC  
4OZRXZ5g5G9SpdyU6SuH9DNErHaW651i7e3Eam1ql5QeX1qjATt2cAeaSv/zTHWo  
1ZIjWuAuCwpPSfJcBB7uCGSC2zbJ5d6ATg7+0IC2dHhvpAnAIHh8CQGpLu1xa0Xm  
vfzEfBwdhHCKy8Dm0dbi+Ic8sqzRNSc1z4d/ZDvfwLtUaooioDosLVXzdhIsmvSH  
wRfKieMPY4JkPOx/OXHDQPFHpE3kbdBgNsuJ4XvgC/a+eX/TKNsQzYr16KhmLGzH  
zNgdQv9tALV68a/2L/wmUTjklYtL9Mg1+ZGLq/sdsZ0ptsWwVHzVj6AN70V1NrKN  
d7B7fwGmU3nSosD74FCacfx9faxc7WLaDgEOasx+Ws9L+nMIe9BrPmUo0NWaT9F2  
KtNcKgXP+kcNqsg3XQQVLmjA7j8Jfylrz9AoKNcjFD+azK/sm8pybY512tQuncbM  
eJCsFeTbqEKuaRumc3wGV5jdY1Cg939UpG1ZyKnSbxTq0wlaxpnIt0cc9Wy2TFJ3  
EkLCAf3EwlElw3ojJmCISXgGMIV5kHSkA7eCcdlD/ccLdY9dO3L6gvExoMwUTE4M  
tDHSpOLsN2bUt3KhI9aNURlhtPoJgEcpLVShKQEr2wxnI4QrOetCVfpUCPBmaYWj  
PhR0VgkkOwTEjRI3iJfF  
=Dto+  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4696-01

TSPlus version 16.0.0.0 suffers from an insecure permissions vulnerability.

    # Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions# Date: 2023-08-09# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia# Vendor Homepage: https://tsplus.net/# Version: Up to 16.0.0.0# Tested on: Windows# CVE : CVE-2023-31068With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single sign-on web portal and remote desktop gateway that enables users to remotely access the console session of their office PC.The solution comes with an embedded web server to allow remote users to easely connect remotely.However, insecure file and folder permissions are set, and this could allow a malicious user to manipulate file content (e.g.: changing the code of html pages or js scripts) or change legitimate files (e.g. Setup-RemoteWork-Client.exe) in order to compromise a system or to gain elevated privileges.This is the list of insecure files and folders with their respective permissions:Permission: Everyone:(OI)(CI)(F)C:\Program Files (x86)\TSplus-RemoteWork\Clients\wwwC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-binC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloadC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloadsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\printsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\softwareC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\varC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteappC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloads\sharedC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\javaC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\jwresC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\localesC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\ownC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\desC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\keyC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\topmenuC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\key\partsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\imgC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\thirdC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img\cpC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img\srvC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\imagesC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\images\bramusC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototypeC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\var\log-------------------------------------------------------------------------------------------Permission: Everyone:(F)C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\robots.txtC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\hb.exe.configC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.configC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteapp\index.htmlC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\common.jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\lang.jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\Setup-RemoteWork-Client.exeC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\jwwebsockify.jarC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\web.jarC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitlist.htmlC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitupload.htmlC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\index.htmlC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img\index.htmlC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img\port.binC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\jws.jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\sha256.jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototype\prototype.jsC:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\js\jquery.min.js

TSPlus 16.0.0.0 Insecure Permissions

TSPlus version 16.0.0.0 suffers from an insecure credential storage vulnerability.

    # Exploit Title: TSPlus 16.0.0.0 - Remote Work Insecure Credential storage# Date: 2023-08-09# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia# Vendor Homepage: https://tsplus.net/# Version: Up to 16.0.0.0# Tested on: Windows# CVE : CVE-2023-31069With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single sign-on web portal and remote desktop gateway that enables users to remotely access the console session of their office PC.It is possible to create a custom web portal login page which allows a user to login without providing their credentials.However, the credentials are stored in an insecure manner since they are saved in cleartext, within the html login page.This means that everyone with an access to the web login page, can easely retrieve the credentials to access to the application by simply looking at the html code page.This is a code snippet extracted by the source code of the login page (var user and var pass):   // --------------- Access Configuration ---------------   var user = "Admin";                         // Login to use when connecting to the remote server (leave "" to use the login typed in this page)   var pass = "SuperSecretPassword";           // Password to use when connecting to the remote server (leave "" to use the password typed in this page)   var domain = "";                            // Domain to use when connecting to the remote server (leave "" to use the domain typed in this page)   var server = "127.0.0.1";                   // Server to connect to (leave "" to use localhost and/or the server chosen in this page)   var port = "";                              // Port to connect to (leave "" to use localhost and/or the port of the server chosen in this page)   var lang = "as_browser";                    // Language to use   var serverhtml5 = "127.0.0.1";              // Server to connect to, when using HTML5 client   var porthtml5 = "3389";                     // Port to connect to, when using HTML5 client   var cmdline = "";                           // Optional text that will be put in the server's clipboard once connected   // --------------- End of Access Configuration ---------------

TSPlus 16.0.0.0 Insecure Credential Storage

Red Hat Security Advisory 2023-4697-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security update  
Advisory ID:       RHSA-2023:4697-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4697  
Issue date:        2023-08-22  
CVE Names:         CVE-2023-35788   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.7  
Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update  
Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64  
Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64  
Red Hat Enterprise Linux Server Optional E4S (v. 7.7) - ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64  
Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()  
(CVE-2023-35788)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2215768 - CVE-2023-35788 kernel: cls_flower: out-of-bounds write in fl_set_geneve_opt()

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.7):

Source:  
kernel-3.10.0-1062.77.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.77.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.77.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.77.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.7):

Source:  
kernel-3.10.0-1062.77.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.77.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.77.1.el7.noarch.rpm

ppc64le:  
bpftool-3.10.0-1062.77.1.el7.ppc64le.rpm  
bpftool-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-1062.77.1.el7.ppc64le.rpm  
perf-3.10.0-1062.77.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
python-perf-3.10.0-1062.77.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm

x86_64:  
bpftool-3.10.0-1062.77.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.7):

Source:  
kernel-3.10.0-1062.77.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.77.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.77.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.77.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.7):

ppc64le:  
bpftool-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-1062.77.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.77.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.77.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-35788  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5MPmAAoJENzjgjWX9erEJfYP/3QMiTIJEWXpTWkWEVKWe8Os  
ipFn+aPYLHGc33OMdwHuh1mmacIgs2BNxEuGimoCy6IXKuTqI7Pa//m2ASY7P+IJ  
xXNhwtuMHTffiE2BTtjlc0ziC7SNjit6K0EbUtbTGWXYl1qgdGWEhVWQ0mwAge37  
t3JMd4j1IvaIhZGLPyhH3y7lS7FSuRL+Fq9b771rHtfkjHZYcmjUivbXLphLXxFo  
PVjiMcFMzTDOk4hD6AysGuP3oKkZal41e6PRBLau7l96iNKtPXKN6JV6mu5LoHXh  
cGALKswXAyiMPmKuCBOwYgZyFQYYc4DLnskK+se+Oh2KAUTF4je8AGQPs5MTHDt7  
QEWc7CXC19JQwVALVsE43BEpDEdT6Ed9hrwyU3fEQmXsWH2vxWkcZtbo9K+UNhjG  
3QFZ83XTevmhD9d2pp0I2qEavyEUnC4t9ePpbb1VJQUQ1qrndMI6bcgoiSA7RTU7  
IgPNL3Sv7pifDnV+fAwmqaDvhUJ6RxQmNn1Y5Wwl4gvz3LHIvMwUbgBJYyhksYAz  
g/N+U/cognHdPZVIJcCV7QN7htDI7HIVNtdHiQfLT90kZV3SnZBj4cWInBchDtMW  
Pj0CYGL48vRETYlKv9yc7M10g9esJ2lIT9+rsP0W9n2SEP1Sl+SOD4puIW3eMPA1  
5CmTSUrbaoREDwMzh8dT  
=9ntR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4697-01

Red Hat Security Advisory 2023-4694-01 - Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator containers are now available. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Release of containers for OSP 16.2.z (Train) director Operator  
Advisory ID:       RHSA-2023:4694-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4694  
Issue date:        2023-08-22  
CVE Names:         CVE-2020-24736 CVE-2022-21235 CVE-2022-36227   
                   CVE-2023-0361 CVE-2023-1667 CVE-2023-2283   
                   CVE-2023-2602 CVE-2023-2603 CVE-2023-27536   
                   CVE-2023-28321 CVE-2023-28484 CVE-2023-29469   
=====================================================================

1. Summary:

Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) director Operator  
containers are now available.

2. Description:

Release of Red Hat OpenStack Platform (RHOSP) 16.2.z (Train) provides these  
changes:

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2215317 - CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection  
2218300 - git url logic does not handle non-default ports and users  
2228513 - [16.2] Ephemeral heat communication is not using svc fqdn and hitting proxy  
2229173 - [16.2] OpenStackConfigGenerator fails to clone from Azure DevOps with  empty git-upload-pack given

5. JIRA issues fixed (https://issues.redhat.com/):

OSPK8-735 - Improve logging for BMH selection in BaremetalSet controller

6. References:

https://access.redhat.com/security/cve/CVE-2020-24736  
https://access.redhat.com/security/cve/CVE-2022-21235  
https://access.redhat.com/security/cve/CVE-2022-36227  
https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/cve/CVE-2023-1667  
https://access.redhat.com/security/cve/CVE-2023-2283  
https://access.redhat.com/security/cve/CVE-2023-2602  
https://access.redhat.com/security/cve/CVE-2023-2603  
https://access.redhat.com/security/cve/CVE-2023-27536  
https://access.redhat.com/security/cve/CVE-2023-28321  
https://access.redhat.com/security/cve/CVE-2023-28484  
https://access.redhat.com/security/cve/CVE-2023-29469  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.2/html/release_notes

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5BtQAAoJENzjgjWX9erEF20QAJnmDGSlO9cOTyzxO2o1OsBs  
w17uZoSvhwS4aATIx0uDJoe0R5IuHCXdPixN0lJ9c5EKAEhZ47+Eu402Zxnd+xzf  
8IGeo0WGIkgo6DtTkxm8t8aUEv0xKEFF7b22t4l5R1eSs72hp6TIdNsV4B81OkZx  
exjqtBPIyTThr/tOic9C1CFq9oi5veHNwRb8a10LCePW8sa5DSveXR1Qrg6BaGag  
l8uRHfO40t9xWjg9DJXt83vbMxwStihGl+LsX2xWSjtl1vh8hTUfJ/bBvZTG89ZI  
qaEhN7/bd24dcxkGjjcaQ8At/BqX4KQmc7FsL6KqRSBIuH9B1UA69l8tuDSuy2AT  
cpdcQVh/aYS7XBDSf86e80h1z4lke7uXBY/Ypgbyw1Xsf70WSaPaA+AQA11Ktgyq  
3KXZ4Bp8Wi2rebqpUeaNVtVgnAn58/Clw0teVGk/xaU4UES5R5KbTdqrvVQXjxqB  
ufrKY9PV0bNWwc56HB1qQKVKq2XEs1NFO3pWCbhnvxbozoiOkNIEHuhfM6Zefy4m  
P+mRiIVO3FWKhwQqs3wabaKqGtJpzqG5GZBivyv6BjJ3WlrVx244LYV4GfbKJCrG  
7LPsHsS+1jB8JFFPw6VDP74jLAQl0xAVahwB2KZtxWSRwmyVvFBXkUsmLp5b2+XV  
K7PblayRF8/0qViRFO8b  
=r5ts  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4694-01

Inosoft VisiWin 7 version 2022-2.1 suffers from a privilege escalation vulnerability.

    # Exploit Title: Inosoft VisiWin 7 2022-2.1 - Insecure Folders Permissions Privilege Escalation# Date: 2023-08-09# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia# Vendor Homepage: https://www.inosoft.com/# Version: Up to 2022-2.1 (Runtime RT7.3 RC3 20221209.5)# Tested on: Windows# CVE: CVE-2023-31468Inosoft VisiWin is a completely open system with a configurable range of functions. It combines all features of classic HMI software with unlimited programming possibilities.The installation of the solution will create insecure folder, and this could allow a malicious user to manipulate file content or change legitimate files (e.g., VisiWin7.Server.Manager.exe which runs with SYSTEM privileges) to compromise a system or to gain elevated privileges.This is the list of insecure files and folders with their respective permissions:C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH"C:\Program Files (x86)\INOSOFT GmbH BUILTIN\Administrators:(OI)(CI)(F)                                     Everyone:(OI)(CI)(F)                                     NT AUTHORITY\SYSTEM:(OI)(CI)(F)Successfully processed 1 files; Failed processing 0 filesC:\>--------------------------------------------------------------------------------------------------------------------------------------------------------C:\>icacls "C:\Program Files (x86)\INOSOFT GmbH\VisiWin7\Runtime\VisiWin7.Server.Manager.exe"C:\Program Files (x86)\INOSOFT GmbH\VisiWin 7\Runtime\VisiWin7.Server.Manager.exe BUILTIN\Administrators:(I)(F)                                                                                    Everyone:(I)(F)                                                                                    NT AUTHORITY\SYSTEM:(I)(F)Successfully processed 1 files; Failed processing 0 filesC:\>

Inosoft VisiWin 7 2022-2.1 Insecure Permissions / Privilege Escalation

Red Hat Security Advisory 2023-4693-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update  
Advisory ID:       RHSA-2023:4693-01  
Product:           Red Hat Ansible Automation Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4693  
Issue date:        2023-08-21  
CVE Names:         CVE-2023-4380 CVE-2023-23931 CVE-2023-32681   
                   CVE-2023-36053   
=====================================================================

1. Summary:

An update is now available for Red Hat Ansible Automation Platform 2.4

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Ansible Automation Platform 2.4 for RHEL 8 - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Ansible Automation Platform 2.4 for RHEL 9 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat Ansible Automation Platform provides an enterprise framework for  
building, deploying and managing IT automation at scale. IT Managers can  
provide top-down guidelines on how automation is applied to individual  
teams, while automation developers retain the freedom to write tasks that  
leverage existing knowledge without the overhead. Ansible Automation  
Platform makes it possible for users across an organization to share, vet,  
and manage automation content by means of a simple, powerful, and agentless  
language.

Security Fix(es):  
* automation-eda-controller: token exposed at importing project  
(CVE-2023-4380)  
* python3-cryptography/python39-cryptography: memory corruption via  
immutable objects (CVE-2023-23931)  
* python3-django/python39-django: Potential regular expression denial of  
service vulnerability in EmailValidator/URLValidator (CVE-2023-36053)  
* python3-requests/python39-requests: Unintended leak of  
Proxy-Authorization header (CVE-2023-32681)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Additional changes for Event-Driven Ansible:  
* automation-eda-controller has been updated to 1.0.1  
* Fixed Contributor and editor roles cannot set the AWX token (AAP-11573)  
* Onboarding journey wizard does not request a controller token creation  
(AAP-11907)  
* Wrong count of “restarts” field (AAP-12042)  
* Filtering on any list only works for items in view (AAP-12446)  
* Missing audit records in a running activations with many firings  
(AAP-12522)  
* When a job template fails the event payload is missing key attributes  
(AAP-12529)  
* Fix a git token leak when the import project fails. (AAP-12767)  
* Restart policy in k8s doesn’t restart successful activations that are  
marked as failed (AAP-12862)  
* Inconsistent status when disabling/enabling activations (AAP-12896)  
* run_job_template action fails and the rule is not counted as fired  
(AAP-12909)  
* Bulk deletion on rulebook activation list is not consistent (AAP-13093)  
* Rulebook Activation link is not functioning in Rule Audit Detail Screen  
(AAP-13182)  
* Previously project credentials couldn't be updated if there was a change  
to the credential used in the project, now credentials can be updated in a  
project with a new or different credential. (AAP-13983)

4. Solution:

Red Hat Ansible Automation Platform

5. Bugs fixed (https://bugzilla.redhat.com/):

2171817 - CVE-2023-23931 python-cryptography: memory corruption via immutable objects  
2209469 - CVE-2023-32681 python-requests: Unintended leak of Proxy-Authorization header  
2218004 - CVE-2023-36053 python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator  
2232324 - CVE-2023-4380 Ansible: token exposed at importing project

6. Package List:

Red Hat Ansible Automation Platform 2.4 for RHEL 8:

Source:  
automation-eda-controller-1.0.1-1.el8ap.src.rpm  
python3x-cryptography-38.0.4-2.el8ap.src.rpm  
python3x-django-3.2.20-1.el8ap.src.rpm  
python3x-requests-2.31.0-1.el8ap.src.rpm  
python3x-rsa-4.7.2-1.el8ap.src.rpm

aarch64:  
python39-cryptography-38.0.4-2.el8ap.aarch64.rpm  
python39-cryptography-debuginfo-38.0.4-2.el8ap.aarch64.rpm  
python3x-cryptography-debugsource-38.0.4-2.el8ap.aarch64.rpm

noarch:  
automation-eda-controller-1.0.1-1.el8ap.noarch.rpm  
automation-eda-controller-server-1.0.1-1.el8ap.noarch.rpm  
automation-eda-controller-ui-1.0.1-1.el8ap.noarch.rpm  
python39-django-3.2.20-1.el8ap.noarch.rpm  
python39-requests-2.31.0-1.el8ap.noarch.rpm  
python39-rsa-4.7.2-1.el8ap.noarch.rpm

ppc64le:  
python39-cryptography-38.0.4-2.el8ap.ppc64le.rpm  
python39-cryptography-debuginfo-38.0.4-2.el8ap.ppc64le.rpm  
python3x-cryptography-debugsource-38.0.4-2.el8ap.ppc64le.rpm

s390x:  
python39-cryptography-38.0.4-2.el8ap.s390x.rpm  
python39-cryptography-debuginfo-38.0.4-2.el8ap.s390x.rpm  
python3x-cryptography-debugsource-38.0.4-2.el8ap.s390x.rpm

x86_64:  
python39-cryptography-38.0.4-2.el8ap.x86_64.rpm  
python39-cryptography-debuginfo-38.0.4-2.el8ap.x86_64.rpm  
python3x-cryptography-debugsource-38.0.4-2.el8ap.x86_64.rpm

Red Hat Ansible Automation Platform 2.4 for RHEL 8:

Source:  
python3x-cryptography-38.0.4-2.el8ap.src.rpm

aarch64:  
python39-cryptography-38.0.4-2.el8ap.aarch64.rpm  
python39-cryptography-debuginfo-38.0.4-2.el8ap.aarch64.rpm  
python3x-cryptography-debugsource-38.0.4-2.el8ap.aarch64.rpm

ppc64le:  
python39-cryptography-38.0.4-2.el8ap.ppc64le.rpm  
python39-cryptography-debuginfo-38.0.4-2.el8ap.ppc64le.rpm  
python3x-cryptography-debugsource-38.0.4-2.el8ap.ppc64le.rpm

s390x:  
python39-cryptography-38.0.4-2.el8ap.s390x.rpm  
python39-cryptography-debuginfo-38.0.4-2.el8ap.s390x.rpm  
python3x-cryptography-debugsource-38.0.4-2.el8ap.s390x.rpm

x86_64:  
python39-cryptography-38.0.4-2.el8ap.x86_64.rpm  
python39-cryptography-debuginfo-38.0.4-2.el8ap.x86_64.rpm  
python3x-cryptography-debugsource-38.0.4-2.el8ap.x86_64.rpm

Red Hat Ansible Automation Platform 2.4 for RHEL 8:

Source:  
python3x-cryptography-38.0.4-2.el8ap.src.rpm

aarch64:  
python39-cryptography-38.0.4-2.el8ap.aarch64.rpm  
python39-cryptography-debuginfo-38.0.4-2.el8ap.aarch64.rpm  
python3x-cryptography-debugsource-38.0.4-2.el8ap.aarch64.rpm

ppc64le:  
python39-cryptography-38.0.4-2.el8ap.ppc64le.rpm  
python39-cryptography-debuginfo-38.0.4-2.el8ap.ppc64le.rpm  
python3x-cryptography-debugsource-38.0.4-2.el8ap.ppc64le.rpm

s390x:  
python39-cryptography-38.0.4-2.el8ap.s390x.rpm  
python39-cryptography-debuginfo-38.0.4-2.el8ap.s390x.rpm  
python3x-cryptography-debugsource-38.0.4-2.el8ap.s390x.rpm

x86_64:  
python39-cryptography-38.0.4-2.el8ap.x86_64.rpm  
python39-cryptography-debuginfo-38.0.4-2.el8ap.x86_64.rpm  
python3x-cryptography-debugsource-38.0.4-2.el8ap.x86_64.rpm

Red Hat Ansible Automation Platform 2.4 for RHEL 9:

Source:  
automation-eda-controller-1.0.1-1.el9ap.src.rpm  
python-cryptography-38.0.4-2.el9ap.src.rpm  
python-django-3.2.20-1.el9ap.src.rpm  
python-requests-2.31.0-1.el9ap.src.rpm  
python-rsa-4.7.2-1.el9ap.src.rpm

aarch64:  
python-cryptography-debugsource-38.0.4-2.el9ap.aarch64.rpm  
python3-cryptography-38.0.4-2.el9ap.aarch64.rpm  
python3-cryptography-debuginfo-38.0.4-2.el9ap.aarch64.rpm

noarch:  
automation-eda-controller-1.0.1-1.el9ap.noarch.rpm  
automation-eda-controller-server-1.0.1-1.el9ap.noarch.rpm  
automation-eda-controller-ui-1.0.1-1.el9ap.noarch.rpm  
python3-django-3.2.20-1.el9ap.noarch.rpm  
python3-requests-2.31.0-1.el9ap.noarch.rpm  
python3-rsa-4.7.2-1.el9ap.noarch.rpm

ppc64le:  
python-cryptography-debugsource-38.0.4-2.el9ap.ppc64le.rpm  
python3-cryptography-38.0.4-2.el9ap.ppc64le.rpm  
python3-cryptography-debuginfo-38.0.4-2.el9ap.ppc64le.rpm

s390x:  
python-cryptography-debugsource-38.0.4-2.el9ap.s390x.rpm  
python3-cryptography-38.0.4-2.el9ap.s390x.rpm  
python3-cryptography-debuginfo-38.0.4-2.el9ap.s390x.rpm

x86_64:  
python-cryptography-debugsource-38.0.4-2.el9ap.x86_64.rpm  
python3-cryptography-38.0.4-2.el9ap.x86_64.rpm  
python3-cryptography-debuginfo-38.0.4-2.el9ap.x86_64.rpm

Red Hat Ansible Automation Platform 2.4 for RHEL 9:

Source:  
python-cryptography-38.0.4-2.el9ap.src.rpm

aarch64:  
python-cryptography-debugsource-38.0.4-2.el9ap.aarch64.rpm  
python3-cryptography-38.0.4-2.el9ap.aarch64.rpm  
python3-cryptography-debuginfo-38.0.4-2.el9ap.aarch64.rpm

ppc64le:  
python-cryptography-debugsource-38.0.4-2.el9ap.ppc64le.rpm  
python3-cryptography-38.0.4-2.el9ap.ppc64le.rpm  
python3-cryptography-debuginfo-38.0.4-2.el9ap.ppc64le.rpm

s390x:  
python-cryptography-debugsource-38.0.4-2.el9ap.s390x.rpm  
python3-cryptography-38.0.4-2.el9ap.s390x.rpm  
python3-cryptography-debuginfo-38.0.4-2.el9ap.s390x.rpm

x86_64:  
python-cryptography-debugsource-38.0.4-2.el9ap.x86_64.rpm  
python3-cryptography-38.0.4-2.el9ap.x86_64.rpm  
python3-cryptography-debuginfo-38.0.4-2.el9ap.x86_64.rpm

Red Hat Ansible Automation Platform 2.4 for RHEL 9:

Source:  
python-cryptography-38.0.4-2.el9ap.src.rpm

aarch64:  
python-cryptography-debugsource-38.0.4-2.el9ap.aarch64.rpm  
python3-cryptography-38.0.4-2.el9ap.aarch64.rpm  
python3-cryptography-debuginfo-38.0.4-2.el9ap.aarch64.rpm

ppc64le:  
python-cryptography-debugsource-38.0.4-2.el9ap.ppc64le.rpm  
python3-cryptography-38.0.4-2.el9ap.ppc64le.rpm  
python3-cryptography-debuginfo-38.0.4-2.el9ap.ppc64le.rpm

s390x:  
python-cryptography-debugsource-38.0.4-2.el9ap.s390x.rpm  
python3-cryptography-38.0.4-2.el9ap.s390x.rpm  
python3-cryptography-debuginfo-38.0.4-2.el9ap.s390x.rpm

x86_64:  
python-cryptography-debugsource-38.0.4-2.el9ap.x86_64.rpm  
python3-cryptography-38.0.4-2.el9ap.x86_64.rpm  
python3-cryptography-debuginfo-38.0.4-2.el9ap.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-4380  
https://access.redhat.com/security/cve/CVE-2023-23931  
https://access.redhat.com/security/cve/CVE-2023-32681  
https://access.redhat.com/security/cve/CVE-2023-36053  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk5BtDAAoJENzjgjWX9erEeOAP/2mxhopEMcT5/vUYAjm1Mx06  
VbSNRev5unwCqqHN2C29xS2JNv0+sazo7JcVIP/2qICLEIBTBxPxGkbmeU5z7KGX  
pSbhz2WFonv0YaTZ3qHrsk5poaT8K2lY2z4FXjW/qSuAe5EvKkFbD/22Jy+Im7to  
0mz618G4QNkbnYU39YVeyI2f+GB0S3eqDof0LANb0BTjJRga/ENnbBBE3/ERBdMD  
xiHfnyTwaQhtFZgml3g+RXhLWZSHblS2IRbwLHlYA5l8pJgMASgcPHzXRFOZimYr  
4/uLFylKr20NJdrjRCJ5sAvOPGaOup7w9jAyrdpturH6fyY3hUoYVuGJJc7dLSu1  
6gcz35pxWIVdAFycvamkblWaLrRPKW4f8o6+a9dorEcH98gS4a75mI+LROLyVlr4  
jGjVeRrCBY1QBZjD+2duYCw/JoHCncy+uNCVouxpllHhEeq/lw6xmGz8qTx80fnB  
SZvluOYS6jY1pW+9KZ6ndohuN0mPT4sJogkytCRpurDR2B9P+H7ZTWl+1X7P+oj3  
C8NEG9TUmsnFlfM3HsJu+XQqZAEwYdOen1qZXGJwyRJjqi2+81Xe6MQaQsYiRyfU  
SJHZdsYH0dWP2KeVL1laNfZ+AwzrTNnq09ux0vCcZwaiiK4DtwRveMcFNiL3bF23  
EAHghshuHJQsa1nZLp7E  
=iLN7  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm