Red Hat Security Advisory 2023-3177-01 - The Apache Portable Runtime is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: apr-util security update  
Advisory ID:       RHSA-2023:3177-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3177  
Issue date:        2023-05-17  
CVE Names:         CVE-2022-25147  
====================================================================  
1. Summary:

An update for apr-util is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

The Apache Portable Runtime (APR) is a portability library used by the  
Apache HTTP Server and other projects. apr-util is a library which provides  
additional utility interfaces for APR; including support for XML parsing,  
LDAP, database interfaces, URI parsing, and more.

Security Fix(es):

* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Applications using the APR libraries, such as httpd, must be restarted for  
this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2169652 - CVE-2022-25147 apr-util: out-of-bounds writes in the apr_base64

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
apr-util-1.6.1-6.el8_1.1.src.rpm

aarch64:  
apr-util-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-bdb-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-debuginfo-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-debugsource-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-devel-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-ldap-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-mysql-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-odbc-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-openssl-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-pgsql-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-sqlite-1.6.1-6.el8_1.1.aarch64.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_1.1.aarch64.rpm

ppc64le:  
apr-util-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-bdb-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-debugsource-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-devel-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-ldap-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-mysql-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-odbc-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-openssl-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-pgsql-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-sqlite-1.6.1-6.el8_1.1.ppc64le.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_1.1.ppc64le.rpm

s390x:  
apr-util-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-bdb-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-debuginfo-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-debugsource-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-devel-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-ldap-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-mysql-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-odbc-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-openssl-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-pgsql-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-sqlite-1.6.1-6.el8_1.1.s390x.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_1.1.s390x.rpm

x86_64:  
apr-util-1.6.1-6.el8_1.1.i686.rpm  
apr-util-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-bdb-1.6.1-6.el8_1.1.i686.rpm  
apr-util-bdb-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_1.1.i686.rpm  
apr-util-bdb-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-debuginfo-1.6.1-6.el8_1.1.i686.rpm  
apr-util-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-debugsource-1.6.1-6.el8_1.1.i686.rpm  
apr-util-debugsource-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-devel-1.6.1-6.el8_1.1.i686.rpm  
apr-util-devel-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-ldap-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_1.1.i686.rpm  
apr-util-ldap-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-mysql-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_1.1.i686.rpm  
apr-util-mysql-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-odbc-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_1.1.i686.rpm  
apr-util-odbc-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-openssl-1.6.1-6.el8_1.1.i686.rpm  
apr-util-openssl-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_1.1.i686.rpm  
apr-util-openssl-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-pgsql-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_1.1.i686.rpm  
apr-util-pgsql-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-sqlite-1.6.1-6.el8_1.1.x86_64.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_1.1.i686.rpm  
apr-util-sqlite-debuginfo-1.6.1-6.el8_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-25147  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGUUpNzjgjWX9erEAQiNkg//Tw2jxBWR1u011aWCfQWRKItijygIALzr  
YXVAIgU88JOsczbPnWH2k43eGzbZmMSwYBNVKytiAkUi7y81SRO/npI2LMS9u9JW  
+ioM1gsjVf322j18fmvMnLROsq6GrVTnDAdW/0fpq6zsXjJrMktlrxOzRUyGIOLY  
neuAMCi1xTrcPfMIN9QTa5vciK2/9FbPoy4qnnrE1I643RZbq5s68gNvIJZOfuTe  
3+U4oXQytZIJ2Iwz1If+77sxgycKNQpk75Ehzt5nMX4uv2hkzsDLhjboSPI0pgct  
hwhVRsi0Qn56xfd9nD0KK37MScZOreag0LRoHK3f61zpRmcyJgnYB0+uetEfscAQ  
pdavjqmFqCOyVnsjYYukAu2MJadBlBdB3ts1RShFWkooy3mVLC4XNlQvH0Wa5tcN  
d5QrSMJkZAhUUuoVfSiHMnrgR+bivI3oTldCpZvNLDgSkIuxMYs2vAmuiQ2yA7x2  
iGo0fB1O8CNAVU4j+J9fZ9IbcR020ev4gm31yTi08b4favDHU/cE4yIWJX8RzNaX  
o+/nypkUTdIpDtZQtFrK8JHlWYnv5MF98XJTzfotzSx7ziCkol/vC67a0FhIWIlg  
zOr4MiOcjOiBOfUvEN2mR5jm7oZsZvcXDfOsVXKMrkAfmZFX4JMqiT7tp6jMjkwn  
AkcNITMppL4=UXp5  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3177-01

Red Hat Security Advisory 2023-3189-01 - GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language, and the capability to read e-mail and news. Issues addressed include a code execution vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: emacs security update  
Advisory ID:       RHSA-2023:3189-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3189  
Issue date:        2023-05-17  
CVE Names:         CVE-2023-28617  
====================================================================  
1. Summary:

An update for emacs is now available for Red Hat Enterprise Linux 8.1  
Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - noarch

3. Description:

GNU Emacs is a powerful, customizable, self-documenting text editor. It  
provides special code editing features, a scripting language (elisp), and  
the capability to read e-mail and news.

Security Fix(es):

* emacs: command injection vulnerability in org-mode (CVE-2023-28617)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2180544 - CVE-2023-28617 emacs: command injection vulnerability in org-mode

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

aarch64:  
emacs-26.1-5.el8_1.1.aarch64.rpm  
emacs-common-26.1-5.el8_1.1.aarch64.rpm  
emacs-common-debuginfo-26.1-5.el8_1.1.aarch64.rpm  
emacs-debuginfo-26.1-5.el8_1.1.aarch64.rpm  
emacs-debugsource-26.1-5.el8_1.1.aarch64.rpm  
emacs-lucid-26.1-5.el8_1.1.aarch64.rpm  
emacs-lucid-debuginfo-26.1-5.el8_1.1.aarch64.rpm  
emacs-nox-26.1-5.el8_1.1.aarch64.rpm  
emacs-nox-debuginfo-26.1-5.el8_1.1.aarch64.rpm

noarch:  
emacs-terminal-26.1-5.el8_1.1.noarch.rpm

ppc64le:  
emacs-26.1-5.el8_1.1.ppc64le.rpm  
emacs-common-26.1-5.el8_1.1.ppc64le.rpm  
emacs-common-debuginfo-26.1-5.el8_1.1.ppc64le.rpm  
emacs-debuginfo-26.1-5.el8_1.1.ppc64le.rpm  
emacs-debugsource-26.1-5.el8_1.1.ppc64le.rpm  
emacs-lucid-26.1-5.el8_1.1.ppc64le.rpm  
emacs-lucid-debuginfo-26.1-5.el8_1.1.ppc64le.rpm  
emacs-nox-26.1-5.el8_1.1.ppc64le.rpm  
emacs-nox-debuginfo-26.1-5.el8_1.1.ppc64le.rpm

s390x:  
emacs-26.1-5.el8_1.1.s390x.rpm  
emacs-common-26.1-5.el8_1.1.s390x.rpm  
emacs-common-debuginfo-26.1-5.el8_1.1.s390x.rpm  
emacs-debuginfo-26.1-5.el8_1.1.s390x.rpm  
emacs-debugsource-26.1-5.el8_1.1.s390x.rpm  
emacs-lucid-26.1-5.el8_1.1.s390x.rpm  
emacs-lucid-debuginfo-26.1-5.el8_1.1.s390x.rpm  
emacs-nox-26.1-5.el8_1.1.s390x.rpm  
emacs-nox-debuginfo-26.1-5.el8_1.1.s390x.rpm

x86_64:  
emacs-26.1-5.el8_1.1.x86_64.rpm  
emacs-common-26.1-5.el8_1.1.x86_64.rpm  
emacs-common-debuginfo-26.1-5.el8_1.1.x86_64.rpm  
emacs-debuginfo-26.1-5.el8_1.1.x86_64.rpm  
emacs-debugsource-26.1-5.el8_1.1.x86_64.rpm  
emacs-lucid-26.1-5.el8_1.1.x86_64.rpm  
emacs-lucid-debuginfo-26.1-5.el8_1.1.x86_64.rpm  
emacs-nox-26.1-5.el8_1.1.x86_64.rpm  
emacs-nox-debuginfo-26.1-5.el8_1.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
emacs-26.1-5.el8_1.1.src.rpm

noarch:  
emacs-filesystem-26.1-5.el8_1.1.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-28617  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGUUk9zjgjWX9erEAQjobw/+KV0RHHT9w+lJ9bdU9dYXiknl1+OBRo1D  
SDr+h3OToTEXNVpwSYKpyqQVTG7bBW9hVXmVBR/QvAPfT0rBAg6zvBofnT/mlJoo  
K5gKCPReXvVqb9v8khGwKKXfXevRE2LzdYf4e2JgdqsG+3QqcqONaYrBz61g96lb  
HBY9NpbM4VVPyWAWjGB3mUA2On5bU0GaXkx7OeZDfaHmAzHou+0G4l1Fc7vPPk8O  
o3hh9h/NRrwZ9Tk1Qdd/y89Vr+X3HMPoy5npu36wOZaVf4CU7ThUBsUT4iy7EpDo  
qvIi4yke1NybIpXdCft68UZ4agRLvWej459mebFnN9/F4DJJOE7F/PS18Nht+cPJ  
F+TKSAncvUAIZclGFBWoFgiligq19guVsi01xZbBpqqODQta0j+SwXKMBHBg4wBg  
sZA+F6VUeih+beAvDTBPszyWpBcKj6lL/LEW3xHUgYsVsXIVmwqbRTseU4MogYoz  
pGOqowjJ59Xv/TAaM6BicfhNPGL70+R2+sopFsTL8u8S6NT1P5wZIr5UuOqmw93w  
jBC8dFDtqnFFfxuNYwGsXniUv7ANqLOA7dDrQ8dluxe62BbFQT+GrV++9po7duQl  
OAhb5czm81gHRNxy1w4uql7/Ab7+0EdEvqkEGJdZsIgY9g56ImGCoewswqRBP0q6  
jXZtlV0sNaEÎF2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3189-01

WordPress Core versions 6.2 and below suffer from cross site request forgery, persistent cross site scripting, shortcode execution, insufficient sanitization, and directory traversal vulnerabilities.

On May 16, 2023, the WordPress core team released WordPress 6.2.1, which contains patches for 5 vulnerabilities, including a Medium Severity Directory Traversal vulnerability, a Medium-Severity Cross-Site Scripting vulnerability, and several lower-severity vulnerabilities.

These patches have been backported to every version of WordPress since 4.1. WordPress has supported automatic core updates for security releases since WordPress 3.7, and the vast majority of WordPress sites should receive a patch for their major version of WordPress automatically over the next 24 hours. We recommend verifying that your site has been automatically updated to one of the patched versions. Patched versions are available for every major version of WordPress since 4.1, so you can update without risking compatibility issues.

If your site has not been updated automatically we strongly recommend updating manually as soon as possible, as one of the vulnerabilities patched in this release can be used by an attacker with a low-privileged contributor-level account to take over a site.

This email content has also been published on our blog and you're welcome to post a comment there if you'd like to join the conversation. Or you can read the full post in this email.

Vulnerability Analysis

As with every WordPress core release containing security fixes, the Wordfence Threat Intelligence team analyzed the code changes in detail to evaluate the impact of these vulnerabilities on our customers, and to ensure our customers remain protected.

Description: WordPress Core <= 6.2 - Directory Traversal via wp_lang 

Affected Versions: WordPress Core < 6.2.1

Researcher: Matt Rusnak, reported by Ramuel Gall as well as an undisclosed third party auditor

CVE ID: CVE-2023-2745 

CVSS Score: 5.4 (Medium)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Fully Patched Version: 6.2.1

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack. This vulnerability would not be easy to exploit in an impactful manner on most configurations.

Description: WordPress Core <= 6.2 - Cross-Site Request Forgery via wp_ajax_set_attachment_thumbnail 

Affected Versions: WordPress Core < 6.2.1

Researcher: John Blackbourn of the WordPress security team

CVE ID: Pending

CVSS Score: 4.3 (Medium)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Fully Patched Version: 6.2.1

WordPress Core is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the ‘wp_ajax_set_attachment_thumbnail’ AJAX function in versions up to, and including, 6.2. This allows unauthenticated users to update the thumbnail image associated with existing attachments, granted they can trick an authenticated user with appropriate permissions into performing an action, such as clicking a link. The impact of this vulnerability is incredibly minimal and we do not expect to see any exploitation of this weakness.

Description: WordPress Core <= 6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Embed Discovery Functionality 

Affected Versions: WordPress Core < 6.2.1

Researcher: Jakub Żoczek of Securitum and undisclosed third-party auditor

CVE ID: Pending

CVSS Score: 6.4 (Medium)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Fully Patched Version: 6.2.1

WordPress Core is vulnerable to stored Cross-Site Scripting in versions up to, and including, 6.2, due to insufficient validation of the protocol in the response when processing oEmbed discovery. This makes it possible for authenticated attackers with contributor-level and above permissions to use a crafted oEmbed payload at a remote URL to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Description: WordPress Core <= 6.2 - Insufficient Sanitization of Block Attributes 

Affected Versions: WordPress Core < 6.2.1

Researcher: Undisclosed third-party auditor

CVE ID: Pending

CVSS Score: 6.4 (Medium)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Fully Patched Version: 6.2.1

WordPress Core fails to sufficiently sanitize block attributes in versions up to, and including, 6.2. This makes it possible for authenticated attackers with contributor-level and above permissions to embed arbitrary content in HTML comments on the page, though Cross-Site scripting may be possible when combined with an additional vulnerability. Please note that this would only affect sites utilizing a block editor compatible theme.

Description: WordPress Core <= 6.2 - Shortcode Execution in User Generated Content 

Affected Versions: WordPress Core < 6.2.1

Researcher: Liam Gladdy of WP Engine

CVE ID: Pending

CVSS Score: 6.5 (Medium)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Fully Patched Version: 6.2.1

WordPress Core processes shortcodes in user-generated content on block themes in versions up to, and including, 6.2. This could allow unauthenticated attackers to execute shortcodes via submitting comments or other content, allowing them to exploit vulnerabilities that typically require Subscriber or Contributor-level permissions. While this is likely to have minimal impact on its own, it can significantly increase the severity and exploitability of other vulnerabilities.

Conclusion

In today’s article, we covered five vulnerabilities patched in the WordPress 6.2.1 Security and Maintenance Release. Most actively used WordPress sites should be patched via automatic updates within the next 24 hours.

The Wordfence firewall’s built-in directory traversal protection should block attempts to exploit the directory traversal vulnerability, and it would typically only be impactful when exploited by a skilled attacker in certain configurations. Most of the other issues fixed today are similar in that they require specific configurations or circumstances, such as other vulnerable plugins, to impactfully exploit.

However, we urge all site owners to verify that WordPress is updated as soon as possible since it is not practical to deploy a firewall rule that protects against the oEmbed issue and as such any site with untrusted contributor-level users may be at risk.

As always, we strongly recommend updating your site to a patched version of WordPress if it hasn’t been updated automatically. As long as you are running a version of WordPress greater than 4.1, an update is available to patch these vulnerabilities while keeping you on the same major version, so you will not need to worry about compatibility issues.

Special thanks to Wordfence QA Lead Matt Rusnak for finding the directory traversal vulnerability that we responsibly disclosed, and to John Blackbourn of the WordPress security team, Jakub Żoczek of Securitum, and Liam Gladdy of WP Engine for responsibly disclosing these issues.

WordPress Core 6.2 XSS / CSRF / Directory Traversal

AIDE (Advanced Intrusion Detection Environment) is a free replacement for Tripwire(tm). It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms to ensure that the files have not been tampered with.

AIDE 0.18.3

Ubuntu Security Notice 6082-1 - It was discovered that EventSource incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6082-1  
May 17, 2023

node-eventsource vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)

Summary:

EventSource could leak sensitive information if it opened a specially   
crafted  
input file.

Software Description:  
- node-eventsource: EventSource client for Node.js and Browser (polyfill)

Details:

It was discovered that EventSource incorrectly handled certain inputs. If a  
user or an automated system were tricked into opening a specially crafted  
input file, a remote attacker could possibly use this issue to obtain  
sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   node-eventsource                1.1.0+~1.1.8-1ubuntu0.1

Ubuntu 20.04 LTS:  
   node-eventsource                0.2.1-1+deb10u1build0.20.04.1

Ubuntu 18.04 LTS:  
   node-eventsource                0.2.1-1+deb10u1build0.18.04.1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):  
   node-eventsource                0.1.6-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-6082-1  
   CVE-2022-1650

Package Information:

 https://launchpad.net/ubuntu/+source/node-eventsource/1.1.0+~1.1.8-1ubuntu0.1

 https://launchpad.net/ubuntu/+source/node-eventsource/0.2.1-1+deb10u1build0.20.04.1

 https://launchpad.net/ubuntu/+source/node-eventsource/0.2.1-1+deb10u1build0.18.04.1

Ubuntu Security Notice USN-6082-1

Red Hat Security Advisory 2023-3161-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 13 (Queens). Red Hat Product Security has rated this update as having a security impact of Critical.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Critical: Red Hat OpenStack Platform 13.0 security update  
Advisory ID:       RHSA-2023:3161-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3161  
Issue date:        2023-05-17  
CVE Names:         CVE-2023-2088  
====================================================================  
1. Summary:

An update for openstack-nova is now available for Red Hat OpenStack  
Platform 13 (Queens).

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 13.0 - ELS - noarch  
Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server - noarch

3. Description:

Security Fix(es):

* EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's  
volumes (CVE-2023-2088)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2179587 - CVE-2023-2088 openstack-cinder: silently access other user's volumes

6. Package List:

Red Hat OpenStack Platform 13.0 for RHEL 7.6 EUS Server:

Source:  
openstack-nova-17.0.13-41.el7ost.src.rpm  
python-glance-store-0.23.1-0.20190916165255.cc7ecc1.el7ost.src.rpm  
python-os-brick-2.3.9-12.el7ost.src.rpm

noarch:  
openstack-nova-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-api-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-cells-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-common-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-compute-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-conductor-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-console-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-migration-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-network-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-novncproxy-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-placement-api-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-scheduler-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-serialproxy-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-spicehtml5proxy-17.0.13-41.el7ost.noarch.rpm  
python-nova-17.0.13-41.el7ost.noarch.rpm  
python-nova-tests-17.0.13-41.el7ost.noarch.rpm  
python2-glance-store-0.23.1-0.20190916165255.cc7ecc1.el7ost.noarch.rpm  
python2-os-brick-2.3.9-12.el7ost.noarch.rpm

Red Hat OpenStack Platform 13.0 - ELS:

Source:  
openstack-nova-17.0.13-41.el7ost.src.rpm  
python-glance-store-0.23.1-0.20190916165255.cc7ecc1.el7ost.src.rpm  
python-os-brick-2.3.9-12.el7ost.src.rpm

noarch:  
openstack-nova-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-api-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-cells-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-common-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-compute-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-conductor-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-console-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-migration-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-network-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-novncproxy-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-placement-api-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-scheduler-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-serialproxy-17.0.13-41.el7ost.noarch.rpm  
openstack-nova-spicehtml5proxy-17.0.13-41.el7ost.noarch.rpm  
python-nova-17.0.13-41.el7ost.noarch.rpm  
python-nova-tests-17.0.13-41.el7ost.noarch.rpm  
python2-glance-store-0.23.1-0.20190916165255.cc7ecc1.el7ost.noarch.rpm  
python2-os-brick-2.3.9-12.el7ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2088  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGRsFdzjgjWX9erEAQgjgw//W40qglxxm/vu3opNZgozWmb8m3SnuSd4  
rQh0dcMmbnlhmpnx4lN/t1NFRw6dIwpBe08hRI+lmE1Ts1q1oNBLLs+skrEUtwCy  
qSckLdD2oT31SeRSbFDRJ0GufP3Xh4NMKS5U3dMqvKJOoh986JyZCn0xq/5SHbl8  
aMUeocRZuiV0tZMnQ8VUPyovPwuLkpZi/C62HXBnkCQraiXzR0BPaUm+VlB2LEAr  
uNfTggPTKqwMpdttrPz/9Pi8rKEHlNmbjZ11S45HANVKKUO5hnM2hJtT41qvQAaZ  
8HpBA5qhXoCN8zwyy+qsT+LYlKajZcNmunaTQunZ8HseYsHC4CR153Z/NWu2r9Jg  
OPdWF7hCG2B8t4LniNm+wPn68NurasUJUFDzxy1lF4TWsRK3ivQOCL84gup4eHey  
feBXEbaPnzjMaMRctKnCgalQljFSEsDXUck/VgG+g7cNGcB7LffM0q8Byn1yG1F1  
PIRkLs4Dp948H2lGI5/qTPSZY+Khvok13e2OAf/kBNY8UacwAQTRqallPMXUvovt  
n0tSX4HAUr+y1SRRFVmPXJv0eljzbacasUgqSbqM57Wykucw32bdymgI3aHnSK34  
PVyhjHmBrGKbVcRIeBDI1BSs4DPfxnr/nZD73MSBzE0FDaS/tvYz28NL09hO5tRh  
qTR3YFeQzB8=0umc  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3161-01

Red Hat Security Advisory 2023-3158-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.2 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat OpenStack Platform 16.2 security update  
Advisory ID:       RHSA-2023:3158-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3158  
Issue date:        2023-05-17  
CVE Names:         CVE-2023-2088   
=====================================================================

1. Summary:

An update for openstack-nova is now available for Red Hat OpenStack  
Platform 16.2 (Train).

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.2 - noarch

3. Description:

Security Fix(es):

* EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's  
volumes (CVE-2023-2088)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2179587 - CVE-2023-2088 openstack-cinder: silently access other user's volumes

6. Package List:

Red Hat OpenStack Platform 16.2:

Source:  
openstack-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.src.rpm  
openstack-nova-20.6.2-2.20230308185149.el8ost.src.rpm  
python-glance-store-1.0.2-2.20230309124927.79e043a.el8ost.src.rpm  
python-os-brick-2.10.8-2.20220112064936.458bfad.el8ost.src.rpm  
tripleo-ansible-0.8.1-2.20230309004941.el8ost.src.rpm

noarch:  
openstack-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.noarch.rpm  
openstack-nova-20.6.2-2.20230308185149.el8ost.noarch.rpm  
openstack-nova-api-20.6.2-2.20230308185149.el8ost.noarch.rpm  
openstack-nova-common-20.6.2-2.20230308185149.el8ost.noarch.rpm  
openstack-nova-compute-20.6.2-2.20230308185149.el8ost.noarch.rpm  
openstack-nova-conductor-20.6.2-2.20230308185149.el8ost.noarch.rpm  
openstack-nova-console-20.6.2-2.20230308185149.el8ost.noarch.rpm  
openstack-nova-migration-20.6.2-2.20230308185149.el8ost.noarch.rpm  
openstack-nova-novncproxy-20.6.2-2.20230308185149.el8ost.noarch.rpm  
openstack-nova-scheduler-20.6.2-2.20230308185149.el8ost.noarch.rpm  
openstack-nova-serialproxy-20.6.2-2.20230308185149.el8ost.noarch.rpm  
openstack-nova-spicehtml5proxy-20.6.2-2.20230308185149.el8ost.noarch.rpm  
python3-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.noarch.rpm  
python3-glance-store-1.0.2-2.20230309124927.79e043a.el8ost.noarch.rpm  
python3-nova-20.6.2-2.20230308185149.el8ost.noarch.rpm  
python3-os-brick-2.10.8-2.20220112064936.458bfad.el8ost.noarch.rpm  
tripleo-ansible-0.8.1-2.20230309004941.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.2:

Source:  
openstack-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.src.rpm  
python-os-brick-2.10.8-2.20220112064936.458bfad.el8ost.src.rpm

noarch:  
openstack-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.noarch.rpm  
python3-cinder-15.6.1-2.20230310075425.a19c1c9.el8ost.noarch.rpm  
python3-os-brick-2.10.8-2.20220112064936.458bfad.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2088  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGRr29zjgjWX9erEAQiPtw//Svb2MOoXeh/9C42wVjQyM3yF3Lvh9oI/  
jLfMs0I+7mpizyvx+mrBEOGbKX07p3Q73pafcgaED0qD+X5sYH4Vu4RE0e31YVxm  
o2MHtBp2izNdZXUZ5su8FpZGgGAckGOJWM01NsDZaetgfWHSOgs0at+u5OQMX5Zo  
d88lAnu4JIDtWcqswOzPTYACK4p0m3TATyEx4pdNKCXXeV3+hKhfKzFHHbjd7g8+  
wP7a6/KuyYp7TQJ1tlvvRo5AVbHkl1sfFs8TFyvBHLI/Pq/eLWrAZ1K6XsIhxxo7  
d/2QXfdQs8WDYS3p2tES5LkHNWi79Qn+q2jg5hlOuaCINRXGWcANHLPleKLW+Kut  
Z1TN/Nd3F3GjYh8GqOBH26B8byH8wsbPUw6xA1leYX/x39jKeyDSEHasuwNz6ro5  
C51/C6rJRPOORupLxedyEYNzVdPWcbX5Qtf02eaF8n6CJ05jNqxUGfSMQNq5kdQU  
Hbgptcd8ejWIb+dzGKKrX58ObureATdimUQL6pWUNQFDay4Xip4aPgIimCY74Zhu  
cKCkDyOeO8SHctqQVBaiCMNZvjLSBYLwosOpQzYyqB0R7n37RouhofLiv8t1+i0t  
0NKsu612IL/vQUCanANxmLFV0/vA68G9gpTiPmwkON31h/AnTzBahW7jlTVoTxgU  
QibT64twyKA=  
=6DZd  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3158-01

Red Hat Security Advisory 2023-1327-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.0.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.13.0 security update  
Advisory ID:       RHSA-2023:1327-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1327  
Issue date:        2023-05-17  
CVE Names:         CVE-2022-2990 CVE-2022-3259 CVE-2022-41717  
                   CVE-2022-41723 CVE-2022-41724 CVE-2022-41725  
                   CVE-2023-0056 CVE-2023-0229 CVE-2023-0778  
                   CVE-2023-25577 CVE-2023-25725  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.13.0 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.13.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.13.0. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHSA-2023:1326

Security Fix(es):

* golang: net/http: excessive memory growth in a Go server accepting HTTP/2  
requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [LSO]Error message about "ErrorFindingMatchingDisk"  is not clear for cr  
localvolume when no volume attached to worker (BZ#2053505)

All OpenShift Container Platform 4.13 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.13 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2053505 - [LSO]Error message about "ErrorFindingMatchingDisk"  is not clear for cr localvolume when no volume attached to worker  
2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-10381 - [4.13] vDPA vf cannot be created  
OCPBUGS-10702 - Fixing Topology DS pods startup  
OCPBUGS-10729 - NodeFeatureDiscovery CR Status is not populated/updated anymore  
OCPBUGS-10782 - Fixing the the release manifests directory to point to stable  
OCPBUGS-10896 - CNF Upstream MultiNetworkPolicy SR-IOV integration backport 4.13  
OCPBUGS-11065 - Pod annotaion key k8s.v1.cni.cncf.io/networks-status is changed  
OCPBUGS-3057 - SR-IOV | Connectivity doesn't work with iPv6+static mac on top of i40e driver  
OCPBUGS-3624 - End2End tests fail due to lack of Pod Security Admission  
OCPBUGS-3671 - Update image version to 4.12 in cluster-nfd-operator github repo config/manifests/bases/nfd.clusterserviceversion.yaml  
OCPBUGS-3679 - NFD cluster-nfd-operator make image support for arm64 deployment from github repo needs Dockerfile updates  
OCPBUGS-3682 - Allow multiple NFD CR in the cluster  
OCPBUGS-3683 - Allow multiple NFD CR in the cluster  
OCPBUGS-3689 - NFD does not properly detect AMD processors  
OCPBUGS-3707 - NFD operator default namespace openshift-nfd needs specific pod security labels added for OCP 4.12  
OCPBUGS-3745 - Replace deprecated go get in Makefile  
OCPBUGS-3747 - Changing kustomize version  
OCPBUGS-3815 - Update skipper configuration in NFD operator  
OCPBUGS-3838 - Adding local ARM compilation/build configuration  
OCPBUGS-3906 - Fix bundle for release-4.12  
OCPBUGS-396 - LSO should warn that diskmaker can't run because of taints  
OCPBUGS-4066 - fix operator naming convention  
OCPBUGS-4346 - fix operator naming convention  
OCPBUGS-4462 - fix incorrect format of old skipRange  
OCPBUGS-4722 - update sriov csv to 4.13 from 4.12  
OCPBUGS-5178 - BF2 is not converted to nic mode after applied converting machineConfig  
OCPBUGS-5293 - Current State  api call for os-clock-state creates nil pointer-Dual Nic  
OCPBUGS-5377 - Multiple times switching slave port to  fault causes the port state to remain in HOLDOVER  
OCPBUGS-5822 - NFD topologyupdater functionality missing on OCP 4.12 when deploying NFD from bundle  
OCPBUGS-6184 - Update 4.13 sriov-network-device-plugin image to be consistent with ART  
OCPBUGS-701 - SR-IOV VFs may get reseted after being allocated by other pods  
OCPBUGS-7826 - Multi node http service support not working for consumer  
OCPBUGS-7856 - [4.13] ovnkube pod crashed after enable ovs hardware offload in baremetal cluster

6. References:

https://access.redhat.com/security/cve/CVE-2022-2990  
https://access.redhat.com/security/cve/CVE-2022-3259  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-41723  
https://access.redhat.com/security/cve/CVE-2022-41724  
https://access.redhat.com/security/cve/CVE-2022-41725  
https://access.redhat.com/security/cve/CVE-2023-0056  
https://access.redhat.com/security/cve/CVE-2023-0229  
https://access.redhat.com/security/cve/CVE-2023-0778  
https://access.redhat.com/security/cve/CVE-2023-25577  
https://access.redhat.com/security/cve/CVE-2023-25725  
https://access.redhat.com/security/updates/classification/#moderate  
https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGRr2tzjgjWX9erEAQhYQg/+KWtiMPF6zFMjxpFDF5aTBUml4saZPmEr  
CzzBZQwLqMkBXo6wdRSdWl9KDCiVbIagIyWVXA1iknSQTKE0hvsXN214hCnTYjAY  
72mFujn6WyuonhYvSJRja0+b0qI7m/5dScB22dy4+0sCtoIgX8bHXvI3NACNXwRV  
wvWS14+n7f5eiQku9tmsu4IMuPfjqS81kbYLqsCCPeguZwu6sYYypl9OtbUN0rTt  
mWtFVb+/4Zd0l9cRNM3oM00pMIKr1YUZ9sk1wfMo+sofZiaZFH5X04y9pLFA/Jty  
Q5xzCfniJnTkcgqyuf/549jdK0/QfNfkHWgRvjkIxP/nN8W51SAaj+KchjBWLImL  
KBNji+MwGsw+2QpZBVOz9FtzyMVAdq9CNimoQWmQdKd2GW0Vm3mpNFPKX7jYGiAJ  
rDZhHRSVn00VtPzWPFmS2UzK3fhPCs0UXOtgf4WD5Ruf0aht0k0LMwbVfo5HIgaJ  
CICF6+B2FyNuUnxSzIAAFF1lEc+tcqooUr21sWCZBMO4NeUKK15IKY9vqGjKxMWY  
+rNFLJXdpZaHmzMRgNolEI/VFOzlrgVUK7MpGjzu/ojxJfdP/efrN+YNqrp898dd  
BZpnh6aqt34yAY6TonYToYqw0Q2He425cMx+wwoAssR3EeKOhcU6NbtazSWzJdX0  
m4IyVpJlAgE=rvUW  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1327-01

Red Hat Security Advisory 2023-3157-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 17.0 (Wallaby). Red Hat Product Security has rated this update as having a security impact of Critical.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Critical: Red Hat OpenStack Platform 17.0 security update  
Advisory ID:       RHSA-2023:3157-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3157  
Issue date:        2023-05-17  
CVE Names:         CVE-2023-2088  
====================================================================  
1. Summary:

An update for openstack-nova is now available for Red Hat OpenStack  
Platform 17.0 (Wallaby).

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 17.0 - noarch

3. Description:

Security Fix(es):

* EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's  
volumes (CVE-2023-2088)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2179587 - CVE-2023-2088 openstack-cinder: silently access other user's volumes

6. Package List:

Red Hat OpenStack Platform 17.0:

Source:  
openstack-cinder-18.2.1-0.20230509200451.1776695.el9ost.src.rpm  
openstack-nova-23.2.2-0.20221209190754.7074ac0.el9ost.src.rpm  
python-glance-store-2.5.1-0.20230509140449.5f1cee6.el9ost.src.rpm  
python-os-brick-4.3.3-0.20220715140803.d09dc9e.el9ost.src.rpm  
tripleo-ansible-3.3.1-0.20221208161844.fa5422f.el9ost.src.rpm

noarch:  
openstack-cinder-18.2.1-0.20230509200451.1776695.el9ost.noarch.rpm  
openstack-nova-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-api-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-common-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-compute-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-conductor-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-migration-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-novncproxy-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-scheduler-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-serialproxy-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
openstack-nova-spicehtml5proxy-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
python3-cinder-18.2.1-0.20230509200451.1776695.el9ost.noarch.rpm  
python3-cinder-common-18.2.1-0.20230509200451.1776695.el9ost.noarch.rpm  
python3-glance-store-2.5.1-0.20230509140449.5f1cee6.el9ost.noarch.rpm  
python3-nova-23.2.2-0.20221209190754.7074ac0.el9ost.noarch.rpm  
python3-os-brick-4.3.3-0.20220715140803.d09dc9e.el9ost.noarch.rpm  
tripleo-ansible-3.3.1-0.20221208161844.fa5422f.el9ost.noarch.rpm

Red Hat OpenStack Platform 17.0:

Source:  
openstack-cinder-18.2.1-0.20230509200451.1776695.el9ost.src.rpm  
python-os-brick-4.3.3-0.20220715140803.d09dc9e.el9ost.src.rpm

noarch:  
python3-cinder-common-18.2.1-0.20230509200451.1776695.el9ost.noarch.rpm  
python3-os-brick-4.3.3-0.20220715140803.d09dc9e.el9ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2088  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGRr29zjgjWX9erEAQiFGg//cXc2Fg7lFb4lDgVIYerUeMK0A/cYi+y2  
xLzzEJSeEnIaCF8lXUmrDgtMK1OClWF+vRNtur85wyMhcV2ZI7eIIcc955mhp7fX  
detgKsLQGjq0JbeKjqLX5BS8++bTY7ihSMLj6zW021Y+5r1J+jJ7/kmMjr5UCxwR  
edLDBX+eRohgLrrV64T9m1pp7/Qp/eaWrvSiyjy0souhkCMkQQSYJi0KOSYKrTE/  
wxQ52/crestZq7GcuDNBA2qWWOlWd2HCNaumE4VElUl5nGPiIXi8ylMqGu6tgxbF  
Aog0NVx9VILqO/VKIa7dqIQSVDHVZXASZ9HXMEcJ2S10nN2z4zeIYM0PUREjIp7K  
JVP0cAvlpbFURqanMaU2Un9tD9GBSbB+rKqD10xMZD0oWDDKSSgdhd9pmP/ghW/3  
4PK2IoS0iMX0nxX9MVLlXMU+0tZi2L+JCGrSe9fWmafGsPcspw+SvzJMIP8j/XYJ  
3l80kgg8Z5gZ7qcGVF6eZipUIyO5vTfPRMz/HhYYfizFVu2tp8OJ3d+cAxQ0Aezm  
cjPuGsIMX4NUOjsCtFjJxjE2jTsGE0X8LLbadyMF70vZxJY32M+fpAepHQ8VdwJS  
6uY4IqPmh2HEpB8t9vFQ8eUlOWX9+v5Cx3gLbnLicltfuwdyYsU4neVqDP1i4f/e  
xzHE7oP7yH4=BTlv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3157-01

Red Hat Security Advisory 2023-3156-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 (Train). Red Hat Product Security has rated this update as having a security impact of Critical.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat OpenStack Platform 16.1 security update  
Advisory ID:       RHSA-2023:3156-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3156  
Issue date:        2023-05-17  
CVE Names:         CVE-2023-2088   
=====================================================================

1. Summary:

An update for openstack-nova is now available for Red Hat OpenStack  
Platform 16.1 (Train).

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch

3. Description:

Security Fix(es):

* EMBARGOED CVE-2023-2088 openstack-cinder: silently access other user's  
volumes (CVE-2023-2088)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2179587 - CVE-2023-2088 openstack-cinder: silently access other user's volumes

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm  
openstack-nova-20.4.1-1.20221005193232.el8ost.src.rpm  
python-glance-store-1.0.2-1.20220219073735.el8ost.src.rpm  
python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm

noarch:  
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm  
openstack-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-api-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-common-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-compute-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-conductor-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-console-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-migration-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-novncproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-scheduler-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-serialproxy-20.4.1-1.20221005193232.el8ost.noarch.rpm  
openstack-nova-spicehtml5proxy-20.4.1-1.20221005193232.el8ost.noarch.rpm  
python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm  
python3-glance-store-1.0.2-1.20220219073735.el8ost.noarch.rpm  
python3-nova-20.4.1-1.20221005193232.el8ost.noarch.rpm  
python3-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.1:

Source:  
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.src.rpm  
python-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.src.rpm

noarch:  
openstack-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm  
python3-cinder-15.4.0-1.20230510003501.58f0e73.el8ost.noarch.rpm  
python3-os-brick-2.10.5-1.20220112193420.634fb4a.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2088  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZGRr29zjgjWX9erEAQiVug//TcihV0I2Pf3ztuRxxZg10mh343oDhmKS  
kovBJNT8n5Cr+Vb6yXeVMrX8KNNfoaVuuI1A9tQCnck9H3KscAxVM3fO3T2rY7/p  
NqQ7S6B8nwoB9IK+AQjfZt6izlWlTs2C0T2u1JaSQBe+Cct0lJpCkSAba+UwHvu5  
kbQt6GaTbHASUs5zY5yat1RIOqhDYGemJYg6dsEmZVA2ZiBFVyT+N5f5o23xofZ4  
/ABji0DTlatWt8pGG7hbP00TDYyafswkIns3qnVDUP6PnB5wVhsDzpCHSWdTOuBw  
sREXOACYy5bXtM2MXdLWm8taafvFu60hnChjLsdtZ/+EV0B32lyDlH0aqi55Iatb  
NWAWg3B79aVul/CLwhrKmloZRiiyBQTWtLEpXIg5QU+ilF3gGfYX4ff7+PJeCJWW  
zZMFKY/oFrUbk+gFuID2qD3bwcS6oWqcjWzcHAm4dP1y4OcH5SvbHIrIwbdQF9QJ  
6W2mawKCMMsX5CUj9tH+NR4mz8aBuLHr4q7eupPkOlswZmrS57UotJl7NjTUNr7A  
C8/6Deo3UeQUTBH9Osfy0kUVp3xJxF+WwXDGCNqpKnLLMSE3omvNO8gQOiPooVXW  
OVjAa/ewsLo+WXUFY4C+w92pzC9Nh2KXj5e714KjNRFBoi2CIXcy0cfj2KlP5BVE  
xx1mmidLJHw=  
=1uh6  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm