File Replication Pro version 7.5.0 suffers from having insecure directory permissions that can allow a local attacker the ability to escalate privileges.

    # Exploit Title: File Replication Pro 7.5.0 - Password disclosure/reset & PrivEsc due Incorrect Access Control# Date: 2023-04-13# Exploit Author: Andrea Intilangelo# Vendor Homepage: http://www.diasoft.net - https://www.filereplicationpro.com# Software Link: http://www.filereplicationpro.com/install/InstData/Windows_64_Bit/VM/frpro.exe# Version: 7.5.0# Tested on: Windows 10 Pro 22H2 x64# CVE: CVE-2023-26918Incorrect file/folder permissions in Diasoft Corporation's File Replication Pro 7.5.0 allow privilege escalation byreplacing a file with another one that will be executed with "LocalSystem" rights from Windows Services application.C:\Program Files>icacls "c:\Program Files\FileReplicationPro"c:\Program Files\FileReplicationPro Everyone:(F)                                    Everyone:(OI)(CI)(IO)(F)C:\Users\Administrator>sc qc frp[SC] QueryServiceConfig OPERAZIONI RIUSCITENOME_SERVIZIO: frp        TIPO                      : 10  WIN32_OWN_PROCESS        TIPO_AVVIO                : 2   AUTO_START        CONTROLLO_ERRORE          : 1   NORMAL        NOME_PERCORSO_BINARIO     : "C:\Program Files\FileReplicationPro\prunsrv.exe" //RS//frp        GRUPPO_ORDINE_CARICAMENTO :        TAG                       : 0        NOME_VISUALIZZATO         : FRPReplicationServer        DIPENDENZE                : Tcpip                                  : Afd        SERVICE_START_NAME : LocalSystemTo exploit the vulnerability a malicious actor/process must weaponize or replace the prunsrv.exe executable that runswith LocalSystem privileges as "frp" (FRPReplicationServer) service, since the application's path has "Everyone" fullaccess permissions.Moreover, the "properties.xml" file in the "etc" folder inside program's path contains the hashed password for remoteaccess stored in sha1(base64) value, that is possible to modify. Replacing it with a new hash, generated by encryptinga string in SHA-1 and encoding its digest via base64, will grant the login access on the application's web interface.

File Replication Pro 7.5.0 Insecure Permissions / Privilege Escalation

Red Hat Security Advisory 2023-1765-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.17 security update  
Advisory ID:       RHSA-2023:1765-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1765  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-8] Fast Datapath Release (BZ#2177685)

* [CT] Inner header of ICMP related traffic does not get DNATed  
(BZ#2178200)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177685 - [23.C RHEL-8] Fast Datapath Release  
2178200 - [CT] Inner header of ICMP related traffic does not get DNATed

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch2.17-2.17.0-88.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.aarch64.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.aarch64.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.aarch64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.aarch64.rpm

noarch:  
openvswitch2.17-test-2.17.0-88.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.ppc64le.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.ppc64le.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.ppc64le.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.s390x.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.s390x.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.s390x.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-debuginfo-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-debugsource-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-devel-2.17.0-88.el8fdp.x86_64.rpm  
openvswitch2.17-ipsec-2.17.0-88.el8fdp.x86_64.rpm  
python3-openvswitch2.17-2.17.0-88.el8fdp.x86_64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-88.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaINzjgjWX9erEAQiMWg//d9j3aPfYak2tV8EI9xSItFv6WpoLCB4y  
rC4956fWN4hzmKSYHnrw4uvhEVPf1hsue5zJIO0VHlT5MqmwDn6wDjP//V8GC4lE  
JUmTZHQMcWlt/dZQm2mh2I0n4oR0y/4gY3f4kKXUPM0Mg1S1MAEahmm4S9NWAGF7  
f2nVf1b1PACs3E4QfStldiawDDmwPCe8zsaaCCVL9sIR/KZI6yoZOJu8RjCWHac6  
0kw6LpIDjOwoJ/tc2JMoP/1JORzA+6S0Lrg+ZI8Kd0qwL/6KOcBpgCYXYD1eyp60  
18At7rFMonFlOW2JG8A0ewe6MZDXoyJsWjNZl2xPXsa1tHT/jnK29EbXr14X40kx  
/fpSdiRr1zSfChCPFVedxaBWY9L2UoAUGx6TnGXNuNC1UTM0pseMfUMy7TAC4ZV4  
o6qH7hC4a2W1tOxndAq8MWGeh49pq1n/EjwF+deKU73ke834pwDfQFRO03YB4jjM  
myicYpRKimbd6TzFhunIaKJcEYGX5Jna6nBd50a2b5mfHOS/FKah2fmROTK8bRv8  
202/9CCCGWSzE3IlUT9JcamNcdre0xZHmkYXpyLTuW0keXp+wlb19aVR42ZtRq6L  
U+TiznvhSU3XuH7KxJJS0AQdi+zyBWSR24ADbE70nQfu0nP6hupQBo6Eg2dnhdva  
w5iYSsJ1/AA=J+dO  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1765-01

Red Hat Security Advisory 2023-1769-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch2.17 security update  
Advisory ID:       RHSA-2023:1769-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1769  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch2.17 is now available in Fast Datapath for Red Hat  
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 9 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-9] Fast Datapath Release (BZ#2177686)

* [CT] Inner header of ICMP related traffic does not get DNATed  
(BZ#2178203)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177686 - [23.C RHEL-9] Fast Datapath Release  
2178203 - [CT] Inner header of ICMP related traffic does not get DNATed

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 9:

Source:  
openvswitch2.17-2.17.0-77.el9fdp.src.rpm

aarch64:  
openvswitch2.17-2.17.0-77.el9fdp.aarch64.rpm  
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.aarch64.rpm  
openvswitch2.17-debugsource-2.17.0-77.el9fdp.aarch64.rpm  
openvswitch2.17-devel-2.17.0-77.el9fdp.aarch64.rpm  
openvswitch2.17-ipsec-2.17.0-77.el9fdp.aarch64.rpm  
python3-openvswitch2.17-2.17.0-77.el9fdp.aarch64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.aarch64.rpm

noarch:  
openvswitch2.17-test-2.17.0-77.el9fdp.noarch.rpm

ppc64le:  
openvswitch2.17-2.17.0-77.el9fdp.ppc64le.rpm  
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.ppc64le.rpm  
openvswitch2.17-debugsource-2.17.0-77.el9fdp.ppc64le.rpm  
openvswitch2.17-devel-2.17.0-77.el9fdp.ppc64le.rpm  
openvswitch2.17-ipsec-2.17.0-77.el9fdp.ppc64le.rpm  
python3-openvswitch2.17-2.17.0-77.el9fdp.ppc64le.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.ppc64le.rpm

s390x:  
openvswitch2.17-2.17.0-77.el9fdp.s390x.rpm  
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.s390x.rpm  
openvswitch2.17-debugsource-2.17.0-77.el9fdp.s390x.rpm  
openvswitch2.17-devel-2.17.0-77.el9fdp.s390x.rpm  
openvswitch2.17-ipsec-2.17.0-77.el9fdp.s390x.rpm  
python3-openvswitch2.17-2.17.0-77.el9fdp.s390x.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.s390x.rpm

x86_64:  
openvswitch2.17-2.17.0-77.el9fdp.x86_64.rpm  
openvswitch2.17-debuginfo-2.17.0-77.el9fdp.x86_64.rpm  
openvswitch2.17-debugsource-2.17.0-77.el9fdp.x86_64.rpm  
openvswitch2.17-devel-2.17.0-77.el9fdp.x86_64.rpm  
openvswitch2.17-ipsec-2.17.0-77.el9fdp.x86_64.rpm  
python3-openvswitch2.17-2.17.0-77.el9fdp.x86_64.rpm  
python3-openvswitch2.17-debuginfo-2.17.0-77.el9fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaINzjgjWX9erEAQgdjQ//RB88e003zD0P5VKlgcd8xQcxdHy8WkKp  
BksrNOZnjGEeUw3qyqjQaADC8SlmvEWCg7Vh3wxZvAE30nOQOHLZ3iZufvxHAxi3  
0MSyKGolC2W7jCtgEA3TMVu3yx/Pb5sh02iRh32Bp4q7B76blUt+MqR/6APyAHFP  
EOxCrGL4Uif1rC96U1tlexErOmHRdE/hSso/mw5NtP6E5kt27qiNJEsQC4ep3Csi  
61e6+T/dgH/cHso3t5JNX9zdijrSqJmXfc9G3gGxlfkYgUJo7su04Rpx757ufGi2  
sMKR6cEJJKB7kfyhGFys8txsJhsXG5sAMuLDowHEPn/TBtRq734EFIL+A3ksMUTR  
RmBDUqgycibn3uHkG3MOG9/JhJbCp6xA2B8I74ygWezjvbnLqILHvOzWO8PgXypV  
wIwlGBdtcICL2ORDelPznaCf/SltjFrOg0cOxo1IPIMakHYRsEuocyEnzpRH7IVl  
05x1i964/ur4B6j5m6qVJa9aX3eADHl2Tzkc9ykeYJ/Wv/W+LNksOTuxwRknGxn5  
MmMrMO87eF7uxALARIlo6UjggmT38A39cy/rdrlmT0BUHafLGe8sz7vwhklRwoAw  
GoEsPaDmN4hotvh94Unf89SwSXKKp1S8XG1+DIl091Rg1nkcSudBoC3k4PmYRSY+  
7qP7ZWcYyvk=xchJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1769-01

Red Hat Security Advisory 2023-1766-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch3.1 security update  
Advisory ID:       RHSA-2023:1766-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1766  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 8 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-8] Fast Datapath Release (BZ#2177687)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

Users of openvswitch3.1 are advised to upgrade to these updated packages,  
which fixes these bugs.

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177687 - [23.C RHEL-8] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 8:

Source:  
openvswitch3.1-3.1.0-17.el8fdp.src.rpm

aarch64:  
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-debugsource-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-devel-3.1.0-17.el8fdp.aarch64.rpm  
openvswitch3.1-ipsec-3.1.0-17.el8fdp.aarch64.rpm  
python3-openvswitch3.1-3.1.0-17.el8fdp.aarch64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.aarch64.rpm

noarch:  
openvswitch3.1-test-3.1.0-17.el8fdp.noarch.rpm

ppc64le:  
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-debugsource-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-devel-3.1.0-17.el8fdp.ppc64le.rpm  
openvswitch3.1-ipsec-3.1.0-17.el8fdp.ppc64le.rpm  
python3-openvswitch3.1-3.1.0-17.el8fdp.ppc64le.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.ppc64le.rpm

s390x:  
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-debugsource-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-devel-3.1.0-17.el8fdp.s390x.rpm  
openvswitch3.1-ipsec-3.1.0-17.el8fdp.s390x.rpm  
python3-openvswitch3.1-3.1.0-17.el8fdp.s390x.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.s390x.rpm

x86_64:  
network-scripts-openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-debuginfo-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-debugsource-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-devel-3.1.0-17.el8fdp.x86_64.rpm  
openvswitch3.1-ipsec-3.1.0-17.el8fdp.x86_64.rpm  
python3-openvswitch3.1-3.1.0-17.el8fdp.x86_64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-17.el8fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaINzjgjWX9erEAQgq0Q//bKc0CM9R2JeB8Czrus6oTHhXpBt+ykbW  
ynNuGnQFwrIK2ToqHAvCXfbavCbP+ENebsxzCfKBzE0kL2KrTq5v/cgcETyWsc2O  
VJ+LxTeYOjuKXObO+aAQujcEpU89FiwXPcdyBr0ayuLof+tLuem78VQoPyDnMBmF  
zB9RIIOjznXOFPhwej8DokAziEVtjgKwWuh1/V4nYquIAFyP7hm4IQ26OkVLxhZG  
LNCXmHYFxwgqXBn9vEmTNuAjRZFHkyIHHH6ShZHwz//tK4EbwW5v+IvQpCa6rkHT  
beZh2ivr7t07J27xheD7AZPmat1dlOBmSo3yy67W9hC2t1YGp0ryaTyq1SZt2+h0  
a8+CF8870BjZidp6tLsRc5EMz+/WSoRatYn92WOfKnAyrMfSXgZvqpq94nv+oYJw  
uLA3FMc2mae7JDWVkl/K1TT8r2b9aUQk8qL0w1onAQComtOFbNzOvWfwQMp2PMZ9  
l13TQpJGEhu5NiXKUeQZvT+XLyuZ80DsyyPES080CQ3IdJ0uCcMpQDb346PJUfG6  
/kSMi0LiPRArFgQXWfL4EWNKPnEBeLJQmaFO7grNPAi8k4cuuiHbx2NTByAdQKFg  
ayKoM1ntNB6KGBVQnhScsELj6lFZp/RiBWpocpj1nHVxlIdwmbIqU8UIDK26QvrJ  
xi7Xxtsl0ZQ=aTXK  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1766-01

Red Hat Security Advisory 2023-1770-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: openvswitch3.1 security update  
Advisory ID:       RHSA-2023:1770-01  
Product:           Fast Datapath  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1770  
Issue date:        2023-04-13  
CVE Names:         CVE-2023-1668  
====================================================================  
1. Summary:

An update for openvswitch3.1 is now available in Fast Datapath for Red Hat  
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Fast Datapath for Red Hat Enterprise Linux 9 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Open vSwitch provides standard network bridging functions and support for  
the OpenFlow protocol for remote per-flow control of traffic.

Security Fix(es):

* openvswitch: ip proto 0 triggers incorrect handling (CVE-2023-1668)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [23.C RHEL-9] Fast Datapath Release (BZ#2177688)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2137666 - CVE-2023-1668 openvswitch: ip proto 0 triggers incorrect handling  
2177688 - [23.C RHEL-9] Fast Datapath Release

6. Package List:

Fast Datapath for Red Hat Enterprise Linux 9:

Source:  
openvswitch3.1-3.1.0-14.el9fdp.src.rpm

aarch64:  
openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.aarch64.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.aarch64.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.aarch64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.aarch64.rpm

noarch:  
openvswitch3.1-test-3.1.0-14.el9fdp.noarch.rpm

ppc64le:  
openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.ppc64le.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.ppc64le.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.ppc64le.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.ppc64le.rpm

s390x:  
openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.s390x.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.s390x.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.s390x.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.s390x.rpm

x86_64:  
openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-debugsource-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-devel-3.1.0-14.el9fdp.x86_64.rpm  
openvswitch3.1-ipsec-3.1.0-14.el9fdp.x86_64.rpm  
python3-openvswitch3.1-3.1.0-14.el9fdp.x86_64.rpm  
python3-openvswitch3.1-debuginfo-3.1.0-14.el9fdp.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1668  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDfaLtzjgjWX9erEAQgWtw//Q8Uf6a/o/eN5OJxyMupZANRTuKoPOXeu  
vUuwVU6oVNklao0FCs3BkMUfoGagZfHqJiVtaJBp48hpHWprZ6CJ6Prc18k/KIkY  
hhN/z42p1fLC+J4JzMuA3cODHVc0JkXuRT1wMfGYfKq4RLPaW6jADVSIGzTIZhc9  
YtppXWcpp5cEgvoF9/NtZspKggFUWuXj4BymJ7fzmxGpDkHkaMMdMX+9+qTevpyP  
Kj0G9YfdmmUGWAaZ3Fm5/vh8otoeTDOU83YgTl+kQrflPg/PJVuTAiJ3cjA+Sl1U  
yZDyUxNwgSwvJ4PJKMif6SrNsvv1PQpxK9UE9Q8JWVlXVwvPw5aHpj9bhk5Kmv3n  
t/x37zdKWPbldBeuQlNpXTNAZ1YFGd5PSzseR8fJXoyinhcT+ATC4mAyWhoq5+B5  
J7NLCxJDXfO8pzBbnv5whaDS3fztXbFpKQC5wC26x/az4Fci2+y2EX9TTxYTyA2P  
JZ0zp4wZpHHk78xoSPOMGuvURwl9NYGPQvLtztg6sOFx/XDwC3fws+SGTkeUJjfw  
xiAdisM4JAujDR0jiMRBe+WkElVF1uaT1KolLQPxu9kxcNuLJ/Qr62kBjsPfgkF0  
feZT3Uui2ZZhuX/F/z74OkKS+ke9dIeN75d6KpYiMfaJdYpRC2rmU6f1aQBfcVik  
dd1tBu49mHM=xop/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1770-01

Ubuntu Security Notice 6012-1 - It was discovered that Smarty incorrectly parsed blocks' names and included files' names. A remote attacker with template writing permissions could use this issue to execute arbitrary PHP code.

==========================================================================  
Ubuntu Security Notice USN-6012-1  
April 13, 2023

smarty3 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS

Summary:

Smarty could be made to crash or run programs if it received a specially  
crafted template.

Software Description:  
- smarty3: The compiling PHP template engine

Details:

It was discovered that Smarty incorrectly parsed blocks' names and  
included files' names. A remote attacker with template writing permissions  
could use this issue to execute arbitrary PHP code. (CVE-2022-29221)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   smarty3                         3.1.39-2ubuntu1.22.10.1

Ubuntu 22.04 LTS:  
   smarty3                         3.1.39-2ubuntu1.22.04.1

In general, a standard system update will make all the necessary changes.

References:  
https://ubuntu.com/security/notices/USN-6012-1  
   CVE-2022-29221

Package Information:  
https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.10.1  
https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.04.1

Ubuntu Security Notice USN-6012-1

Ubuntu Security Notice 6015-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Paul Menzel discovered that Thunderbird did not properly validate OCSP revocation status of recipient certificates when sending S/Mime encrypted email. An attacker could potentially exploits this issue to perform spoofing attack.

    =========================================================================Ubuntu Security Notice USN-6015-1April 13, 2023thunderbird vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Thunderbird.Software Description:- thunderbird: Mozilla Open Source mail and newsgroup clientDetails:Multiple security issues were discovered in Thunderbird. If a user weretricked into opening a specially crafted website in a browsing context, anattacker could potentially exploit these to cause a denial of service,obtain sensitive information, bypass security restrictions, cross-sitetracing, or execute arbitrary code. (CVE-2023-1945, CVE-2023-29548,CVE-2023-29550)Paul Menzel discovered that Thunderbird did not properly validate OCSPrevocation status of recipient certificates when sending S/Mime encryptedemail. An attacker could potentially exploits this issue to performspoofing attack. (CVE-2023-0547)Ribose RNP Team discovered that Thunderbird did not properly manage memorywhen parsing certain OpenPGP messages. An attacker could potentiallyexploits this issue to cause a denial of service. (CVE-2023-29479)Irvan Kurniawan discovered that Thunderbird did not properly managefullscreen notifications using a combination of window.open, fullscreenrequests, window.name assignments, and setInterval calls. An attacker couldpotentially exploit this issue to perform spoofing attacks.(CVE-2023-29533)Lukas Bernhard discovered that Thunderbird did not properly manage memorywhen doing Garbage Collector compaction. An attacker could potentiallyexploits this issue to cause a denial of service. (CVE-2023-29535)Zx from qriousec discovered that Thunderbird did not properly validate theaddress to free a pointer provided to the memory manager. An attacker couldpotentially exploits this issue to cause a denial of service.(CVE-2023-29536)Trung Pham discovered that Thunderbird did not properly validate thefilename directive in the Content-Disposition header. An attacker couldpossibly exploit this to perform reflected file download attackspotentially tricking users to install malware. (CVE-2023-29539)Ameen Basha M K discovered that Thunderbird did not properly validatedownloads of files ending in .desktop. An attacker could potentiallyexploits this issue to execute arbitrary code. (CVE-2023-29541)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:  thunderbird                     1:102.10.0+build2-0ubuntu0.22.10.1Ubuntu 22.04 LTS:  thunderbird                     1:102.10.0+build2-0ubuntu0.22.04.1Ubuntu 20.04 LTS:  thunderbird                     1:102.10.0+build2-0ubuntu0.20.04.1Ubuntu 18.04 LTS:  thunderbird                     1:102.10.0+build2-0ubuntu0.18.04.1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6015-1  CVE-2023-0547, CVE-2023-1945, CVE-2023-29479, CVE-2023-29533,  CVE-2023-29535, CVE-2023-29536, CVE-2023-29539, CVE-2023-29541,  CVE-2023-29548, CVE-2023-29550Package Information:  https://launchpad.net/ubuntu/+source/thunderbird/1:102.10.0+build2-0ubuntu0.22.10.1  https://launchpad.net/ubuntu/+source/thunderbird/1:102.10.0+build2-0ubuntu0.22.04.1  https://launchpad.net/ubuntu/+source/thunderbird/1:102.10.0+build2-0ubuntu0.20.04.1  https://launchpad.net/ubuntu/+source/thunderbird/1:102.10.0+build2-0ubuntu0.18.04.1

Ubuntu Security Notice USN-6015-1

Red Hat Security Advisory 2023-1747-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: pki-core:10.6 security update  
Advisory ID:       RHSA-2023:1747-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1747  
Issue date:        2023-04-12  
CVE Names:         CVE-2022-2414  
====================================================================  
1. Summary:

An update for the pki-core:10.6 module is now available for Red Hat  
Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2  
Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream AUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream E4S (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream TUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Public Key Infrastructure (PKI) Core contains fundamental packages  
required by Red Hat Certificate System.

Security Fix(es):

* pki-core: access to external entities when parsing XML can lead to XXE  
(CVE-2022-2414)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2104676 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE

6. Package List:

Red Hat Enterprise Linux AppStream AUS (v. 8.2):

Source:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.src.rpm  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.src.rpm  
pki-core-10.8.4-1.module+el8.2.0+17305+ef598dea.src.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.src.rpm

aarch64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm

noarch:  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
ldapjdk-javadoc-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
pki-base-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-base-java-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-ca-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-kra-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-server-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
python3-pki-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.noarch.rpm

ppc64le:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm

s390x:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm

x86_64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm

Red Hat Enterprise Linux AppStream E4S (v. 8.2):

Source:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.src.rpm  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.src.rpm  
pki-core-10.8.4-1.module+el8.2.0+17305+ef598dea.src.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.src.rpm

aarch64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm

noarch:  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
ldapjdk-javadoc-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
pki-base-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-base-java-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-ca-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-kra-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-server-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
python3-pki-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.noarch.rpm

ppc64le:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm

s390x:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm

x86_64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm

Red Hat Enterprise Linux AppStream TUS (v. 8.2):

Source:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.src.rpm  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.src.rpm  
pki-core-10.8.4-1.module+el8.2.0+17305+ef598dea.src.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.src.rpm

aarch64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.aarch64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.aarch64.rpm

noarch:  
ldapjdk-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
ldapjdk-javadoc-4.21.0-2.module+el8.2.0+6294+b7db4606.noarch.rpm  
pki-base-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-base-java-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-ca-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-kra-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
pki-server-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
python3-pki-10.8.4-1.module+el8.2.0+17305+ef598dea.noarch.rpm  
tomcatjss-7.4.1-2.module+el8.2.0+6294+b7db4606.noarch.rpm

ppc64le:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.ppc64le.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.ppc64le.rpm

s390x:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.s390x.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.s390x.rpm

x86_64:  
jss-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debuginfo-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-debugsource-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
jss-javadoc-4.6.2-12.module+el8.2.0+10554+cf83aa72.x86_64.rpm  
pki-core-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-core-debugsource-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-symkey-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm  
pki-tools-debuginfo-10.8.4-1.module+el8.2.0+17305+ef598dea.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2414  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZDcxWNzjgjWX9erEAQi/AA/9GNdQctKqRnMI2c+jyjs/LF5USS5Qx3dk  
axfQaGBzI7jYtBReNbGlVnlQzS+/DjiChUfl2m2YU1pAhhO3B7/Nd5t6xC9mMkUN  
Itvzu46P1pPCt0pURc+BEpC6PxIHq6cFpEeS9L52FFWjUTYKH/IeIb3Po0XGtyZ1  
lHIOjqvAZTXSi+7IR07pXBKNy03vUNVdVcRDqNkls9FFfKDsx11/KgoIksWxkBtC  
oiuhLaMzlsmmL2VC60ZbrGKBstOIalL+X1p1JmG3W5aRFiIu90MeyHpX1cQwldlD  
mWzKZUG/e8KI7iFufQZ6nsHGrCvREWDncpbUcRxilRI1jBPqI5cJfol2CKmrAMT7  
UWhn4WMfBGmKr7heUxemxJowFtlRSbzz0I95qW5J3JA74JjsMDxkLwWnTlLf70yo  
F71oy0IJWSdQ776bkR9oy7ZlcLioNhFEtGR9/kDc2AKdP1bc+hNZV2s/2UYC0aSj  
4Nx3gJp8g1PcnwDMJwL3KvxA4DWZ4YhJ2lInSqGQ37WyIr/7OPknjWaVdzb1unvl  
fRjWygiwJ90zEOv2gkyVAa01GrScO/xi6ppR1am6lXVGdUcmZYYs3jeL0ajEEkvo  
g/3hqWgqcai9a8DkaubbwhwPDpia+s38CjRQML3AD+k+02IZcOr1pcNFygy/BLyR  
TppOjgbEuAk=PPtl  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1747-01

Ubuntu Security Notice 6014-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

==========================================================================  
Ubuntu Security Notice USN-6014-1  
April 12, 2023

linux, linux-kvm, linux-lts-xenial vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM  
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux: Linux kernel  
- linux-kvm: Linux kernel for cloud environments  
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP  
implementation in the Linux kernel did not properly handle IPID assignment.  
A remote attacker could use this to cause a denial of service (connection  
termination) or inject forged data. (CVE-2020-36516)

Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk,  
Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre  
Variant 2 mitigations for AMD processors on Linux were insufficient in some  
situations. A local attacker could possibly use this to expose sensitive  
information. (CVE-2021-26401)

Jürgen Groß discovered that the Xen subsystem within the Linux kernel did  
not adequately limit the number of events driver domains (unprivileged PV  
backends) could send to other guest VMs. An attacker in a driver domain  
could use this to cause a denial of service in other guest VMs.  
(CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)

Wolfgang Frisch discovered that the ext4 file system implementation in the  
Linux kernel contained an integer overflow when handling metadata inode  
extents. An attacker could use this to construct a malicious ext4 file  
system image that, when mounted, could cause a denial of service (system  
crash). (CVE-2021-3428)

It was discovered that the IEEE 802.15.4 wireless network subsystem in the  
Linux kernel did not properly handle certain error conditions, leading to a  
null pointer dereference vulnerability. A local attacker could possibly use  
this to cause a denial of service (system crash). (CVE-2021-3659)

It was discovered that the System V IPC implementation in the Linux kernel  
did not properly handle large shared memory counts. A local attacker could  
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)

Alois Wohlschlager discovered that the overlay file system in the Linux  
kernel did not restrict private clones in some situations. An attacker  
could use this to expose sensitive information. (CVE-2021-3732)

It was discovered that the SCTP protocol implementation in the Linux kernel  
did not properly verify VTAGs in some situations. A remote attacker could  
possibly use this to cause a denial of service (connection disassociation).  
(CVE-2021-3772)

It was discovered that the btrfs file system implementation in the Linux  
kernel did not properly handle locking in certain error conditions. A local  
attacker could use this to cause a denial of service (kernel deadlock).  
(CVE-2021-4149)

Jann Horn discovered that the socket subsystem in the Linux kernel  
contained a race condition when handling listen() and connect() operations,  
leading to a read-after-free vulnerability. A local attacker could use this  
to cause a denial of service (system crash) or possibly expose sensitive  
information. (CVE-2021-4203)

It was discovered that the file system quotas implementation in the Linux  
kernel did not properly validate the quota block number. An attacker could  
use this to construct a malicious file system image that, when mounted and  
operated on, could cause a denial of service (system crash).  
(CVE-2021-45868)

Zhihua Yao discovered that the MOXART SD/MMC driver in the Linux kernel did  
not properly handle device removal, leading to a use-after-free  
vulnerability. A physically proximate attacker could possibly use this to  
cause a denial of service (system crash). (CVE-2022-0487)

It was discovered that the block layer subsystem in the Linux kernel did  
not properly initialize memory in some situations. A privileged local  
attacker could use this to expose sensitive information (kernel memory).  
(CVE-2022-0494)

It was discovered that the UDF file system implementation in the Linux  
kernel could attempt to dereference a null pointer in some situations. An  
attacker could use this to construct a malicious UDF image that, when  
mounted and operated on, could cause a denial of service (system crash).  
(CVE-2022-0617)

David Bouman discovered that the netfilter subsystem in the Linux kernel  
did not initialize memory in some situations. A local attacker could use  
this to expose sensitive information (kernel memory). (CVE-2022-1016)

It was discovered that the implementation of the 6pack and mkiss protocols  
in the Linux kernel did not handle detach events properly in some  
situations, leading to a use-after-free vulnerability. A local attacker  
could possibly use this to cause a denial of service (system crash).  
(CVE-2022-1195)

Duoming Zhou discovered race conditions in the AX.25 amateur radio protocol  
implementation in the Linux kernel, leading to use-after-free  
vulnerabilities. A local attacker could possibly use this to cause a denial  
of service (system crash). (CVE-2022-1205)

It was discovered that the tty subsystem in the Linux kernel contained a  
race condition in certain situations, leading to an out-of-bounds read  
vulnerability. A local attacker could possibly use this to cause a denial  
of service (system crash) or expose sensitive information. (CVE-2022-1462)

It was discovered that the implementation of X.25 network protocols in the  
Linux kernel did not terminate link layer sessions properly. A local  
attacker could possibly use this to cause a denial of service (system  
crash). (CVE-2022-1516)

Duoming Zhou discovered a race condition in the NFC subsystem in the Linux  
kernel, leading to a use-after-free vulnerability. A privileged local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-1974)

Duoming Zhou discovered that the NFC subsystem in the Linux kernel did not  
properly prevent context switches from occurring during certain atomic  
context operations. A privileged local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-1975)

It was discovered that the HID subsystem in the Linux kernel did not  
properly validate inputs in certain conditions. A local attacker with  
physical access could plug in a specially crafted USB device to expose  
sensitive information. (CVE-2022-20132)

It was discovered that the device-mapper verity (dm-verity) driver in the  
Linux kernel did not properly verify targets being loaded into the device-  
mapper table. A privileged attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code. (CVE-2022-20572,  
CVE-2022-2503)

Duoming Zhou discovered that race conditions existed in the timer handling  
implementation of the Linux kernel's Rose X.25 protocol layer, resulting in  
use-after-free vulnerabilities. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-2318)

Zheyu Ma discovered that the Silicon Motion SM712 framebuffer driver in the  
Linux kernel did not properly handle very small reads. A local attacker  
could use this to cause a denial of service (system crash). (CVE-2022-2380)

David Leadbeater discovered that the netfilter IRC protocol tracking  
implementation in the Linux Kernel incorrectly handled certain message  
payloads in some situations. A remote attacker could possibly use this to  
cause a denial of service or bypass firewall filtering. (CVE-2022-2663)

Lucas Leong discovered that the LightNVM subsystem in the Linux kernel did  
not properly handle data lengths in certain situations. A privileged  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-2991)

It was discovered that the Intel 740 frame buffer driver in the Linux  
kernel contained a divide by zero vulnerability. A local attacker could use  
this to cause a denial of service (system crash). (CVE-2022-3061)

Jiasheng Jiang discovered that the wm8350 charger driver in the Linux  
kernel did not properly deallocate memory, leading to a null pointer  
dereference vulnerability. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-3111)

It was discovered that the sound subsystem in the Linux kernel contained a  
race condition in some situations. A local attacker could use this to cause  
a denial of service (system crash). (CVE-2022-3303)

It was discovered that the Broadcom FullMAC USB WiFi driver in the Linux  
kernel did not properly perform bounds checking in some situations. A  
physically proximate attacker could use this to craft a malicious USB  
device that when inserted, could cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2022-3628)

Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux  
kernel contained an out-of-bounds write vulnerability. A local attacker  
could use this to cause a denial of service (system crash).  
(CVE-2022-36280)

It was discovered that the NILFS2 file system implementation in the Linux  
kernel did not properly deallocate memory in certain error conditions. An  
attacker could use this to cause a denial of service (memory exhaustion).  
(CVE-2022-3646)

It was discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel contained a reference counting error. A local attacker could  
use this to cause a denial of service (system crash). (CVE-2022-36879)

It was discovered that the infrared transceiver USB driver did not properly  
handle USB control messages. A local attacker with physical access could  
plug in a specially crafted USB device to cause a denial of service (memory  
exhaustion). (CVE-2022-3903)

Jann Horn discovered a race condition existed in the Linux kernel when  
unmapping VMAs in certain situations, resulting in possible use-after-free  
vulnerabilities. A local attacker could possibly use this to cause a denial  
of service (system crash) or execute arbitrary code. (CVE-2022-39188)

Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not  
properly perform reference counting in some situations, leading to a use-  
after-free vulnerability. A local attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41218)

It was discovered that a race condition existed in the SMSC UFX USB driver  
implementation in the Linux kernel, leading to a use-after-free  
vulnerability. A physically proximate attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-41849)

It was discovered that a race condition existed in the Roccat HID driver in  
the Linux kernel, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-41850)

It was discovered that the USB core subsystem in the Linux kernel did not  
properly handle nested reset events. A local attacker with physical access  
could plug in a specially crafted USB device to cause a denial of service  
(kernel deadlock). (CVE-2022-4662)

It was discovered that the network queuing discipline implementation in the  
Linux kernel contained a null pointer dereference in some situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2022-47929)

Kyle Zeng discovered that the IPv6 implementation in the Linux kernel  
contained a NULL pointer dereference vulnerability in certain situations. A  
local attacker could use this to cause a denial of service (system crash).  
(CVE-2023-0394)

It was discovered that a memory leak existed in the SCTP protocol  
implementation in the Linux kernel. A local attacker could use this to  
cause a denial of service (memory exhaustion). (CVE-2023-1074)

Mingi Cho discovered that the netfilter subsystem in the Linux kernel did  
not properly initialize a data structure, leading to a null pointer  
dereference vulnerability. An attacker could use this to cause a denial of  
service (system crash). (CVE-2023-1095)

Kyle Zeng discovered that the ATM VC queuing discipline implementation in  
the Linux kernel contained a type confusion vulnerability in some  
situations. An attacker could use this to cause a denial of service (system  
crash). (CVE-2023-23455)

Lianhui Tang discovered that the MPLS implementation in the Linux kernel  
did not properly handle certain sysctl allocation failure conditions,  
leading to a double-free vulnerability. An attacker could use this to cause  
a denial of service or possibly execute arbitrary code. (CVE-2023-26545)

It was discovered that the NTFS file system implementation in the Linux  
kernel did not properly validate attributes in certain situations, leading  
to an out-of-bounds read vulnerability. A local attacker could possibly use  
this to expose sensitive information (kernel memory). (CVE-2023-26607)

Duoming Zhou discovered that a race condition existed in the infrared  
receiver/transceiver driver in the Linux kernel, leading to a use-after-  
free vulnerability. A privileged attacker could use this to cause a denial  
of service (system crash) or possibly execute arbitrary code.  
(CVE-2023-1118)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 ESM:  
   linux-image-4.4.0-1118-kvm      4.4.0-1118.128  
   linux-image-4.4.0-239-generic   4.4.0-239.273  
   linux-image-4.4.0-239-lowlatency  4.4.0-239.273  
   linux-image-generic             4.4.0.239.245  
   linux-image-generic-lts-xenial  4.4.0.239.245  
   linux-image-kvm                 4.4.0.1118.115  
   linux-image-lowlatency          4.4.0.239.245  
   linux-image-lowlatency-lts-xenial  4.4.0.239.245  
   linux-image-virtual             4.4.0.239.245  
   linux-image-virtual-lts-xenial  4.4.0.239.245

Ubuntu 14.04 ESM:  
   linux-image-4.4.0-239-generic   4.4.0-239.273~14.04.1  
   linux-image-4.4.0-239-lowlatency  4.4.0-239.273~14.04.1  
   linux-image-generic-lts-xenial  4.4.0.239.207  
   linux-image-lowlatency-lts-xenial  4.4.0.239.207  
   linux-image-virtual-lts-xenial  4.4.0.239.207

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-6014-1  
   CVE-2020-36516, CVE-2021-26401, CVE-2021-28711, CVE-2021-28712,  
   CVE-2021-28713, CVE-2021-3428, CVE-2021-3659, CVE-2021-3669,  
   CVE-2021-3732, CVE-2021-3772, CVE-2021-4149, CVE-2021-4203,  
   CVE-2021-45868, CVE-2022-0487, CVE-2022-0494, CVE-2022-0617,  
   CVE-2022-1016, CVE-2022-1195, CVE-2022-1205, CVE-2022-1462,  
   CVE-2022-1516, CVE-2022-1974, CVE-2022-1975, CVE-2022-20132,  
   CVE-2022-20572, CVE-2022-2318, CVE-2022-2380, CVE-2022-2503,  
   CVE-2022-2663, CVE-2022-2991, CVE-2022-3061, CVE-2022-3111,  
   CVE-2022-3303, CVE-2022-3628, CVE-2022-36280, CVE-2022-3646,  
   CVE-2022-36879, CVE-2022-3903, CVE-2022-39188, CVE-2022-41218,  
   CVE-2022-41849, CVE-2022-41850, CVE-2022-4662, CVE-2022-47929,  
   CVE-2023-0394, CVE-2023-1074, CVE-2023-1095, CVE-2023-1118,  
   CVE-2023-23455, CVE-2023-26545, CVE-2023-26607

Ubuntu Security Notice USN-6014-1

Ubuntu Security Notice 6008-1 - It was discovered that Exo did not properly sanitized desktop files. A remote attacker could possibly use this issue to to cause a crash or arbitrary code execution.

=========================================================================  
Ubuntu Security Notice USN-6008-1  
April 11, 2023

exo vulnerability  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 ESM  
- Ubuntu 20.04 ESM  
- Ubuntu 18.04 ESM  
- Ubuntu 16.04 ESM  
- Ubuntu 14.04 ESM

Summary:

Exo could be made to crash or run programs if it opened a specially crafted  
file.

Software Description:  
- exo: Extension library used in the Xfce desktop

Details:

It was discovered that Exo did not properly sanitized desktop files.  
A remote attacker could possibly use this issue to to cause a crash or  
arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 ESM:  
  libexo-2-0                      4.16.3-1ubuntu0.1~esm1  
  libexo-common                   4.16.3-1ubuntu0.1~esm1

Ubuntu 20.04 ESM:  
  libexo-1-0                      0.12.11-1ubuntu1.20.04.1+esm1  
  libexo-2-0                      0.12.11-1ubuntu1.20.04.1+esm1  
  libexo-common                   0.12.11-1ubuntu1.20.04.1+esm1

Ubuntu 18.04 ESM:  
  libexo-1-0                      0.12.2-0ubuntu0.18.04.1+esm1  
  libexo-2-0                      0.12.2-0ubuntu0.18.04.1+esm1  
  libexo-common                   0.12.2-0ubuntu0.18.04.1+esm1

Ubuntu 16.04 ESM:  
  libexo-1-0                      0.10.7-1ubuntu0.1~esm1  
  libexo-common                   0.10.7-1ubuntu0.1~esm1

Ubuntu 14.04 ESM:  
  libexo-1-0                      0.10.2-3ubuntu1.14.04.2+esm1  
  libexo-common                   0.10.2-3ubuntu1.14.04.2+esm1

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-6008-1  
  CVE-2022-32278

Source

Packet Storm