Red Hat Security Advisory 2023-0210-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-1.8.0-openjdk security and bug fix update  
Advisory ID:       RHSA-2023:0210-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0210  
Issue date:        2023-01-26  
CVE Names:         CVE-2023-21830 CVE-2023-21843   
=====================================================================

1. Summary:

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise  
Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 9) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime  
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es):

* OpenJDK: improper restrictions in CORBA deserialization (Serialization,  
8285021) (CVE-2023-21830)

* OpenJDK: soundbank URL remote loading (Sound, 8293742) (CVE-2023-21843)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Prepare for the next quarterly OpenJDK upstream release (2023-01, 8u362)  
[rhel-9] (BZ#2159912)

* solr broken due to access denied ("java.io.FilePermission"  
"/etc/pki/java/cacerts" "read") [rhel-9, openjdk-8] (BZ#2163594)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of OpenJDK Java must be restarted for this update to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2159912 - Prepare for the next quarterly OpenJDK upstream release (2023-01, 8u362) [rhel-9] [rhel-9.1.0.z]  
2160475 - CVE-2023-21843 OpenJDK: soundbank URL remote loading (Sound, 8293742)  
2160490 - CVE-2023-21830 OpenJDK: improper restrictions in CORBA deserialization (Serialization, 8285021)  
2163594 - solr broken due to access denied ("java.io.FilePermission" "/etc/pki/java/cacerts" "read") [rhel-9, openjdk-8] [rhel-9.1.0.z]

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
java-1.8.0-openjdk-1.8.0.362.b09-2.el9_1.src.rpm

aarch64:  
java-1.8.0-openjdk-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-src-1.8.0.362.b09-2.el9_1.aarch64.rpm

noarch:  
java-1.8.0-openjdk-javadoc-1.8.0.362.b09-2.el9_1.noarch.rpm  
java-1.8.0-openjdk-javadoc-zip-1.8.0.362.b09-2.el9_1.noarch.rpm

ppc64le:  
java-1.8.0-openjdk-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-src-1.8.0.362.b09-2.el9_1.ppc64le.rpm

s390x:  
java-1.8.0-openjdk-1.8.0.362.b09-2.el9_1.s390x.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.362.b09-2.el9_1.s390x.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.362.b09-2.el9_1.s390x.rpm  
java-1.8.0-openjdk-demo-1.8.0.362.b09-2.el9_1.s390x.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.362.b09-2.el9_1.s390x.rpm  
java-1.8.0-openjdk-devel-1.8.0.362.b09-2.el9_1.s390x.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.362.b09-2.el9_1.s390x.rpm  
java-1.8.0-openjdk-headless-1.8.0.362.b09-2.el9_1.s390x.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.362.b09-2.el9_1.s390x.rpm  
java-1.8.0-openjdk-src-1.8.0.362.b09-2.el9_1.s390x.rpm

x86_64:  
java-1.8.0-openjdk-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-src-1.8.0.362.b09-2.el9_1.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 9):

aarch64:  
java-1.8.0-openjdk-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.362.b09-2.el9_1.aarch64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.362.b09-2.el9_1.aarch64.rpm

ppc64le:  
java-1.8.0-openjdk-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.362.b09-2.el9_1.ppc64le.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.362.b09-2.el9_1.ppc64le.rpm

x86_64:  
java-1.8.0-openjdk-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-debugsource-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-fastdebug-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-fastdebug-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-fastdebug-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-fastdebug-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-src-fastdebug-1.8.0.362.b09-2.el9_1.x86_64.rpm  
java-1.8.0-openjdk-src-slowdebug-1.8.0.362.b09-2.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-21830  
https://access.redhat.com/security/cve/CVE-2023-21843  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY9L/9NzjgjWX9erEAQhTQw/9H7aeXZ+k8JgaO+GXrNKKI8YHJRBACYuj  
Ou/dGX013q3gH5fezhFAdtmTqs1hJHSt1p3WwmKtqaQjyFF4MUDdCcRdrSk+0v5p  
PFKuuZKCjXJqeT4A3u69+GajEWq6zbNiqm+yHQQuA+ZFPlJ5bwRYOFPn+LkNNoWf  
3uBAPXa2F2ESHQ56o1mRjOhg4YLxCFHfBV4GJsxBy83C0GZXljEBH1x4qhxo1o1O  
tPziQPLsBbPECukZnp7Hy0tAZgW460Cj7rmReMq2ui5jnYniw0q2hkeFYB11iq6e  
5AcJ38QeL8iyN1z0J1IerfVBe+NmgFvNhdt7kdxokoF4CinahqlsbdU81PkItrqi  
aoGUDvzra7UXCDeZC5Qxt1OpBu1dWXTEHPqFlfmww6MijfhrLS7EqBupxXhYiJMz  
l8f3bFEnEFgfXyBPoOn5ZuTI7Fc1cCf2HjKHJUJtmpEEgv0PQ509ZL9m4nQmgWnZ  
8OJD6PI0kgAohWMxxfK06dmWOMAlxftO9VItMaDVizbm1TCv4VlILHXA6zmwa10v  
S2nDmRKoYjgkXPsYaN2MrIcCBIxhXBs7cVBLxKvVpw4UifBA7iFLUiGch4wXn3op  
iWX/5L+z+6Ohrq+ejRBuS/Q+3YecUUVsgCi6q42aUmTaCchzWa2zwft5VoxartdR  
4FZtwClNWbY=  
=FGEM  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0210-01

Red Hat Security Advisory 2023-0479-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server, as well as command-line utilities and Web UI packages for server administration.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: redhat-ds:12 security update  
Advisory ID:       RHSA-2023:0479-01  
Product:           Red Hat Directory Server  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0479  
Issue date:        2023-01-26  
CVE Names:         CVE-2022-2850   
=====================================================================

1. Summary:

An update for the redhat-ds:12 module is now available for Red Hat  
Directory Server 12.0 for RHEL 9.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Directory Server 12.0 for RHEL 9 - noarch, x86_64

3. Description:

Red Hat Directory Server is an LDAPv3-compliant directory server. The suite  
of packages includes the Lightweight Directory Access Protocol (LDAP)  
server, as well as command-line utilities and Web UI packages for server  
administration.

Security Fix(es):

* 389-ds-base: SIGSEGV in sync_repl (CVE-2022-2850)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2118691 - CVE-2022-2850 389-ds-base: SIGSEGV in sync_repl

6. Package List:

Red Hat Directory Server 12.0 for RHEL 9:

Source:  
389-ds-base-2.0.18-3.module+el9dsrv+17947+6e05a0b8.src.rpm

noarch:  
cockpit-389-ds-2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch.rpm  
python3-lib389-2.0.18-3.module+el9dsrv+17947+6e05a0b8.noarch.rpm

x86_64:  
389-ds-base-2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64.rpm  
389-ds-base-debuginfo-2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64.rpm  
389-ds-base-debugsource-2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64.rpm  
389-ds-base-devel-2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64.rpm  
389-ds-base-libs-2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64.rpm  
389-ds-base-libs-debuginfo-2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64.rpm  
389-ds-base-snmp-2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64.rpm  
389-ds-base-snmp-debuginfo-2.0.18-3.module+el9dsrv+17947+6e05a0b8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2850  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY9L/8dzjgjWX9erEAQjTLBAAkZQjEy/tq1Luvcb4rd9zXumUsYVgyFxe  
cfStYEZqNkgFL7boP7FCg0oC52GlH41HGL5bvKH+UzEX2rx3w+C+zsawDk1j7ddY  
9615Mx4t2pVyMxKzQ/l/sj2HBPAWHcULPPEAnxLdC8A3PpVFc/CMdDDQbq8kEOJL  
Q/xEyNjwNt7g/mGPDMsVcn7v4w0I3fxOkuKSvaQ9q/UR6Mut08arOFsiHTsIIOLu  
zHKf6ojW44bLREv8JJLHWsObEwAsrdLvglm1s136iUXkHKc4FuOGgNS2+OLgmJzu  
POnbqTURlboTfDl7IRBtZtPD7TkwP67dXR/R9uJ7BgADBWUOHSYu1CbTjCuEBW4g  
S23PRCg1wjAWlAAcxdnyIvf33fTWEg1dL3zE0FUWX+P1fzb2D4YXSTaMlPncSW42  
fa5GF2KRMjiStKcVfdjo7qZQHr1BsR3jTBSzVRDLSsgQPE/2pG86I8nw8pec0NTA  
UZQqW/JBLbicja7sJbS57Yd1CxgXjeNFC5tUlPTfme5Gwc0C8+MsdjwDDfsjnZMk  
Kcnv9obtv/tUpaXz6Hem8PjleCN0sS/Sn7c4q8ymoGVbKsfZqqYYQ6m6pXnw1Dxh  
k33B0mbpNlwnGx3tB3eqY4dD8hCnTGagORBPBECNiWVR/mereB7BClZ0TPjyz7jE  
I3UpPseSSlw=  
=Ns6O  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0479-01

Red Hat Security Advisory 2023-0470-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1).

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Migration Toolkit for Runtimes security update  
Advisory ID:       RHSA-2023:0470-01  
Product:           Migration Toolkit for Runtimes  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0470  
Issue date:        2023-01-26  
CVE Names:         CVE-2016-3709 CVE-2020-35525 CVE-2020-35527   
                   CVE-2021-46848 CVE-2022-0561 CVE-2022-0562   
                   CVE-2022-0865 CVE-2022-0891 CVE-2022-0908   
                   CVE-2022-0909 CVE-2022-0924 CVE-2022-1304   
                   CVE-2022-1355 CVE-2022-1471 CVE-2022-2509   
                   CVE-2022-22624 CVE-2022-22628 CVE-2022-22629   
                   CVE-2022-22662 CVE-2022-22844 CVE-2022-25308   
                   CVE-2022-25309 CVE-2022-25310 CVE-2022-26700   
                   CVE-2022-26709 CVE-2022-26710 CVE-2022-26716   
                   CVE-2022-26717 CVE-2022-26719 CVE-2022-27404   
                   CVE-2022-27405 CVE-2022-27406 CVE-2022-30293   
                   CVE-2022-35737 CVE-2022-37434 CVE-2022-42898   
                   CVE-2022-42920   
=====================================================================

1. Summary:

An update is now available for Migration Toolkit for Runtimes (v1.0.1).

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Security Fix(es):

* mtr-web-container: Apache-Commons-BCEL: arbitrary bytecode produced via  
out-of-bounds writing (CVE-2022-42920)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

5. References:

https://access.redhat.com/security/cve/CVE-2016-3709  
https://access.redhat.com/security/cve/CVE-2020-35525  
https://access.redhat.com/security/cve/CVE-2020-35527  
https://access.redhat.com/security/cve/CVE-2021-46848  
https://access.redhat.com/security/cve/CVE-2022-0561  
https://access.redhat.com/security/cve/CVE-2022-0562  
https://access.redhat.com/security/cve/CVE-2022-0865  
https://access.redhat.com/security/cve/CVE-2022-0891  
https://access.redhat.com/security/cve/CVE-2022-0908  
https://access.redhat.com/security/cve/CVE-2022-0909  
https://access.redhat.com/security/cve/CVE-2022-0924  
https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/cve/CVE-2022-1355  
https://access.redhat.com/security/cve/CVE-2022-1471  
https://access.redhat.com/security/cve/CVE-2022-2509  
https://access.redhat.com/security/cve/CVE-2022-22624  
https://access.redhat.com/security/cve/CVE-2022-22628  
https://access.redhat.com/security/cve/CVE-2022-22629  
https://access.redhat.com/security/cve/CVE-2022-22662  
https://access.redhat.com/security/cve/CVE-2022-22844  
https://access.redhat.com/security/cve/CVE-2022-25308  
https://access.redhat.com/security/cve/CVE-2022-25309  
https://access.redhat.com/security/cve/CVE-2022-25310  
https://access.redhat.com/security/cve/CVE-2022-26700  
https://access.redhat.com/security/cve/CVE-2022-26709  
https://access.redhat.com/security/cve/CVE-2022-26710  
https://access.redhat.com/security/cve/CVE-2022-26716  
https://access.redhat.com/security/cve/CVE-2022-26717  
https://access.redhat.com/security/cve/CVE-2022-26719  
https://access.redhat.com/security/cve/CVE-2022-27404  
https://access.redhat.com/security/cve/CVE-2022-27405  
https://access.redhat.com/security/cve/CVE-2022-27406  
https://access.redhat.com/security/cve/CVE-2022-30293  
https://access.redhat.com/security/cve/CVE-2022-35737  
https://access.redhat.com/security/cve/CVE-2022-37434  
https://access.redhat.com/security/cve/CVE-2022-42898  
https://access.redhat.com/security/cve/CVE-2022-42920  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY9Krl9zjgjWX9erEAQiQHw//SmAuCEyNB48pniqYtBPEMYXC0GPv8GjR  
nCJh3aREXvSIeWV58A1mJAkrPDYCEUh87Lm1Tdsn2m7qUWWYTLlZL7PHGHIu3EiB  
kqQv4PyExh9ww5Z7vDVbj2s70hF6Swx1u5Q9v/tdEKVkjw7MbfiWddhFhJz26goN  
CwgOwO0AMnyXC35R6MRUPIv4FXm9l/delQ46BRY60d3MWHrnAU8o3oolzyfLQz/w  
iZcQiweM/DB3kY80GJesr/hlfPAtUsH7lc1tjSk6BQfncYDfZLtJfwfFJF2cnGi1  
2o7wv7VM/HKku+LBlUQivF9NIDm5NctgjMUfsYjZcqGYcQBZgPOZVBwMh+dWDvHb  
Dy3BU+AvuNHF2fRqsEr1t87zEOjoiO9729Q8vMeCTKdgQLJ0cg8P/6TaQoylW1A8  
N6mduFALHe9HA+Xg0narJQVmVyh9yVpinc+HRAVtCzBmU81jKrmwKMv3T2s+CeXO  
TJz8Pt0A2E9z1oB+cxBNbJTHFwqAr+BU/GFuFWuf85/DIUk7IwDkvh+7e7eMHLKw  
qe4sIwt5O3l6g5/GFjfk6mmfwpb2kpbWGmdhzXSvlSHneZTCh+1vXEFANFLQn7IY  
zD2uFBFCnAtwVXZNrIoMs1u9/i1CWM02/NmEKp+Sbay3PVbam8YJmsFw8EGXAKuI  
PDYlpa0DcLU=  
=wl80  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0470-01

Red Hat Security Advisory 2023-0469-01 - Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available. Issues addressed include denial of service and memory exhaustion vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Integration Camel Extensions For Quarkus 2.13.2  
Advisory ID:       RHSA-2023:0469-01  
Product:           Red Hat Integration  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0469  
Issue date:        2023-01-26  
CVE Names:         CVE-2022-40149 CVE-2022-40150 CVE-2022-40151   
                   CVE-2022-40152 CVE-2022-40153 CVE-2022-40154   
                   CVE-2022-40155 CVE-2022-40156 CVE-2022-42003   
                   CVE-2022-42004 CVE-2022-42889   
=====================================================================

1. Summary:

Red Hat Integration Camel Extensions for Quarkus 2.13.2 is now available.  
The purpose of this text-only errata is to inform you about the security  
issues fixed.

Red Hat Product Security has rated this update as having an impact of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Red Hat Integration - Camel Extensions for Quarkus 2.13.2 serves as a  
replacement for 2.7 and includes the following security fixes.

Security Fix(es):

* jettison: memory exhaustion via user-supplied XML or JSON data  
(CVE-2022-40150)

* jettison: parser crash by stackoverflow (CVE-2022-40149)

* jackson-databind: use of deeply nested arrays (CVE-2022-42004)

* jackson-databind: deep wrapper array nesting wrt  
UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)

* commons-text: apache-commons-text: variable interpolation RCE  
(CVE-2022-42889)

* xstream: Xstream to serialise XML data was vulnerable to Denial of  
Service attacks (CVE-2022-40151)

* woodstox-core: woodstox to serialise XML data was vulnerable to Denial of  
Service attacks (CVE-2022-40152)

* xstream: Xstream to serialise XML data was vulnerable to Denial of  
Service attacks (CVE-2022-40153)

* xstream: Xstream to serialise XML data was vulnerable to Denial of  
Service attacks (CVE-2022-40155)

* xstream: Xstream to serialise XML data was vulnerable to Denial of  
Service attacks (CVE-2022-40156)

* xstream: Xstream to serialise XML data was vulnerable to Denial of  
Service attacks (CVE-2022-40154)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2128959 - CVE-2022-40154 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks  
2134288 - CVE-2022-40156 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks  
2134289 - CVE-2022-40155 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks  
2134290 - CVE-2022-40153 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks  
2134291 - CVE-2022-40152 woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks  
2134292 - CVE-2022-40151 xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks  
2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS  
2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays  
2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE  
2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data  
2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow

5. References:

https://access.redhat.com/security/cve/CVE-2022-40149  
https://access.redhat.com/security/cve/CVE-2022-40150  
https://access.redhat.com/security/cve/CVE-2022-40151  
https://access.redhat.com/security/cve/CVE-2022-40152  
https://access.redhat.com/security/cve/CVE-2022-40153  
https://access.redhat.com/security/cve/CVE-2022-40154  
https://access.redhat.com/security/cve/CVE-2022-40155  
https://access.redhat.com/security/cve/CVE-2022-40156  
https://access.redhat.com/security/cve/CVE-2022-42003  
https://access.redhat.com/security/cve/CVE-2022-42004  
https://access.redhat.com/security/cve/CVE-2022-42889  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version=2023-Q1  
https://access.redhat.com/documentation/en-us/red_hat_integration/2023.q1

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY9KrldzjgjWX9erEAQiSfg/8CzU3VwZ40lPgz1S/mDjItoqotqkakk1D  
OBMtX5UNOAYAS/ml8XJr4apF7RwV+O/pjIBs8ajUA1ANfDOJCF/EH3ewSmcNop7y  
xZ6lI5VkCzwlALu0shCxN05UN7i9+/mzlLuEMFxlk3QaYYenxmvKYCHvoF5uKQAm  
atG2A0xGTLo3/h+V2AfP81oVEI/1I1K4XNuFUxK6aMwUyIteLwtcUgHbrbIEkv8m  
WcXaoc8q2BEc3pgLP4EqThIKe87ltlCrMnbM5cJri45kAPX0YOJ7PGd21erOrjD+  
mvI+snP1sZM/0TRRHej/UFiCLRegCKU85ng7lA6iMKBuYPqodSMxxLMjzUEjP5KX  
4SlMNG8m1vIxXkDG+d1bn0cS5bXgp1JFSzn0j/FTcB1YKp4aiKpVL8SIAsYu9b0w  
suSXP7s+HgVvt4HtvUCw+xIJE06nYusNZS1oUuepK7uTdfUWdf6ZULLlMlxAprr3  
UzGH+UkfYZs9MsRDrzV7Q1CSz5axKYDxny4XljK6il3PjgCyADytBLkHfqIZCxHM  
j2G2GbpV98JavSG2DssmOeUFeblsT2LrDMXk01+WpQCtZ+QqVA12g57SooMYByOP  
EcpNNHuA9nHCuq30yQbUuA35RwX42a4pAXMGGtVBBLxJ2rqtWjHUjHfhSrdPXrzx  
yh55hcgmPBM=  
=AiQH  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0469-01

Red Hat Security Advisory 2023-0471-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1). Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Migration Toolkit for Runtimes security update  
Advisory ID:       RHSA-2023:0471-01  
Product:           Migration Toolkit for Runtimes  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0471  
Issue date:        2023-01-26  
CVE Names:         CVE-2022-3517 CVE-2022-25914 CVE-2022-37603   
                   CVE-2022-42003 CVE-2022-42004 CVE-2022-42920   
=====================================================================

1. Summary:

An update is now available for Migration Toolkit for Runtimes (v1.0.1).

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Security Fix(es):

* jib-core: RCE via the isDockerInstalled (CVE-2022-25914)  
* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds  
writing (CVE-2022-42920)  
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)  
* loader-utils: Regular expression denial of service (CVE-2022-37603)  
* jackson-databind: deep wrapper array nesting wrt  
UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)  
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2134344 - CVE-2022-25914 jib-core: RCE via the isDockerInstalled  
2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function  
2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS  
2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays  
2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service  
2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

5. References:

https://access.redhat.com/security/cve/CVE-2022-3517  
https://access.redhat.com/security/cve/CVE-2022-25914  
https://access.redhat.com/security/cve/CVE-2022-37603  
https://access.redhat.com/security/cve/CVE-2022-42003  
https://access.redhat.com/security/cve/CVE-2022-42004  
https://access.redhat.com/security/cve/CVE-2022-42920  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY9KrktzjgjWX9erEAQhAgQ//XBC9o9VYI+ndpTTSa0Xe8i7wf+gwsK5f  
cJV5aaxzrf+OXlNDX6TdRHXmUsiIsT8MkliiegKStsKr5ZeJeJ40l4AFytlMAL3D  
2WtkFIznUcnQfjy//HkEkR1TcMoun2jIoUOym4ILymQNdzEFkE9ALx8xtISWxvqY  
X+Ro97Iw9ecwfLu7OrdlKuLJhEOBK/tCqPY5DGEkc8egxELfWmCIDY+/VFrPui/C  
HtI4+rOcRGTW6eS7zjNBcovsEAzh0+uw6pdRLklGpEbRxYWy7rrfL5a6k1xuVb7q  
UGiUocfVzjM8fGOmifnG8cQrTO16w+EbNa5gtk4j7XJdYFI1B3mdfuYkz7EOd6tY  
FkflesNFmEsR2BjGOYchkxNNTSXjLjDzfzaoqUeCFU8gWNaRkwtUL8dKOgLwVrok  
cAH7AqYJ9pBCVDYFpB2vz9EW6cUDvYkkki8WckEDjG7Y0b66fmzous8qz9xIsCoN  
0PJRM1vSnrTNYq1p/DWq0bHY4cQJ+yIIcDVzOdAblsGStk9TLaNcklpnyc5TNmYL  
hp8+3keJ7LXRHInNn9ev+4askstdUNCvUymfZY/GxAAXUlr0inPOGEnNZB35d1n4  
iok2xXLiCJQpfiUYaT3Ch2NiJ/0xz5miDchjWpWRKmeqXJyvUtaiF5cDlci8NvzJ  
AwLDrG6Ja/g=  
=Quha  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0471-01

Secure Web Gateway version 10.2.11 suffers from a cross site scripting vulnerability. RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure Web Gateway. While it is possible to inject arbitrary content types, the primary risk arises from JavaScript code allowing for cross site scripting.

RedTeam Pentesting identified a vulnerability which allows attackers to  
craft URLs to any third-party website that result in arbitrary content  
to be injected into the response when accessed through the Secure Web  
Gateway. While it is possible to inject arbitrary content types, the  
primary risk arises from JavaScript code allowing for cross-site  
scripting.

Details  
=======

Product: Secure Web Gateway  
Affected Versions: 10.2.11, potentially other versions  
Fixed Versions: 10.2.17, 11.2.6, 12.0.1  
Vulnerability Type: Cross-Site Scripting  
Security Risk: high  
Vendor URL: https://www.skyhighsecurity.com/en-us/products/secure-web-gateway.html  
Vendor Status: fixed version released  
Advisory URL: https://www.redteam-pentesting.de/advisories/rt-sa-2022-002  
Advisory Status: published  
CVE: CVE-2023-0214  
CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0214

Introduction  
============

"Skyhigh Security Secure Web Gateway (SWG) is the intelligent,  
cloud-native web security solution that connects and secures your  
workforce from malicious websites and cloud apps—from anywhere, any  
application, and any device."

(from the vendor's homepage)

More Details  
============

The Secure Web Gateway's (SWG) block page, which is displayed when a  
request or response is blocked by a rule, can contain static files such  
as images, stylesheets or JavaScript code. These files are embedded  
using special URL paths. Consider the following excerpt of a block page:

------------------------------------------------------------------------  
<html>  
  
  
<head>  
  <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">  
  <meta http-equiv="X-UA-Compatible" content="IE=7" />  
  <title>McAfee Web Gateway - Notification</title>  
  <script src="/mwg-internal/de5fs23hu73ds/files/javascript/sw.js" type="text/javascript" ></script>  
  <link rel="stylesheet" href="/mwg-internal/de5fs23hu73ds/files/default/stylesheet.css" />  
</head>  
------------------------------------------------------------------------

Static content is loaded from URL paths prefixed with  
"/mwg-internal/de5fs23hu73ds/". It was discovered that paths with this  
prefix are intercepted and directly handled by the SWG no matter on  
which domain they are accessed. While the prefix can be configured in  
the SWG, attackers can also obtain it using another currently  
undisclosed vulnerability.

By reverse engineering the file "libSsos.so" and analysing JavaScript  
code, it was possible to derive the API of the "Ssos" plugin's  
"SetLoginToken" action. Through the following call using the  
command-line HTTP client curl, the behaviour of the plugin was further  
analysed:

------------------------------------------------------------------------  
$ curl --proxy http://192.168.1.1:8080 -i 'https://gateway.example.com/mwg-internal/de5fs23hu73ds/plugin?target=Ssos&action=SetLoginToken&v=v&c=c&p=p'  
HTTP/1.0 200 OK  
P3P: p  
Connection: Keep-Alive  
Set-Cookie: MwgSso=v; Path=/; Max-Age=240;  
Content-Type: application/javascript  
Content-Length: 2  
X-Frame-Options: deny

c;  
------------------------------------------------------------------------

The response embeds the values of the three URL parameters "v", "c" and  
"p". The value for "p" is embedded as value of the "P3P" header, the  
value of "c" as the response body and the value of "v" as the value  
of the cookie "MwgSso".

It is also possible to include newline or carriage return characters in  
the parameter value which are not encoded in the output. Consequently,  
if the value of the parameter "p" contains a line break, arbitrary  
headers can be injected. If two line breaks follow, an arbitrary body  
can be injected. If a suitable "Content-Length" header is injected, the  
remaining headers and body of the original response will be ignored by  
the browser. This means that apart from the initial "P3P" header, an  
arbitrary response can be generated. For example, a page containing  
JavaScript code could be returned, resulting in a cross-site scripting  
attack.

Consequently, attackers can construct URL paths that can be appended to  
any domain and cause an arbitrary response to be returned if the URL is  
accessed through the SWG. This could be exploited by distributing such  
URLs or even by offering a website which performs an automatic redirect  
to any other website using such a URL. As a result, the SWG exposes its  
users to self-induced cross-site scripting vulnerabilities in any  
website.

Proof of Concept  
================

In the following request, the "p" parameter is used to inject suitable  
"Content-Type" and "Content-Length" headers, as well as an arbitrary  
HTML response body.

------------------------------------------------------------------------  
$ curl --proxy http://192.168.1.1:8080 'https://gateway.example.com/mwg-internal/de5fs23hu73ds/plugin?target=Ssos&action=SetLoginToken&v=v&c=c&p=p%0aContent-Type: text/html%0aContent-Length: 27%0a%0a<h1>RedTeam Pentesting</h1>'  
HTTP/1.0 200 OK  
P3P: p  
Content-Type: text/html  
Content-Length: 27

<h1>RedTeam Pentesting</h1>  
------------------------------------------------------------------------

As mentioned above, the HTTP response body could also include JavaScript  
code designed to interact with the domain specified in the URL resulting  
in a cross-site scripting vulnerability.

Workaround  
==========

None.

Fix  
===

According to the vendor, the vulnerability is mitigated in versions  
10.2.17, 11.2.6 and 12.0.1 of the Secure Web Gateway. This was not  
verified by RedTeam Pentesting GmbH. The vendor's security bulletin can  
be found at the following URL:

https://kcm.trellix.com/corporate/index?page=content&id=SB10393

Security Risk  
=============

The vulnerability could be used to perform cross-site scripting attacks  
against users of the SWG in context of any domain. Attackers only need  
to convince users to open a prepared URL or visit an attacker's website  
that could perform an automatic redirect to an exploit URL. This exposes  
any website visited through the SWG to the various risks and  
consequences of a cross-site scripting vulnerability such as account  
takeover. As a result, this vulnerability poses a high risk.

Timeline  
========

2022-07-29 Vulnerability identified  
2022-10-20 Customer approved disclosure to vendor  
2022-10-20 Vulnerability was disclosed to the vendor  
2023-01-17 Patch released by vendor for versions 10.2.17, 11.2.6 and  
           12.0.1.  
2023-01-26 Detailed advisory released by RedTeam Pentesting GmbH

RedTeam Pentesting GmbH  
=======================

RedTeam Pentesting offers individual penetration tests performed by a  
team of specialised IT-security experts. Hereby, security weaknesses in  
company networks or products are uncovered and can be fixed immediately.

As there are only few experts in this field, RedTeam Pentesting wants to  
share its knowledge and enhance the public knowledge with research in  
security-related areas. The results are made available as public  
security advisories.

More information about RedTeam Pentesting can be found at:  
https://www.redteam-pentesting.de/

Working at RedTeam Pentesting  
=============================

RedTeam Pentesting is looking for penetration testers to join our team  
in Aachen, Germany. If you are interested please visit:  
https://jobs.redteam-pentesting.de/

--   
RedTeam Pentesting GmbH                   Tel.: +49 241 510081-0  
Alter Posthof 1                           Fax : +49 241 510081-99  
52062 Aachen                    https://www.redteam-pentesting.de  
Germany                         Registergericht: Aachen HRB 14004  
Geschäftsführer:                       Patrick Hof, Jens Liebchen

Secure Web Gateway 10.2.11 Cross Site Scripting

Ubuntu Security Notice 5829-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5829-1  
January 25, 2023

linux-raspi, linux-raspi-5.4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-raspi: Linux kernel for Raspberry Pi systems  
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems

Details:

It was discovered that the NFSD implementation in the Linux kernel did not  
properly handle some RPC messages, leading to a buffer overflow. A remote  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-43945)

Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation  
in the Linux kernel contained multiple use-after-free vulnerabilities. A  
physically proximate attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2022-42896)

It was discovered that the Xen netback driver in the Linux kernel did not  
properly handle packets structured in certain ways. An attacker in a guest  
VM could possibly use this to cause a denial of service (host NIC  
availability). (CVE-2022-3643)

It was discovered that an integer overflow vulnerability existed in the  
Bluetooth subsystem in the Linux kernel. A physically proximate attacker  
could use this to cause a denial of service (system crash).  
(CVE-2022-45934)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 20.04 LTS:  
   linux-image-5.4.0-1079-raspi    5.4.0-1079.90  
   linux-image-raspi               5.4.0.1079.109  
   linux-image-raspi2              5.4.0.1079.109

Ubuntu 18.04 LTS:  
   linux-image-5.4.0-1079-raspi    5.4.0-1079.90~18.04.1  
   linux-image-raspi-hwe-18.04     5.4.0.1079.76

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-5829-1  
   CVE-2022-3643, CVE-2022-42896, CVE-2022-43945, CVE-2022-45934

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1079.90  
   https://launchpad.net/ubuntu/+source/linux-raspi-5.4/5.4.0-1079.90~18.04.1

Ubuntu Security Notice USN-5829-1

Red Hat Security Advisory 2023-0468-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift GitOps security update  
Advisory ID:       RHSA-2023:0468-01  
Product:           Red Hat OpenShift GitOps  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0468  
Issue date:        2023-01-25  
CVE Names:         CVE-2021-46848 CVE-2022-3821 CVE-2022-35737  
                   CVE-2022-40303 CVE-2022-40304 CVE-2022-42010  
                   CVE-2022-42011 CVE-2022-42012 CVE-2022-43680  
                   CVE-2023-22482  
====================================================================  
1. Summary:

An update is now available for Red Hat OpenShift GitOps 1.5.9

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat Openshift GitOps is a declarative way to implement continuous  
deployment for cloud native applications.

Security Fix(es):

* ArgoCD: JWT audience claim is not verified (CVE-2023-22482)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2160492 - CVE-2023-22482 ArgoCD: JWT audience claim is not verified

5. References:

https://access.redhat.com/security/cve/CVE-2021-46848  
https://access.redhat.com/security/cve/CVE-2022-3821  
https://access.redhat.com/security/cve/CVE-2022-35737  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-42010  
https://access.redhat.com/security/cve/CVE-2022-42011  
https://access.redhat.com/security/cve/CVE-2022-42012  
https://access.redhat.com/security/cve/CVE-2022-43680  
https://access.redhat.com/security/cve/CVE-2023-22482  
https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY9GudNzjgjWX9erEAQgBrhAAqFVhXhH38akhx/nsMZyYCCIONklFPwKm  
Ev6ez9Qch5V4aCrLk+6hs7/N56icOeYZ+iiShE3G7nhppD084dc8vniafE7xM8hX  
x2IvxhTz1Yqvb/EUi3hg3VhUt6K6OLE06iMnNEwjbrcOt+OQu3D38YirVvQGyMCP  
uwqMuDXVMq0k4vcb8+4iQwsOGUqgx1q1/tflt4HjGZYsKNoNcUZdWGXar7ay5hAD  
0eoSzLSCZftZM6EYLgzbGjuyS3hGeQspLZm6KDPR+CZuRmzxxFYNA5Ey3fPpURtW  
qiZq5sFGnp4euFOc67Ul2EPJGvb/t+hMDfvWtX+eq1uAZqoAmXgWQg59Bvv8WzYV  
wZtaVEhCQ7i07zs8z6/iqwIhfybzmmN6Us05DD5VsYES2qc1QGH4PB7qY2PqZBZF  
tThz/OIrCrsfKxnfomeZ8QUr/HpOjwDl794wW8Sy7qb6gNZAhl0DSPM9ifidh2oP  
AsjOAh1HRPe/GW7q0LsPFbN/RQJbS/WvUnoA2wP/XZWUKwQho7FiXjuS06HIg6V0  
6Gbi+1SmN50CorRWHBCuCkttNFf9bRJ1o/sx7d/w5ThO2Q3b8YmawHtaC7pF0VLW  
h1bpejbepKcl6fwj/TwEfLFvKmh7ieIqrnvcdbnzbtdTGckOn6Seab2pHXVNUrf5  
pJe+ijsHOrE=qzAp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0468-01

Red Hat Security Advisory 2023-0466-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift GitOps security update  
Advisory ID:       RHSA-2023:0466-01  
Product:           Red Hat OpenShift GitOps  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0466  
Issue date:        2023-01-25  
CVE Names:         CVE-2021-46848 CVE-2022-35737 CVE-2022-40303  
                   CVE-2022-40304 CVE-2022-42010 CVE-2022-42011  
                   CVE-2022-42012 CVE-2022-43680 CVE-2023-22482  
====================================================================  
1. Summary:

An update is now available for Red Hat OpenShift GitOps 1.6.4

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat Openshift GitOps is a declarative way to implement continuous  
deployment for cloud native applications.

Security Fix(es):

* ArgoCD: JWT audience claim is not verified (CVE-2023-22482)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2160492 - CVE-2023-22482 ArgoCD: JWT audience claim is not verified

5. References:

https://access.redhat.com/security/cve/CVE-2021-46848  
https://access.redhat.com/security/cve/CVE-2022-35737  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-42010  
https://access.redhat.com/security/cve/CVE-2022-42011  
https://access.redhat.com/security/cve/CVE-2022-42012  
https://access.redhat.com/security/cve/CVE-2022-43680  
https://access.redhat.com/security/cve/CVE-2023-22482  
https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY9GudtzjgjWX9erEAQiaJg//SCYTySzh7i7XFmRfC/2RcePA1k24wT4U  
cQXk5AptxoOBldLlReCDoZGEyTL6qDHC8h19zwPIRt12iCkywhaboKe4GEGEM+Sw  
WaOSkRKKG+Yz+4Lmyv2hwtydQL43JTlrx3glaQiZSK2gQB6fvtuRuJaHznKEVXhJ  
FXzYHWEVBgM8wGt8rbWKlOZ8YQTbL8EYRXyw4lu8wPyRvH0KDTY9mYOATOtsY+Ng  
Kqaq/OEvShQkTuyIclFbTEq3ADAuqxU8gewzKQxUgfRBfeesAst4I/MPX57xVG78  
c9ccM/o2MAR6/hoNtJvCAtI52XRthJUPg0BCWLUv0leW8PNZSKTkTXJBudWg0EUl  
r1LT3z+/6ieHxYH1dKrIOkRsNdy9RZKHNV8XPdqVkqmCHcx7En9p9SPegSpC3U7z  
Nzke0DBa01l9sKc/NCBlJv3RVJK0btkr9qxDWrViVLTG5sTmMV0xYSp5xZsyLv6m  
CXWZDXOAWU9nfm0jjYSIFaz2OedLYljvYMIyoJuhMILJZVi65YPlwnwJEEFU+JsR  
UwxeC4jK+030Xg2pUNfyaxLKrDs1eniJ3DKOUilY5YQqO1D7IJfqmX84VknWeFSC  
mP/shLu13sDyrcgl+sMFRdmT0M9Qaf6S8Y2zyqXYckcD55FQO5zaR0qUUkYUOXSQ  
7YCCwIJCmdA=UItv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0466-01

Red Hat Security Advisory 2023-0467-01 - Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenShift GitOps security update  
Advisory ID:       RHSA-2023:0467-01  
Product:           Red Hat OpenShift GitOps  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0467  
Issue date:        2023-01-25  
CVE Names:         CVE-2021-46848 CVE-2022-3821 CVE-2022-35737  
                   CVE-2022-40303 CVE-2022-40304 CVE-2022-42010  
                   CVE-2022-42011 CVE-2022-42012 CVE-2022-43680  
                   CVE-2023-22482 CVE-2023-22736  
====================================================================  
1. Summary:

An update is now available for Red Hat OpenShift GitOps 1.7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat Openshift GitOps is a declarative way to implement continuous  
deployment for cloud native applications.

Security Fix(es):

* ArgoCD: JWT audience claim is not verified (CVE-2023-22482)

* ArgoCD: authorization bypass (CVE-2023-22736)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2160492 - CVE-2023-22482 ArgoCD: JWT audience claim is not verified  
2162517 - CVE-2023-22736 argocd: Controller reconciles apps outside configured namespaces when sharding is enabled

5. References:

https://access.redhat.com/security/cve/CVE-2021-46848  
https://access.redhat.com/security/cve/CVE-2022-3821  
https://access.redhat.com/security/cve/CVE-2022-35737  
https://access.redhat.com/security/cve/CVE-2022-40303  
https://access.redhat.com/security/cve/CVE-2022-40304  
https://access.redhat.com/security/cve/CVE-2022-42010  
https://access.redhat.com/security/cve/CVE-2022-42011  
https://access.redhat.com/security/cve/CVE-2022-42012  
https://access.redhat.com/security/cve/CVE-2022-43680  
https://access.redhat.com/security/cve/CVE-2023-22482  
https://access.redhat.com/security/cve/CVE-2023-22736  
https://docs.openshift.com/container-platform/latest/cicd/gitops/understanding-openshift-gitops.html  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY9GucdzjgjWX9erEAQh86w//faaz9Ywaa6wfhtz+5MrYTWddEx8DKiek  
Kb5/Hk9T2czE1HJVAKhh9iWSkBlGtTeEAkSmRohFOrElF5VJ5CVfalnDS3x2W6VV  
KMf+Qnrw1+apt3BA+yNQA4KAvwIVL9/+QS0c0UsakWTtrY+cSLwDEIIzcXFJbL1I  
R3UAAoGwqk7Q2qS7x7Z1NrG+sOmkCa3q5WerKciQa8YVeLf5zwlq07sEFlpEfPMs  
PLfIU0aHcceRqFv6NLl7Q1bABtPl3WrveRDaR8QA+sFvAR9X1wMT17Mfkfg0OzYj  
v82Isvya5AYA5lP1cfPxVc7U3PG23x4JpJykn3khNpzdIHWHK8n8BZTIO3mXl3PX  
3fPfLtcQ1M9LCb5ivnLiSsORxya7DoYFBjnL9o9ULyv8mwj2JfbtbVeTBkPzXEFK  
xFI+Tl5bABdo0MJhrK8pbq/uV8I708QoznXSWB5Lq2WTz+xYItYXhAG4oPNVoaaR  
cQeIu3i5VDi9VRaohotjMuxN7dXmZkwLJWQ55idKxk5Ul+L7DoLh0LMnVIXDMRV3  
TfEFLFod/zt1yx2T9nqe33pCYJHLtFail24YjMpcFvvGXKKSioH9Y8DjHnUgCgz7  
wuOGI3kxn9J8kL561UtKREIR6arNZR9Ht/zKXXF82uZnBT+KVCQX6M4TvNp/oaAD  
wm5RXj9L40I=uoKQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm