Carbiz Buy Sell Car Marketplace Script version 1.2.0 appears to leave default credentials installed after installation.

    ======================================================================================================================================| # Title     : Carbiz - Buy Sell Car Marketplace Script V 1.2.0 Insecure Settings Vulnerability                                     || # Author    : indoushka                                                                                                            || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit)                                              || # Vendor    : https://codecanyon.net/item/carbiz-buy-sell-car-marketplace-script/21803782                                          |  | # Dork      : "© Copyright 2018 Webhelios . All rights reserved"                                                                   |======================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  appears to leave default credentials installed after installation.[+]  Use Admin : admin & Pass : 12345[+]  Panel http://127.0.0.1/veloxcarsalescom/index.php/en/admin/authGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Carbiz Buy Sell Car Marketplace Script 1.2.0 Insecure Settings

Red Hat Security Advisory 2023-4138-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:4138-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4138  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-1016 CVE-2022-42703 CVE-2022-42896   
                   CVE-2023-2002 CVE-2023-2124 CVE-2023-2235   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time EUS (v.9.0) - x86_64  
Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

* kernel: use-after-free vulnerability in the perf_group_detach function of  
the Linux Kernel Performance Events (CVE-2023-2235)

* kernel: uninitialized registers on stack in nft_do_chain can cause kernel  
pointer leakage to UM (CVE-2022-1016)

* kernel: use-after-free related to leaf anon_vma double reuse  
(CVE-2022-42703)

* Kernel: bluetooth: Unauthorized management command execution  
(CVE-2023-2002)

* kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-9.0.z10 Batch  
(BZ#2209984)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2066614 - CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM  
2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse  
2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c  
2187308 - CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution  
2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem  
2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

6. Package List:

Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-kvm-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-kvm-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm

Red Hat Enterprise Linux Real Time EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.64.1.rt21.135.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1016  
https://access.redhat.com/security/cve/CVE-2022-42703  
https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/cve/CVE-2023-2002  
https://access.redhat.com/security/cve/CVE-2023-2124  
https://access.redhat.com/security/cve/CVE-2023-2235  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwGAAoJENzjgjWX9erEkE0P/jfzPJ5Ii7eIYAmKXZQdTSEP  
FpJp7cvUx+L4/B6h9WaPXz/qJGbBnLpqGcXn2RgzWkyJXCwVbM/MQat32cCBoyLZ  
pz4h3kUonDj3QVS43ytHwg7RNT1TTvu6FYoBNtzTIRHTEIfn3jUuh980liO0O/cf  
4jeNydlGB34mPtNaVgSRWFsPxvXjYJQORXS/0IQ2BZ9i1N6X7ifvOHLGTd8EbkBQ  
XMVLh67LDXf5RiPnMxYYNkzbzzGZkyTwjW+oNA45jJL2DxpE4au43VPQA+aelOpl  
TwWCxlMoGbOHy5ZTd6fSKmDU21kdXZEPg7gGv1IT8mhYMf5G6LAQ4+ZUjJFfGbSF  
hTsu6HY6rthOiZ/VS+PNeC6J3k+5sepaSMiy2Z6ZuJVzMYH0EJ8jKJBKi/xTOk29  
Q72doQDUnOnczQKpSAfU7vC9F6De3sDFXOzCcGuy/1QWV7a2xTp1EKPy63LT9uLy  
bY2ZnOxGRSomao8YyVlMY/JxA3PyTE6/RP+XSAT7PmfqwkxPO77FmOmNQ1mkSLLw  
w3UNIBS1kAz9096b8TKedxFif1ZWjNQI53/zTlAPnlF7pZuixb3Gv8Gieu1XQPz3  
0+fm59WS03bq+9M3tRA0zOaWEkqNF16ZoyLqZVqTStcQ/tz87EVXll2x4iapCKTa  
IDz+8UxDBDA1hw50cBcY  
=k9cm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4138-01

Red Hat Security Advisory 2023-4137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:4137-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4137  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-1016 CVE-2022-42703 CVE-2022-42896   
                   CVE-2023-2002 CVE-2023-2124 CVE-2023-2235   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

* kernel: use-after-free vulnerability in the perf_group_detach function of  
the Linux Kernel Performance Events (CVE-2023-2235)

* kernel: uninitialized registers on stack in nft_do_chain can cause kernel  
pointer leakage to UM (CVE-2022-1016)

* kernel: use-after-free related to leaf anon_vma double reuse  
(CVE-2022-42703)

* Kernel: bluetooth: Unauthorized management command execution  
(CVE-2023-2002)

* kernel: OOB access in the Linux kernel's XFS subsystem (CVE-2023-2124)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Backport kernel audit enhancements and fixes from v5.13-rc1 to v5.16-rc6  
(BZ#2098210)

* INTEL 9.0 BUG VROC: RAID rebuild doesn't start after removing drive  
during FIO (BZ#2174890)

* HPEMC RHEL 9 BUG: acpi-cpufreq: Skip initializtion if a cpufreq driver  
exists (BZ#2186564)

* RHEL9.3: Update locking code to upstream 6.1 and further fixes  
(BZ#2187517)

* block layer: update with upstream v6.0 (BZ#2196175)

* rhel-9: Invalid character detected by rpminspect in  
Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208244)

* Trouble getting callstacks when signal has interrupted clock_gettime  
(BZ#2210076)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2066614 - CVE-2022-1016 kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM  
2133483 - CVE-2022-42703 kernel: use-after-free related to leaf anon_vma double reuse  
2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c  
2187308 - CVE-2023-2002 Kernel: bluetooth: Unauthorized management command execution  
2187439 - CVE-2023-2124 kernel: OOB access in the Linux kernel's XFS subsystem  
2192589 - CVE-2023-2235 kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
perf-5.14.0-70.64.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.64.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.64.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.64.1.el9_0.s390x.rpm  
perf-5.14.0-70.64.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
perf-5.14.0-70.64.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kernel-5.14.0-70.64.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.64.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.64.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.64.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.64.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.64.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.64.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.64.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.64.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.64.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.64.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.64.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.64.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.64.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.64.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.64.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.64.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.64.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1016  
https://access.redhat.com/security/cve/CVE-2022-42703  
https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/cve/CVE-2023-2002  
https://access.redhat.com/security/cve/CVE-2023-2124  
https://access.redhat.com/security/cve/CVE-2023-2235  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmwCAAoJENzjgjWX9erEhgIP/3YYLK2bjhLKWvvRbMdH9gRU  
mWFTBr3AeiKs9tMOpcqe5JbI2nwy6M41Qi8Mdz1D+5MC+4Yx+NTLFLmYKbwdY665  
aO6IdgBXvkrEpVm3a4fjt4lFFa/66VsvzphmyduXKLGcMzHGShjGQpJZEHZYdpbN  
EiS7Z1rEGLExmxt9z5vLbhzSmfPTH9bMKx6JL6EBWyimA/OYk1uysfAjVBMe1q6X  
OS5VYobqY2HKj9+TT/cHe0rFZTK7q+9Gw3W3ndQ958p9yux3FrLgFF0oLdLiKwzH  
IZC/cR+ivRnzpxUZD3YDc5Vag3faQ2VmIdBLMEMY6oXwHBYZyKEsCA7oZ1Eh0uCJ  
nWYA7h7J0+CQiBSlo2DAv/pmsalLrOF4OJZ7kOVcXIS93EFjhZfr9zN+ap0A5y6a  
UPEpGGLa19PPYy3g17y27JvtsCoErDcYVc/3w7yS+NE/cvrigyBxNl8BZZyWcPVT  
ONN8rsrIQMA2LHgPygklxc/SHHRIgLEFJdKyuIc2Qc/wYS+XorsVfTmDi1WT29+H  
4k0c0syaR5+XHbfwTylaVXAmTO8+pI0zN9bePZkv2josDzhgwQMO9uPFlPpKZnq6  
rIrD2HZQH67vNdaM4i0RgZAJFiBrVsz73LlkEX5WYZ/UDsOdB62VLfqunuQuKmjG  
AXwX8eBFthNYpnnQVPSa  
=mkOj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4137-01

Red Hat Security Advisory 2023-4125-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, privilege escalation, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4125-01

Red Hat Security Advisory 2023-4128-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: edk2 security update  
Advisory ID:       RHSA-2023:4128-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4128  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-4304 CVE-2023-0215 CVE-2023-0286   
=====================================================================

1. Summary:

An update for edk2 is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - noarch

3. Description:

EDK (Embedded Development Kit) is a project to enable UEFI support for  
Virtual Machines. This package contains a sample 64-bit UEFI firmware for  
QEMU and KVM.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)

* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName  
2164487 - CVE-2022-4304 openssl: timing attack in RSA Decryption implementation  
2164492 - CVE-2023-0215 openssl: use-after-free following BIO_new_NDEF

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
edk2-20220126gitbb1bba3d77-2.el8_6.1.src.rpm

noarch:  
edk2-aarch64-20220126gitbb1bba3d77-2.el8_6.1.noarch.rpm  
edk2-ovmf-20220126gitbb1bba3d77-2.el8_6.1.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4304  
https://access.redhat.com/security/cve/CVE-2023-0215  
https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmv1AAoJENzjgjWX9erEFcoQAJTzG4roJ6kbvvqMOY2ghpO4  
IhSAfGvAf7Opuahtv+VqJcxWtcW8TVGRwaQlLWv70f8rgUUYJH7Ll3k3Wa76UPQd  
Z91cvsKKrh1XP47bPlcU5zVuNRxuqT3TLTeT9WeEyVxh/JkFBkuSkn36PCPR6fuM  
ii+ppKALwEuNlHT99ebAgL9tUVvUiPVPkvwmJBITxCqgTR3ddyDR+6V7fXrXnT/4  
UybIF6lv7l+N2yHI5u9vEsph9yb/qUFFWbC81NAqCjHe+Ko4aitAW2AZJMt4qWPb  
mR9+cJHyNf4+/fWxjJwlKjKoWNqSmqsg2MzwEng0qqTrlJ2DGpIEBaVXxjFDhhGI  
3LpGHNzipP9jD+QyPd1fqEmGdSuiWdf7UU7BA7uTvTqOBrowjxOiQbN+7/cn2+9V  
yg3Ik6KxTap2vesbTBoOZFId9Z1VPrMoOx9Cvz4atEjqlqBak4jNjnBe4kV52m26  
gIVgvmWxaXOd2L/X3nzNY3z9WpXnfYh/1gQtaUgopNBsVclX+GNT0leDIuh8LRVz  
c/MohxUqW/Xz9bbb90AqhUoxIQWhmZFcWxsmpORWALl18kssXHluEugNf5GgkA3s  
7DbUVhHEEK/vMeNteaI6tW8le5ik377DfQ4vFbyeJ/gR/fcfDTywL96hL3Mc2oaK  
+FUJnnzz277KjTWripMk  
=xPii  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4128-01

Red Hat Security Advisory 2023-4124-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: edk2 security update  
Advisory ID:       RHSA-2023:4124-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4124  
Issue date:        2023-07-18  
CVE Names:         CVE-2023-0286   
=====================================================================

1. Summary:

An update for edk2 is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - noarch  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - noarch  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - noarch

3. Description:

EDK (Embedded Development Kit) is a project to enable UEFI support for  
Virtual Machines. This package contains a sample 64-bit UEFI firmware for  
QEMU and KVM.

Security Fix(es):

* openssl: X.400 address type confusion in X.509 GeneralName  
(CVE-2023-0286)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2164440 - CVE-2023-0286 openssl: X.400 address type confusion in X.509 GeneralName

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
edk2-20190829git37eef91017ad-9.el8_2.2.src.rpm

noarch:  
edk2-aarch64-20190829git37eef91017ad-9.el8_2.2.noarch.rpm  
edk2-ovmf-20190829git37eef91017ad-9.el8_2.2.noarch.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
edk2-20190829git37eef91017ad-9.el8_2.2.src.rpm

noarch:  
edk2-aarch64-20190829git37eef91017ad-9.el8_2.2.noarch.rpm  
edk2-ovmf-20190829git37eef91017ad-9.el8_2.2.noarch.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
edk2-20190829git37eef91017ad-9.el8_2.2.src.rpm

noarch:  
edk2-aarch64-20190829git37eef91017ad-9.el8_2.2.noarch.rpm  
edk2-ovmf-20190829git37eef91017ad-9.el8_2.2.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0286  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktmvzAAoJENzjgjWX9erEnOUP/RmQroGJmVsCj3/4cdhZz0OF  
0XblN1tcCVwjCy46hDtOKtRKbF1WOv4zUSgyO8FYEDhEljgMIVOI0RP3YkvH8RsW  
4IARJnAUmeHfzs13gLws1p38f8KCKpaCJNkZJIVeztuEWvZbRtwk1K3wJbF3IAoh  
0Dw008UwdO/B4bezlB+DOJCOyNynbKxxWMZjWUHJ9Wr8EYEySG3kIIx+odUxCKlr  
o19bMoHpsWs/BWA37/2dbZQJ6w7/p6aH6CcHl1WkMP+xG5xe/pQI8WpdxEqrkTFk  
DaVTAUTiPrNWRYZMrl1GBVfgQuKm3TSQb46Rrgw1QmYAV4JLU2iZgni2jtFSyixj  
j+epxHv7EcQpWiFQsoxpG41IkpFp9ARoBDbbMaAyzanl0XGQjf4izBOdcUURsbRY  
N3AgXAAi4L5xxFNC8H6ZYvHgWTlSmM2H+5mSKbD2K+NayDN0wxMq8yCLRcz6BUvu  
lCKbfXfZYuqsZpHGiajwfU5QwjY5f90MbKk/EwfQNuRr9Ft2kfZLDDWIq8Fjx3wo  
aMDX1G5ULVd0jQu49S+9h1radANpKEIYnd0x0fVdkdJBMtf0PaOmTy2yGErRNq4Q  
MOHOYCbE6sO2z/oRMCHrHNV2x8YL+9kWh90EtNktmSlZlWShP6lgfV2Clv/BX44y  
AqzlcmqwnUTe3NPG2XLI  
=LaDq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4124-01

Red Hat Security Advisory 2023-4025-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Low: Red Hat OpenShift support for Windows Containers 7.1.0 [security update]  
Advisory ID:       RHSA-2023:4025-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4025  
Issue date:        2023-07-18  
CVE Names:         CVE-2022-36227 CVE-2023-0361 CVE-2023-25173   
                   CVE-2023-27535   
=====================================================================

1. Summary:

The components for Red Hat OpenShift support for Windows Containers 7.1.0  
are now available. This product release includes bug fixes and security  
updates for the following packages: windows-machine-config-operator and  
windows-machine-config-operator-bundle.

Red Hat Product Security has rated this update as having a security impact  
of Low. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift support for Windows Containers allows you to deploy  
Windows container workloads running on Windows Server containers.

Security Fix(es):

* containerd: Supplementary groups are not set up properly (CVE-2023-25173)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-10417 - Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace  
OCPBUGS-10784 - In-tree storage for azure-file and vSphere is disabled  
OCPBUGS-10933 - BYOH upgrade failed Unable to cleanup the Windows instance: error running powershell.exe -NonInteractive -ExecutionPolicy Bypass \"C:\\k\\windows-instance-config-daemon.exe cleanup -  
OCPBUGS-10935 - Windows pods are unable to resolve DNS records for services  
OCPBUGS-11667 - BYOH node upgrade failed when the node not in default namespace: deleting node winhost\nF0402 08:53:43.066039    4740 cleanup.go:56] nodes \"winhost\" is forbidden: User \"system:serviceaccount:winc-namespace-test:windows-instance-config-daemon\"  
OCPBUGS-11785 - oc adm node-logs failing in vSphere CI  
OCPBUGS-13790 - Segmentation Violation found in WMCO .ensureWICDSecretContent  
OCPBUGS-14260 - Upgrade from WMCO 7.0.1 to 7.1.0 not working on Windows BYOH nodes: error waiting for proper windowsmachineconfig.openshift.io/version annotation for node  
OCPBUGS-14445 - Instance configurations fails on Windows Server 2019 without the container feature  
OCPBUGS-4862 - Deletion of BYOH Windows node hangs in Ready,SchedulingDisabled  
OCPBUGS-7336 - WMCO kubelet version not matching OCP payload's one  
OCPBUGS-7843 - containerd version is being misreported  
OCPBUGS-8037 - Directory deletion errors are being ignored when deconfiguring Windows instances  
OCPBUGS-8056 - WMCO is unable to drain DaemonSet workloads  
OCPBUGS-8085 - Hybrid Overlay logfile is in use and cannot be deleted  
WINC-1037 - Windows Server 2019 CI coverage  
WINC-981 - Red Hat OpenShift support for Windows Containers 7.0.1 Post Release  
WINC-983 - [e2e] Ensure required log files are non-empty

6. References:

https://access.redhat.com/security/cve/CVE-2022-36227  
https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/cve/CVE-2023-25173  
https://access.redhat.com/security/cve/CVE-2023-27535  
https://access.redhat.com/security/updates/classification/#low

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkthd/AAoJENzjgjWX9erEn8MP/3Bf86MhhUzmDog2ttnikXx2  
KB8KBrmrYZIyuE59cbL1+8+kRTVxh3aW+Q9SHoiCY/ZlX3XvfeKJmzyOTCkdpyVO  
DasddWw2B3/NiRBH6ufpy4pJMva/4MCc2IH5VlDXXQy+ydrONIpw+Xa2pWqAzx47  
Sj30qqWmcgxev7KfZXPrC9gDj0pgl5CIsMzlDlhx2LvWmbaryXAL3zRB+AKKvrdA  
U3zIMRFOxRx/GJ3M9usWPkeGzgYVQHyljEIexKa6q8nW0ubyW3Gar2JD8CF8wwPM  
+pRJHJvoG4shcp9c6DkFGLt/Ti5/z+Vj3nSsIFbDzaT4LS7W5HzEdc7/C7PechWY  
gHesjgyqqX/nropT9mrwcTJt5boywdYcXPEkOxca5Ke+g2HMBrAR0F9SpnLjvWVE  
9qYfeeiUkrxb1TYV1iKe2qbkQvGcGSL9U9VYTgAisUXx4FLF6RW1+L57iZMYmTaC  
GXOF94oG2s7BBD4FteNAKIHNyIKIX/7CMMaQPZITTwxfxWDGlCup5OS2mBbdM4uO  
MAdket7e5FzfzNfJXbs0d2QTtyTqV1nXMyWZ4XVoinaoRgwHQb47xaMkGysF4GhL  
vpKTzH+nsX8nKq76m0GuQtHxqq9lVKCZ9m+l3WI7CzZf+mjLjbZ/TwMnFsFsiy3q  
MWCyyldecxHw+otiRbk/  
=4/Hi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4025-01

Capitol Matrimonial Banquet Centre version 1.5 suffers from a remote SQL injection vulnerability.

    ====================================================================================================================================| # Title     : Capitol Matrimonial Banquet Centre v1.5 Sql injection Vulnerability                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             || # Vendor    : http://www.capitolbanquet.com/                                                                                     |  | # Dork      : N/A                                                                                                                |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  Use Payload :/admin/settings.php?aid=[+]  http://127.0.0.1/capitolbanquetcom/admin/settings.php?aid=40660<=====| inject hereGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

Capitol Matrimonial Banquet Centre 1.5 SQL Injection

Red Hat Security Advisory 2023-4100-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: bind9.16 security update  
Advisory ID:       RHSA-2023:4100-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4100  
Issue date:        2023-07-17  
CVE Names:         CVE-2023-2828   
=====================================================================

1. Summary:

An update for bind9.16 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain  
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver  
library (routines for applications to use when interfacing with DNS); and  
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: named's configured cache size limit can be significantly exceeded  
(CVE-2023-2828)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2216227 - CVE-2023-2828 bind: named's configured cache size limit can be significantly exceeded

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
bind9.16-9.16.23-0.14.el8_8.1.src.rpm

aarch64:  
bind9.16-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-chroot-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-debuginfo-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-debugsource-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-dnssec-utils-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-libs-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-libs-debuginfo-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-utils-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.14.el8_8.1.aarch64.rpm

noarch:  
bind9.16-license-9.16.23-0.14.el8_8.1.noarch.rpm  
python3-bind9.16-9.16.23-0.14.el8_8.1.noarch.rpm

ppc64le:  
bind9.16-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-chroot-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-debuginfo-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-debugsource-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-dnssec-utils-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-libs-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-libs-debuginfo-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-utils-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-utils-debuginfo-9.16.23-0.14.el8_8.1.ppc64le.rpm

s390x:  
bind9.16-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-chroot-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-debuginfo-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-debugsource-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-dnssec-utils-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-libs-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-libs-debuginfo-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-utils-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-utils-debuginfo-9.16.23-0.14.el8_8.1.s390x.rpm

x86_64:  
bind9.16-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-chroot-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-debuginfo-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-debugsource-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-dnssec-utils-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-libs-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-libs-debuginfo-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-utils-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.14.el8_8.1.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
bind9.16-debuginfo-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-debugsource-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-devel-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-libs-debuginfo-9.16.23-0.14.el8_8.1.aarch64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.14.el8_8.1.aarch64.rpm

noarch:  
bind9.16-doc-9.16.23-0.14.el8_8.1.noarch.rpm

ppc64le:  
bind9.16-debuginfo-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-debugsource-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-devel-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-libs-debuginfo-9.16.23-0.14.el8_8.1.ppc64le.rpm  
bind9.16-utils-debuginfo-9.16.23-0.14.el8_8.1.ppc64le.rpm

s390x:  
bind9.16-debuginfo-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-debugsource-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-devel-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-libs-debuginfo-9.16.23-0.14.el8_8.1.s390x.rpm  
bind9.16-utils-debuginfo-9.16.23-0.14.el8_8.1.s390x.rpm

x86_64:  
bind9.16-debuginfo-9.16.23-0.14.el8_8.1.i686.rpm  
bind9.16-debuginfo-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-debugsource-9.16.23-0.14.el8_8.1.i686.rpm  
bind9.16-debugsource-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-devel-9.16.23-0.14.el8_8.1.i686.rpm  
bind9.16-devel-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8_8.1.i686.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-libs-9.16.23-0.14.el8_8.1.i686.rpm  
bind9.16-libs-debuginfo-9.16.23-0.14.el8_8.1.i686.rpm  
bind9.16-libs-debuginfo-9.16.23-0.14.el8_8.1.x86_64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.14.el8_8.1.i686.rpm  
bind9.16-utils-debuginfo-9.16.23-0.14.el8_8.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2828  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJktcO0AAoJENzjgjWX9erElOcP/0ecDhTcanXHTyVlQ3/Oveb6  
OsrCayuPngMWaOPfM2YEhxkBHi9QD2S4kWBIVaXynfRgluHvdX5cnpPup04jckvj  
BQzTU06slkklANFJBIZ7mo5m2Tna+jRwAETzmPV9hyRjawftwfunqMfzw96jxW5K  
AY9A6P3pl0n36Qwbx4WxSDeWPpp8YLEWeUzBEmfoXwOuIyqkEo8eAmm1W26vW7Cx  
/TmGr+1mPv8db78QWwcUlzZ++ldZ4+WYrl4/BX1v87sMldDKEHLxP2FXs1B3B66Y  
aCdYCs2YpzgbsKQzjLHcCJSnFNtf2yWUZHOPeWtugaa8t2Ua9ICglW/MaFr/v/yM  
cFwRMjnbXupTaBoLqIt/RTKermDaPgbP3l4LkLTZ54hIkQMgwrbmeEY/KxPegkVU  
Szj7tqLCM8EbW6nOv/WD6dzGPkpt3qd+4diTP66h2N0TIrQeRZ9QPLzdzChadZod  
miHw/YjdnOIuhGYCBgBXhBE8gcNzaoY/ulMCAh1icDuwCzdZM6TAhw9UPN1dXj7f  
xvLItPJvRFOFi9sKH8LPEi+Xih3CcjIkT8D9bBZFgf/7E/KnWqRaaDCHP/kSzT0F  
01QKQtnvAu3CmAdn+9b+NYkk4AJYYLJj8bXyQ7GDK2/Df1bt2gVrh+TgKOwJ8/aw  
VGqjmxbHHXTCYN950udp  
=yoto  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4100-01

Debian Linux Security Advisory 5454-1 - Riccardo Bonafede discovered that the Kanboard project management software was susceptible to SQL injection.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5454-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
July 16, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : kanboard  
CVE ID         : CVE-2023-36813

Riccardo Bonafede discovered that the Kanboard project management  
software was susceptible to SQL injection.

For the stable distribution (bookworm), this problem has been fixed in  
version 1.2.26+ds-2+deb12u2.

We recommend that you upgrade your kanboard packages.

For the detailed security status of kanboard please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/kanboard

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmS0aFkACgkQEMKTtsN8  
Tjb/1Q//V4yAyr1OVajQ0bVIDfjgyMEIbyHzxHS8nYxbOM1MsXkYONZfWdgZSkEG  
4knkc6J04n3LlC34rlu6TpZi9a8bd5QFvq4+9SfGOGWjPFMHVNJ8QgxF27rsObQW  
ektIi5S3qAFv3qA6YcCnAvR+1s2zrpNOUEbgOAvCSBiXePn017cBLDs70/xY5S31  
J5Jwl2vtn7I/MFTlXSAZGavQbgKHQqJ8iHsNbFNBU4jr4t/QJUOXkN/QmOqllwJF  
ytcqI/R6nXk402f+15Hdb10lq5vWeuecSRyNmQ7BQiGpaJk/JXF+Ijk6JTG+ntQb  
xeo5dv7orlGgj7ogm9avOq5iLEDGEYlb/JXy9eZchWTe43u9OxuQno5U7nPfl1gY  
BVal1wxkNQQ63XqGht1RXmf4zTPEo9Uwg0lKlWRsVxPNTGCE7J1sfahOxwzeXLMk  
8vJ7XSp4tN++6WwhsbO7CQwzZ+P6aKFiFTdTgR0ulj6RwM+pSNHmw3miMQSnBaw/  
6+tHFv8BRHk7Sj36YESXCpUhN35rlcU/cvpbakDll7S29bfS07/dXeKJS4s0jvpd  
4qmCTJHjTt2Ast/sSG40vbGXRB9PoFBMEoJABmc567QMTLhDCc4dF3FWXuTDpdnF  
6eot3QRwtRdGFyoKmBI4Qj6dJgxjIs3iwjzlMOGCgOabOHBq6pA=  
=pXzA  
-----END PGP SIGNATURE-----

Source

Packet Storm