Debian Linux Security Advisory 5350-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5350-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffFebruary 15, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : firefox-esrCVE ID         : CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730                 CVE-2023-25732 CVE-2023-25735 CVE-2023-25737 CVE-2023-25739                 CVE-2023-25742 CVE-2023-25744 CVE-2023-25746Multiple security issues have been found in the Mozilla Firefox webbrowser, which could potentially result in the execution of arbitrarycode, information disclosure or spoofing.For the stable distribution (bullseye), these problems have been fixed inversion 102.8.0esr-1~deb11u1.We recommend that you upgrade your firefox-esr packages.For the detailed security status of firefox-esr please refer toits security tracker page at:https://security-tracker.debian.org/tracker/firefox-esrFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPtV6UACgkQEMKTtsN8TjaSnw/7BcS79J9DE7PpjEeGnRQWThF2J+5sUve2chr74v8FHb1LAfX0r84BesD6Vxea1OfeR5mpXwfZGgsa4aFBxwQpDOP/PDI/qeAReklZk9KY9H/DW+ksLlhmhF3t1vKPe2Fbqh5TRprNjHNT6jvat6VnTDPPVEA9v3But4EqZxDSwrefgOhUdJaGtOrUCsJzVAvPIBXNF94TamU6e0hIgWNiyMqo9TQvjKYJTJc6sBGZXiHaT+tV+fyKxBm/SHircg5ebKBbrKy8FI+IAA3KPT4Xqu9walYS59Rdv7C2cOK/Y1B2hY+KJFEfRpjRX0GokXIYd1vyoj5is82GOacDDfsJCzKCKkoPm8SSvbRvYg3RnN3MckA3XkBZxKoI34bwOWziq9kaLzvEuOTD7cjMECxv9rgkM265IvKG8WLxm0bP+mehqLVTr8odJd2937IqJ/wYuZ8dJfXSrw5Jpdyu3FkiH59e5XORLC9gEwUkFNyIXVfw2JqCmBD6yuhmmKdgii5UfbCc2UsVdeNN+2Za+tM/giyUgkf7N50+3n1SzGDrJ8CoQRB+VN8Zddqkl0q34PyBZWbmaeWH1YCxKnnpi5sp4Uh2UuRYALzDexomKfSG7KYVnCYWP8vGia3tIoOZsjEYh6pHDfHJiVJl/3lblZJYmYpTdO63Mqe8wrD1kNnbdV0=us1V-----END PGP SIGNATURE-----

Debian Security Advisory 5350-1

Red Hat Security Advisory 2023-0698-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.52.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.10.52 security update  
Advisory ID:       RHSA-2023:0698-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0698  
Issue date:        2023-02-15  
CVE Names:         CVE-2022-1471 CVE-2022-3064 CVE-2022-23521  
                   CVE-2022-34174 CVE-2022-38023 CVE-2022-41903  
                   CVE-2022-47629  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.10.52 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.10.52. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHSA-2023:0697

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

Security Fix(es):

* go-yaml: Improve heuristics preventing CPU/memory abuse by parsing  
malicious or large YAML documents (CVE-2022-3064)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* [4.10] Prevent redundant queries of BIOS settings in  
HostFirmwareController (BZ#2061794)

* ovn-nbctl.log is never rotated (BZ#2072601)

* [4.10] APIRemovedInNextEUSReleaseInUse alert for OVN poddisruptionbudgets  
(BZ#2092193)

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.10 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

You may download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
may be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:b13ee67469f7f85a1b1daf57424f3c7c02c3a188cb640dc6284742091a7e6d50

(For s390x architecture)  
The image digest is  
sha256:4c776be05c475ee885829444509258b486d79d8128e12d6d2263ab7cdef83ce8

(For ppc64le architecture)  
The image digest is  
sha256:2d4e0af6ca2afc8c10d210aa520aba602618f3fad4cb42636bddb57b1f0ce425

(For aarch64 architecture)  
The image digest is  
sha256:7cadaaf6e0f71645864963e6c47c75852ce68aff80c963dfba2ddf51c0b836c4

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2061794 - [4.10] Prevent redundant queries of BIOS settings in HostFirmwareController  
2072601 - ovn-nbctl.log is never rotated  
2092193 - [4.10] APIRemovedInNextEUSReleaseInUse alert for OVN poddisruptionbudgets  
2163037 - CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-2106 - intra namespace allow network policy doesn't work after applying ingress&egress deny all network policy  
OCPBUGS-2614 - e2e-gcp-builds is permafailing  
OCPBUGS-2982 - [release-4.10] Update blueocean-autofavorite to 1.2.5  
OCPBUGS-3615 - [4.10] [perf/scale] libovsdb builds transaction logs but throws them away  
OCPBUGS-4095 - Various Jenkins CVEs for October 2022 [openshift-4.10.z]  
OCPBUGS-4578 - Origin tests for bonds - 4.10 backport  
OCPBUGS-4882 - [2117255] Failed to dump flows for flow sync, stderr: "ovs-ofctl: br-ext is not a bridge or a socket"  
OCPBUGS-5077 - Service spec value `externalTrafficPolicy` does not trigger rules update in ovnkube-node pod handlers on edit  
OCPBUGS-5296 - Developer Topology always blanks with large contents when first rendering  
OCPBUGS-5961 - Add support for API version v1beta1 for knativeServing and knativeEventing  
OCPBUGS-6690 - OLM details page crashes on incomplete ClusterServiceVersion resource  
OCPBUGS-6702 - The MCO can generate a rendered config with old KubeletConfig contents, blocking upgrades  
OCPBUGS-6754 - Topology gets stuck loading  
OCPBUGS-6886 - [4.10] boot sequence override request fails with Base.1.8.PropertyNotWritable on Lenovo SE450  
OCPBUGS-6930 - hack/check-plugins-supply-chain-change.sh is not executable  
OCPBUGS-7052 - Sync jenkins-version.txt, base-plugins.txt and bundle-plugins.txt from master branch

6. References:

https://access.redhat.com/security/cve/CVE-2022-1471  
https://access.redhat.com/security/cve/CVE-2022-3064  
https://access.redhat.com/security/cve/CVE-2022-23521  
https://access.redhat.com/security/cve/CVE-2022-34174  
https://access.redhat.com/security/cve/CVE-2022-38023  
https://access.redhat.com/security/cve/CVE-2022-41903  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/updates/classification/#moderate  
https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+0kZ9zjgjWX9erEAQjaJxAAqF+IAiwuWfRcYGBXUwA/K3P+44YgTiVo  
xISaecxqI5ybSvMPCzFHftDSntW6nhIUFpSC2xIsvzsEIEvT8TFR09NAtGv57kzK  
8nbqNMc+orQhRYe8qNE/kadzQOEpDuM/Ni72anrFDoD7/oFMkoLur1TtBhYG067J  
AyCiSMYF3IA2K9hPapoa9DmjAF+K6XKHrlP4pmdT3bw152BCfQ0K/wb/4tDGUgym  
TH6r7dK3MkKJY+hkx4Rf8O8wRyodMID5tuLeQl9zhsOPHVE+S1T8fWzRkHYMpx1T  
p9IL8mXJs6f5hDR+ZyRr6tLlA36Glaqbpk1sfij96USYC8n7AtOtwY092SmHz3GO  
+OEwiL5Vnk6VgQIxweZ5SZgLUXsTkUYelXFeLUG2TRqw24kjMUqOpql1S/Ps/R6n  
zlnaA2wD+fjYpTv72XKMiaHxsuY36Ys+RWnxOXGDKBrn9yYerwV9iAqKFv3MumkA  
LIXGqkXigGEeNFiaxDPyoeCWW4UxFnGTv1J4JDfRHLIuUNU6ETe/a4Lwy4niaF6m  
Wqd7GqzHcrI/XTMoQyT1VwbKVYLl80F/mEDbxsxXep8Bxck5UbYjm8ta0U5zDxIB  
v3RYCBXm8egt1Y2En6Ul6X4ZM+ePFDlde87cn3wANF6WfikehXenLXwnQBXOebT4  
7rSPY9B2p+A=wyNJ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0698-01

Red Hat Security Advisory 2023-0697-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.10.52. Issues addressed include code execution and deserialization vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.10.52 security update  
Advisory ID:       RHSA-2023:0697-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0697  
Issue date:        2023-02-15  
CVE Names:         CVE-2022-1471 CVE-2022-34174  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.10.52 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.10 - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.10.52. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHSA-2023:0698

Security Fix(es):

* SnakeYaml: Constructor Deserialization Remote Code Execution  
(CVE-2022-1471)

* jenkins: Observable timing discrepancy allows determining username  
validity (CVE-2022-34174)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.10 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html

4. Solution:

For OpenShift Container Platform 4.10 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2119653 - CVE-2022-34174 jenkins: Observable timing discrepancy allows determining username validity  
2150009 - CVE-2022-1471 SnakeYaml: Constructor Deserialization Remote Code Execution

6. Package List:

Red Hat OpenShift Container Platform 4.10:

Source:  
openshift-4.10.0-202302072053.p0.g8a6bfe4.assembly.stream.el7.src.rpm  
openshift-ansible-4.10.0-202302072053.p0.g72c7be6.assembly.stream.el7.src.rpm  
openshift-clients-4.10.0-202302072053.p0.gdaed147.assembly.stream.el7.src.rpm

noarch:  
openshift-ansible-4.10.0-202302072053.p0.g72c7be6.assembly.stream.el7.noarch.rpm  
openshift-ansible-test-4.10.0-202302072053.p0.g72c7be6.assembly.stream.el7.noarch.rpm

x86_64:  
openshift-clients-4.10.0-202302072053.p0.gdaed147.assembly.stream.el7.x86_64.rpm  
openshift-clients-redistributable-4.10.0-202302072053.p0.gdaed147.assembly.stream.el7.x86_64.rpm  
openshift-hyperkube-4.10.0-202302072053.p0.g8a6bfe4.assembly.stream.el7.x86_64.rpm

Red Hat OpenShift Container Platform 4.10:

Source:  
atomic-openshift-service-idler-4.10.0-202302072053.p0.ga0f9090.assembly.stream.el8.src.rpm  
jenkins-2-plugins-4.10.1675407676-1.el8.src.rpm  
jenkins-2.361.1.1675406172-1.el8.src.rpm  
openshift-4.10.0-202302072053.p0.g8a6bfe4.assembly.stream.el8.src.rpm  
openshift-ansible-4.10.0-202302072053.p0.g72c7be6.assembly.stream.el8.src.rpm  
openshift-clients-4.10.0-202302072053.p0.gdaed147.assembly.stream.el8.src.rpm  
openshift-kuryr-4.10.0-202302072053.p0.gd4f4d9a.assembly.stream.el8.src.rpm  
python-sushy-4.1.5-0.20221125154417.ff95176.el8.src.rpm

aarch64:  
atomic-openshift-service-idler-4.10.0-202302072053.p0.ga0f9090.assembly.stream.el8.aarch64.rpm  
openshift-clients-4.10.0-202302072053.p0.gdaed147.assembly.stream.el8.aarch64.rpm  
openshift-hyperkube-4.10.0-202302072053.p0.g8a6bfe4.assembly.stream.el8.aarch64.rpm

noarch:  
jenkins-2-plugins-4.10.1675407676-1.el8.noarch.rpm  
jenkins-2.361.1.1675406172-1.el8.noarch.rpm  
openshift-ansible-4.10.0-202302072053.p0.g72c7be6.assembly.stream.el8.noarch.rpm  
openshift-ansible-test-4.10.0-202302072053.p0.g72c7be6.assembly.stream.el8.noarch.rpm  
openshift-kuryr-cni-4.10.0-202302072053.p0.gd4f4d9a.assembly.stream.el8.noarch.rpm  
openshift-kuryr-common-4.10.0-202302072053.p0.gd4f4d9a.assembly.stream.el8.noarch.rpm  
openshift-kuryr-controller-4.10.0-202302072053.p0.gd4f4d9a.assembly.stream.el8.noarch.rpm  
python3-kuryr-kubernetes-4.10.0-202302072053.p0.gd4f4d9a.assembly.stream.el8.noarch.rpm  
python3-sushy-4.1.5-0.20221125154417.ff95176.el8.noarch.rpm  
python3-sushy-tests-4.1.5-0.20221125154417.ff95176.el8.noarch.rpm

ppc64le:  
atomic-openshift-service-idler-4.10.0-202302072053.p0.ga0f9090.assembly.stream.el8.ppc64le.rpm  
openshift-clients-4.10.0-202302072053.p0.gdaed147.assembly.stream.el8.ppc64le.rpm  
openshift-hyperkube-4.10.0-202302072053.p0.g8a6bfe4.assembly.stream.el8.ppc64le.rpm

s390x:  
atomic-openshift-service-idler-4.10.0-202302072053.p0.ga0f9090.assembly.stream.el8.s390x.rpm  
openshift-clients-4.10.0-202302072053.p0.gdaed147.assembly.stream.el8.s390x.rpm  
openshift-hyperkube-4.10.0-202302072053.p0.g8a6bfe4.assembly.stream.el8.s390x.rpm

x86_64:  
atomic-openshift-service-idler-4.10.0-202302072053.p0.ga0f9090.assembly.stream.el8.x86_64.rpm  
openshift-clients-4.10.0-202302072053.p0.gdaed147.assembly.stream.el8.x86_64.rpm  
openshift-clients-redistributable-4.10.0-202302072053.p0.gdaed147.assembly.stream.el8.x86_64.rpm  
openshift-hyperkube-4.10.0-202302072053.p0.g8a6bfe4.assembly.stream.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1471  
https://access.redhat.com/security/cve/CVE-2022-34174  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+0kYNzjgjWX9erEAQjG4g/+MCnDpTDzXYC2Tq9v+UObLQHm4n/7OVNc  
5csFC1X9TBxbToKQ9JfJDJeJHe2IBKlyYsen0UGw1+9y7IBy2ywwmLf28zbH393M  
Bc4LhaIe8tiZ5uJoWnsA6gtTB60vbiIX6BRA2RdD9JuZEh/p6BwSDxBZY1iBlJfK  
/+MAgoYyqxaR4s5s30MqX9KK27t67hJcWutKulHggUofKnJGhzqgTFlC+rHuS+xe  
QTWxeBt4ubA+KGBgdb6a5+0Mlef4ydAghkJtg6waM9cf8EfwRPfa6UTSRAHnRGzv  
AeI6kGXJ0O8BNu8KC28KnwShdpMSxaSEq5yHnReUjVazcXg6F1mOuuD8c2dgc3Wm  
NOSUz4VskRS5qzItZTrsLVJ7n5bOYYmG1mg4lh+XC9W9D8hFCLEYFXYTBADSgXfS  
6EF9JZ6NX7xPSnz3q67dTsfFSNvqPJnoNHQ1baV9rq1FQeAdbmYBK6xZy4hGO2DN  
fbRlGCCNkykdrjl1VQ/6V8d19AAdltcDD6V6ep4fEF4Owx5tj9ZUcDukvYbnp7CG  
1jd+jquOh+1PWi0CtJuFaaY0mzgjjaf1OjTaUWNjOhzsHkv4RlmjqJeYKoQ0LKb0  
RhS3/Cwig1ITuan2TcZ1t6A+Unk81nVg3thRUUPl34Xr0g9k3NScBTXF98sHL59I  
fS/PyK7o5aE=XLnM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0697-01

Red Hat Security Advisory 2023-0633-01 - Logging Subsystem 5.5.7 - Red Hat OpenShift.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift (Logging Subsystem) security update  
Advisory ID:       RHSA-2023:0633-01  
Product:           Logging Subsystem for Red Hat OpenShift  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0633  
Issue date:        2023-02-15  
CVE Names:         CVE-2022-23521 CVE-2022-40303 CVE-2022-40304  
                   CVE-2022-41903 CVE-2022-47629  
====================================================================  
1. Summary:

Logging Subsystem 5.5.7 - Red Hat OpenShift

2. Description:

Logging Subsystem 5.5.7 - Red Hat OpenShift

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. JIRA issues fixed (https://issues.jboss.org/):

LOG-3533 - tls.cert, tls.key and passphrase are not passed to the fluentd configuration when forwarding logs using syslog over TLS  
LOG-3534 - [release-5.5] [Administrator Console] Seeing "parse error" while using Severity filter for cluster view user

5. References:

https://access.redhat.com/security/cve/CVE-2022-23521  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-41903  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/updates/classification/#moderate  
null

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+0kYtzjgjWX9erEAQh8tg/+OxUzZUKlGBAcVY2WQ/YrOzOAL73pf5Vs  
X5yLUjjK9yBeXtTjnWQIuYst3tDiUtUAq41xC6QJ622opWMtBVH26IwS9o0jE/px  
8xR7PaVY7UOxjdRA9JIt7NH1BhH8iv463xVWvXMvTVfHtjva6aaorFXofjGOLs/s  
nLikw9Q/9TPDtg955NoXj8YT+aF9jXivWVu/2Z25o0bC9yitGOByvah1NTTYfkGw  
86H+2PYkZ2jXyO0O6fES1HG5ATkvnFFUbk5hrE8Q58tBOMWv6vCyPjvrhFBlCIR2  
NvsBQWwIj2Lzn/pFji8uTf2x+m3JNOqzGa/M0cHzRPdvwi0YcXYurF/9n5Vgb7sS  
n1lrKg8dX2v1i6GAgYx8BFMrcFzw/D8az/q30LwCJauWy+i74/uyM3ukUKbXnvkO  
sjl/bT3ztkuO2jlGfZCjirhFNdjShbL06f2elDe5p4A47D7S8oPrd++KuPrh432e  
CRZ966edVDP1LLuR6Mz3y26hkF1pYgzNoB2qbgY5se0feyHrSsnh0njYBWQwv3Qu  
68w3HXby+O9Rd/azAICbEjTX+Os/UDiAN1+gTkiALdRAYI4yyQPoIp8dB4AuHxmn  
UARsqN6glH5GYdkDq6rfVC5fC9pn16OJb6HOTIbCQ5tHJUgjZCElmsRc9kxzZe+6  
LGOMFBehEt8=Gx1+  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0633-01

Red Hat Security Advisory 2023-0786-01 - Network observability is an OpenShift operator that provides a monitoring pipeline to collect and enrich network flows that are produced by the Network observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Network observability 1.1.0 security update  
Advisory ID:       RHSA-2023:0786-01  
Product:           NETOBSERV  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0786  
Issue date:        2023-02-15  
CVE Names:         CVE-2021-46848 CVE-2022-1271 CVE-2022-1304  
                   CVE-2022-2509 CVE-2022-3515 CVE-2022-3602  
                   CVE-2022-3715 CVE-2022-3786 CVE-2022-3821  
                   CVE-2022-33099 CVE-2022-34903 CVE-2022-35737  
                   CVE-2022-40303 CVE-2022-40304 CVE-2022-42898  
                   CVE-2022-47629 CVE-2023-0813  
====================================================================  
1. Summary:

Network observability 1.1.0 release for OpenShift

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Network observability is an OpenShift operator that provides a monitoring  
pipeline to collect and enrich network flows that are produced by the  
Network observability eBPF agent.

The operator provides dashboards, metrics, and keeps flows accessible in a  
queryable log store, Grafana Loki. When a FlowCollector is deployed, new  
dashboards are available in the Console.

Security Fix(es):

* network-observability-console-plugin-container: setting Loki authToken  
configuration to DISABLE or HOST mode leads to authentication longer being  
enforced (CVE-2023-0813)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Apply this errata by upgrading Network observability operator 1.0 to 1.1

4. Bugs fixed (https://bugzilla.redhat.com/):

2169468 - CVE-2023-0813 network-observability-console-plugin-container: setting Loki authToken configuration to DISABLE or HOST mode leads to authentication longer being enforced

5. References:

https://access.redhat.com/security/cve/CVE-2021-46848  
https://access.redhat.com/security/cve/CVE-2022-1271  
https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/cve/CVE-2022-2509  
https://access.redhat.com/security/cve/CVE-2022-3515  
https://access.redhat.com/security/cve/CVE-2022-3602  
https://access.redhat.com/security/cve/CVE-2022-3715  
https://access.redhat.com/security/cve/CVE-2022-3786  
https://access.redhat.com/security/cve/CVE-2022-3821  
https://access.redhat.com/security/cve/CVE-2022-33099  
https://access.redhat.com/security/cve/CVE-2022-34903  
https://access.redhat.com/security/cve/CVE-2022-35737  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-42898  
https://access.redhat.com/security/cve/CVE-2022-47629  
https://access.redhat.com/security/cve/CVE-2023-0813  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY+0kZNzjgjWX9erEAQhFFQ//QpVfZtURnoqqxWDRomJfU/B5FMK0iGEv  
r9lIOIPlCyXNJndORtBR53RPNjOaeDRAMDCLGKyaPMZbrT117nULpIe0glTgNUkM  
Lr6ZYeuVRPlUeyZz/siRV6e+IgTGJibZh5EmIOIgTqbZcuR2P1pi5VCgy/UlNbgC  
QnPUSvUf0CXS7c87pX1m1aisYxlyiNFiacMGf26hHFx1fdt1GlCCvko4Rz1sLiiN  
yc0AZ4sQgt4XJBaTheiueDUx3lJ+AXeJ9IxKwvHYwXzVAZZ43zhYNi93cfcLfk+0  
wnpPOVq0sQ3kxe9a02YL5eH2+HvKAJzrw1WAN0SArskk66HgIb4cta1Y9Wqt4++o  
hR/9/xJLNt9WrLUJaof0VqlMwlZYocIu747CgbhSYh3f+ITVrP86XgVfacBzhDAm  
YeOClak18lzrBjJKqUZv5jEqspO46l+GwpbAwl8nNk6weyWHvIiZP2j/MIN4o3i6  
CGr/2JyKN2LgbU+ForWdjKVFojj/XLUlOd142qYlXyUuHrJ65a3dl1Hcoi+p10bw  
VXwJDLD45ZUx8VC7CIqG9aVnOAG4JxN77FlU3yFgNvNHdzKs4R8N71B4tk4DRLF2  
IfsFlc95Pn/CyNufH9d8+ev5A59qT1wrdwhoXe/Udu7gJZThiRTb0AAXRw0xPdDF  
YtiWKaTUBfM=wK1Q  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0786-01

Atrocore version 1.5.25 suffers from a remote shell upload vulnerability.

    ## Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE## Author: nu11secur1ty## Date: 02.16.2023## Vendor: https://atropim.com/## Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25## Reference: https://portswigger.net/web-security/file-upload## Description:The `Create Import Feed` option with `glyphicon-glyphicon-paperclip`function appears to be vulnerable to User interaction -Unauthenticated File upload - RCE attacks.The attacker can easily upload a malicious then can execute the fileand can get VERY sensitive information about the configuration of thissystem, after this he can perform a very nasty attack.STATUS: HIGH Vulnerability CRITICAL[+]Payload:```PHP<?php  phpinfo();?>```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/atrocore/atrocore-1.5.25)## Reference:[href](https://portswigger.net/web-security/file-upload)## Proof and Exploit:[href](https://streamable.com/g8998d)## Time spend:00:45:00-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and https://www.exploit-db.com/0day Exploit DataBase https://0day.today/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=                          nu11secur1ty <http://nu11secur1ty.com/>

Atrocore 1.5.25 Shell Upload

Debian Linux Security Advisory 5349-1 - Hubert Kario discovered a timing side channel in the RSA decryption implementation of the GNU TLS library.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5349-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
February 14, 2023                     https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : gnutls28  
CVE ID         : CVE-2023-0361

Hubert Kario discovered a timing side channel in the RSA decryption  
implementation of the GNU TLS library.

 For the stable distribution (bullseye), this problem has been fixed in  
version 3.7.1-5+deb11u3.

We recommend that you upgrade your gnutls28 packages.

For the detailed security status of gnutls28 please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/gnutls28

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmPr180ACgkQEMKTtsN8  
TjYiww/7BLMYnCqWIWB8YC+TFWAF6HEVXCFLTy/ksXO7tc/pglydOrzajIRnRb1J  
imOwMCcK19vJT3JLMQsbVXztpeGIYhLa8GR/c718NGmhkEV7z+NmFIS+eSi2Urt/  
Yb6m9InN5RPbEbGoMVCxnFdAqHTob0rEo+pgNekUtIJ+M/qQHCTz/UijjevoETUu  
a+u2E7yjafT1SMPMdI+NemwZxfEpoNYafK9VBCtXVyEKWW/f149rQU7O825HTQ4o  
ZxRzTVWjJlXfwRj+HLmOqUQhAEEaR3tznFx8+bMDYCgyL7AaEnBJ+ygHZRwDy7ui  
UaVqgpIXF4jB3Kw1j5b0rQokO/wTNYioFCOmZwkSobe4ODKcTw0VVoYFj/EhbgBH  
q8EEVy8ZeBnon33wTTW6bXtUtqUmz0rXKyGVB6JUPiEbeGtLlScswqAKE70KG7uF  
5pPKpPUu4VK9EfceqC6ld/m0tUg393QwVGoo8fK6RXauNWKAvM2I9qarLoGF9GMq  
FgewlSVdg2N91ChUWb6/XdQ0EYg+dB9lNmfG9wVsqa7013Lj3O32JQz8s8QJ1qtr  
26MoZMDx1SB/XNwLhby8UlUiQmYFSvnS+lLx5BbBVNSORPGXWt14pa6Mzv1YK8wZ  
w+Z7aobGptaOwCeZ8cVAGBCYaDVnmOni+1c8MAKnYUbCrC1kx/E=  
=qFL8  
-----END PGP SIGNATURE-----

Debian Security Advisory 5349-1

B&R Systems Diagnostics Manager versions above or equal to 3.00 and below or equal to C4.93 suffer from a cross site scripting vulnerability.

SEC Consult Vulnerability Lab Security Advisory < 20230214-0 >  
=======================================================================  
               title: Multiple XSS Vulnerabilities  
             product: B&R Systems Diagnostics Manager  
  vulnerable version: >=3.00 and <=C4.93  
       fixed version: >=D4.93  
          CVE number: CVE-2022-4286  
              impact: medium  
            homepage: https://www.br-automation.com  
               found: 2022-10-28  
                  by: S. Robertz (Office Vienna)  
                      G. Hechenberger (Office Vienna)  
                      SEC Consult Vulnerability Lab

                      An integrated part of SEC Consult, an Atos company  
                      Europe | Asia | North America

                      https://www.sec-consult.com

=======================================================================

Vendor description:  
-------------------  
"Our slogan is our mission. The pursuit of Perfection in Automation has  
inspired and guided B&R for over 40 years. To us, perfection means more  
than developing the best solutions in industrial automation. It also means  
developing the best relationships – with our customers and partners as  
well as our employees and suppliers.

Keen foresight and entrepreneurial courage helped us rise quickly into  
the ranks of top global players in industrial automation. An intuitive sense  
of market dynamics and emerging trends has established us as a pioneer,  
leading the way with the most innovative technology on the market.

Our role as the ABB Group's global center for machine and factory automation  
strengthens our position of leadership and adds new momentum to our  
impressive record of sustained growth."

Source: https://www.br-automation.com/en/about-us/

Business recommendation:  
------------------------  
The vendor provides a software update which should be installed immediately.

SEC Consult highly recommends to perform a thorough security review of the  
product conducted by security professionals to identify and resolve potential  
further security issues.

Vulnerability overview/description:  
-----------------------------------  
1) Multiple Reflected Cross-Site-Scripting Vulnerabilities (CVE-2022-4286)  
An attacker can execute arbitrary JavaScript code in the context of the  
victim's session, thus perform all actions, exfiltrate information, etc.  
In order to exploit this vulnerability the attacker will have to trick  
the user into visiting a manipulated URL.

Proof of concept:  
-----------------  
1) Multiple Reflected Cross-Site-Scripting Vulnerabilities (CVE-2022-4286)  
The following URL has to be visited by the victim in order to execute  
arbitrary JavaScript code.

http://<PLC-IP>/sdm/cgiFileLoop.cgi?service=javascript:alert(document.domain);%2f%2f&type=512&scope=%3Cfile:///etc/passwd%3E&module=Snapshot&option=3

A very similar vulnerability can be found at another endpoint of the  
System Diagnostic Manager (SDM).

http://<PLC-IP>/sdm/svg.cgi?type=cpuusage&index=1%3Cscript%3Ealert(document.domain)%3C/script%3E

Vulnerable / tested versions:  
-----------------------------  
The following device and firmware version has been tested:  
* B&R X20CP3687X SwModuleVersion 186

According to the vendor, all B&R Automation Runtime (AR) versions >=3.00 and <=C4.93  
are affected.

Vendor contact timeline:  
------------------------  
2022-11-21: Contacting vendor through cybersecurity@br-automation.com.  
             Sent encrypted advisory.  
2022-11-22: Vendor requests B&R Automation Runtime version.  
2022-12-01: Vendor confirms vulnerability. Will be fixed with next release.  
             Asking for timeline.  
2022-12-13: Advisory and patch will be published on 2023-02-10.  
             Vendor offers to share the advisory for review purposes.  
2023-01-25: Reviewing vendor advisory, receiving CVE + affected/fixed version  
             numbers  
2023-02-10: Vendor provides the patch.  
2023-02-14: Coordinated release of security advisory.

Solution:  
---------  
The vendor supplies a patch, which should be installed immediately.  
The following version mitigates the identified XSS issues:  
* B&R Automation Runtime version >=D4.93

The vendor has published the following security advisory:  
https://www.br-automation.com/downloads_br_productcatalogue/assets/1675607299099-en-original-1.0.pdf

Workaround:  
-----------  
Administrators can deactivate the System Diagnostics Manager in case it is not  
needed.

Advisory URL:  
-------------  
https://sec-consult.com/vulnerability-lab/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SEC Consult Vulnerability Lab

SEC Consult, an Atos company  
Europe | Asia | North America

About SEC Consult Vulnerability Lab  
The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an  
Atos company. It ensures the continued knowledge gain of SEC Consult in the  
field of network and application security to stay ahead of the attacker. The  
SEC Consult Vulnerability Lab supports high-quality penetration testing and  
the evaluation of new offensive and defensive technologies for our customers.  
Hence our customers obtain the most current information about vulnerabilities  
and valid recommendation about the risk profile of new technologies.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Interested to work with the experts of SEC Consult?  
Send us your application https://sec-consult.com/career/

Interested in improving your cyber security with the experts of SEC Consult?  
Contact our local offices https://sec-consult.com/contact/  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mail: security-research at sec-consult dot com  
Web: https://www.sec-consult.com  
Blog: http://blog.sec-consult.com  
Twitter: https://twitter.com/sec_consult  
EOF S. Robertz, G. Hechenberger / @2023

B&R Systems Diagnostics Manager Cross Site Scripting

Ubuntu Security Notice 5872-1 - Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

    ==========================================================================Ubuntu Security Notice USN-5872-1February 15, 2023nss vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESM- Ubuntu 14.04 ESMSummary:Several security issues were fixed in NSS.Software Description:- nss: Network Security Service libraryDetails:Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7sequence. A remote attacker could possibly use this issue to cause NSS tocrash, resulting in a denial of service. (CVE-2022-22747)Ronald Crane discovered that NSS incorrectly handled certain memoryoperations. A remote attacker could use this issue to cause NSS to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2022-34480)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:   libnss3                         2:3.28.4-0ubuntu0.16.04.14+esm3Ubuntu 14.04 ESM:   libnss3                         2:3.28.4-0ubuntu0.14.04.5+esm11After a standard system update you need to restart any applications thatuse NSS to make all the necessary changes.References:https://ubuntu.com/security/notices/USN-5872-1 <https://ubuntu.com/security/notices/USN-5872-1>   CVE-2022-22747, CVE-2022-34480

Ubuntu Security Notice USN-5872-1

WordPress Quiz and Survey Master plugin versions 8.0.8 and below suffer from a cross site request forgery vulnerability.

RCE Security Advisory  
https://www.rcesecurity.com

1. ADVISORY INFORMATION  
=======================  
Product:        Quiz And Survey Master  
Vendor URL:     https://wordpress.org/plugins/quiz-master-next/  
Type:           Cross-Site Request Forgery (CSRF) [CWE-352]  
Date found:     2023-01-13  
Date published: 2023-02-08  
CVSSv3 Score:   6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)  
CVE:            CVE-2023-0292

2. CREDITS  
==========  
This vulnerability was discovered and researched by Julien Ahrens from  
RCE Security.

3. VERSIONS AFFECTED  
====================  
Quiz And Survey Master 8.0.8 and below

4. INTRODUCTION  
===============  
Quiz and Survey Master is the easiest WordPress Quiz Plugin which can be used  
to create engaging content to drive traffic and increase user engagement.  
Everything from viral quiz, trivia quiz, customer satisfaction surveys to employee  
surveys. This plugin is the ultimate marketing tool for your website.

(from the vendor's homepage)

5. VULNERABILITY DETAILS  
========================  
The plugin offers the ajax action "qsm_remove_file_fd_question" which is used to  
delete uploaded media contents from the WordPress instance. However, the  
functionality is not protected by an anti-CSRF token/nonce.

Since there is no anti-CSRF token protecting this functionality, it is vulnerable  
to Cross-Site Request Forgery attacks allowing an attacker to delete uploaded  
media contents on behalf of the attacked user.

To successfully exploit this vulnerability, a user with the right to access the  
plugin must be tricked into visiting an arbitrary website while having an  
authenticated session in the application.

6. PROOF OF CONCEPT  
===================  
The following Proof-of-Concept would delete the uploaded media with the ID "1":

<html>  
    
  <body>  
  <script>history.pushState('', '', '/')</script>  
    <form action="http://localhost/wp-admin/admin-ajax.php" method="POST">  
      <input type="hidden" name="action" value="qsm_remove_file_fd_question" />  
      <input type="hidden" name="media_id" value="1" />  
      <input type="submit" value="Submit request" />  
    </form>  
  </body>  
</html>

7. SOLUTION  
===========  
Update to version 8.0.9

8. REPORT TIMELINE  
==================  
2023-01-13: Discovery of the vulnerability  
2023-01-13: Wordfence (responsible CNA) assigns CVE-2023-0291  
2023-01-18: Sent initial notification to vendor via contact form  
2022-01-18: Vendor response  
2022-01-21: Vendor releases version 8.0.9 which fixes the vulnerability  
2022-02-08: Public disclosure

9. REFERENCES  
=============  
https://github.com/MrTuxracer/advisories

Source

Packet Storm