Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.

Skip to content

Sign up

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    
    *   Explore
    *   All features
    *   Documentation
    *   GitHub Skills
    *   Blog
    
*   *   For
    *   Enterprise
    *   Teams
    *   Startups
    *   Education
    
    *   By Solution
    *   CI/CD & Automation
    *   DevOps
    *   DevSecOps
    
    *   Case Studies
    *   Customer Stories
    *   Resources
    
*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
    *   Repositories
    *   Topics
    *   Trending
    *   Collections
    
*   Pricing

*   In this repository All GitHub
    

*   No suggested jump to results

*   In this repository All GitHub
    
*   In this organization All GitHub
    
*   In this repository All GitHub
    

Sign in

Sign up

executablebooks / **markdown-it-py** Public

*   Notifications
*   Fork 54
*   Star 427
    

*   Code
*   Issues 17
*   Pull requests 4
*   Actions
*   Security
*   Insights

More

Permalink

Browse files

🐛

FIX: CLI crash on non-utf8 character (#247)

Addresses CVE-2023-26302

*   Loading branch information

chrisjsewell committed

Feb 22, 2023

1 parent 6491bc2 commit 53ca3e9

Show file tree

Hide file tree

Showing **2 changed files** with **8 additions** and **1 deletion**.

*   *   parse.py
*   *   test\_cli.py

2 markdown\_it/cli/parse.py

Show comments View file

@@ -35,7 +35,7 @@ def convert\_file(filename: str) -> None:

Parse a Markdown file and dump the output to stdout.

"""

try:

with open(filename, "r") as fin:

with open(filename, "r", encoding\="utf8", errors\="ignore") as fin:

rendered \= MarkdownIt().render(fin.read())

print(rendered, end\="")

except OSError:

7 tests/test\_cli.py

Show comments View file

@@ -20,6 +20,13 @@ def test\_parse\_fail():

assert exc\_info.value.code \== 1

  

  

def test\_non\_utf8():

with tempfile.TemporaryDirectory() as tempdir:

path \= pathlib.Path(tempdir).joinpath("test.md")

path.write\_bytes(b"\\x80abc")

assert parse.main(\[str(path)\]) \== 0

  

  

def test\_print\_heading():

with patch("builtins.print") as patched:

parse.print\_heading()

**0 comments on commit 53ca3e9**

Please sign in to comment.

CVE-2023-26302: 🐛 FIX: CLI crash on non-utf8 character (#247) · executablebooks/markdown-it-py@53ca3e9

Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.

*   Home
*   Browse
*   FreeImage
*   Discussion

*   Summary
*   Files
*   Reviews
*   Support
*   Mailing Lists
*   Code
*   Tickets ▾
    *   Feature Requests
    *   Patches
    *   Bugs
    *   Support Requests
*   News
*   Discussion
*   FreeImage
*   FreeImage

Menu ▾ ▴

**FreeImage 3.18.0 1byte OOB Read**

Created: 3 days ago

Updated: 3 days ago

*   ==3820756==ERROR:AddressSanitizer:heap-buffer-overflowonaddress0x612000001995
    atpc0x5627bb77696fbp0x7ffc771a50d0sp0x7ffc771a50c0READofsize1at0x612000001995threadT0
    #0 0x5627bb77696e in ReadInt32 Source/Metadata/Exif.cpp:120 #1 0x5627bb785e15 in ReadUint32 Source/Metadata/Exif.cpp:138 
    #2 0x5627bb785e15 in jpeg_read_exif_dir Source/Metadata/Exif.cpp:723 
    #3 0x5627bb78a6c8 in jpegxr_read_exif_gps_profile Source/Metadata/Exif.cpp:955 
    #4 0x5627bb6089d5 in ReadMetadata Source/FreeImage/PluginJXR.cpp:607 
    #5 0x5627bb6089d5 in Load Source/FreeImage/PluginJXR.cpp:1186 
    #6 0x5627bb560a76 in FreeImage_LoadFromHandle Source/FreeImage/Plugin.cpp:388 
    #7 0x5627bb560dd5 in FreeImage_Load Source/FreeImage/Plugin.cpp:408 
    #8 0x5627bb501abb in testClone(char const*) /home/akuma/FreeImage/TestAPI/testImageType.cpp:34 
    #9 0x5627bb502100 in testAllocateCloneUnload(char const*) /home/akuma/FreeImage/TestAPI/testImageType.cpp:56 
    #10 0x5627bb4eeaa2 in main /home/akuma/FreeImage/TestAPI/MainTestSuite.cpp:69 
    #11 0x7f696c2480b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) 
    #12 0x5627bb4fc16d in _start (/home/akuma/FreeImage/TestAPI/testAPI+0x1b716d) Address 0x612000001995 is a wild pointer. 
    SUMMARY:AddressSanitizer:heap-buffer-overflow
    Source/Metadata/Exif.cpp:120inReadInt32Shadowbytes
    aroundthebuggyaddress:
    0x0c247fff82e0:fafafafafafafafafafafafafafafafa
    0x0c247fff82f0:fafafafafafafafafafafafafafafafa
    0x0c247fff8300:fafafafafafafafafafafafafafafafa
    0x0c247fff8310:fafafafafafafafafafafafafafafafa
    0x0c247fff8320:fafafafafafafafafafafafafafafafa
    =>0x0c247fff8330:fafa[fa]fafafafafafafafafafafafafa
    0x0c247fff8340:fafafafafafafafafafafafafafafafa
    0x0c247fff8350:fafafafafafafafafafafafafafafafa
    0x0c247fff8360:fafafafafafafafafafafafafafafafa
    
    \[CVE-ID\]  
    CVE-2021-33367  
    \[Product\]  
    FreeImage 3.18.0  
    \[Version\]  
    FreeImage 3.18.0  
    \[Discoverer\]  
    3kyo0  
    \[Vulnerability Type\]  
    Buffer Overflow  
    \[Description\]  
    Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
    

Log in to post a comment.

CVE-2021-33367: FreeImage / Discussion / Open Discussion: FreeImage 3.18.0 1byte OOB Read

Red Hat Security Advisory 2023-0774-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.28. Issues addressed include denial of service and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.11.28 security update  
Advisory ID:       RHSA-2023:0774-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0774  
Issue date:        2023-02-21  
CVE Names:         CVE-2021-4238 CVE-2021-38561 CVE-2022-2879  
                   CVE-2022-2880 CVE-2022-4337 CVE-2022-4338  
                   CVE-2022-23521 CVE-2022-41715 CVE-2022-41717  
                   CVE-2022-41903  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.11.28 is now available with  
updates to packages and images that fix several bugs and add enhancements.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.11.28. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHBA-2023:0773

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Security Fix(es):

* goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as  
random as they should be (CVE-2021-4238)

* golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
(CVE-2021-38561)

* golang: net/http: An attacker can cause excessive memory growth in a Go  
server accepting HTTP/2 requests (CVE-2022-41717)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.11 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

You can download the oc tool and use it to inspect release image metadata  
for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests  
can be found at  
https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are:

(For x86_64 architecture)  
The image digest is  
sha256:85238bc3eddb88e958535597dbe8ec6f2aa88aa1713c2e1ee7faf88d1fefdac0

(For s390x architecture)  
The image digest is  
sha256:96528500690870b001c214ed0b142b5b375494ddfd99de274285ae6eacd318bb

(For ppc64le architecture)  
The image digest is  
sha256:0821035d379a4cab1147669bac5f42139b9839e780394e8586e29800e79789bd

(For aarch64 architecture)  
The image digest is  
sha256:a5c6196590d47b5ca8578e35c23da47cb103947271ab5deb21c8d258de62a777

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
2156729 - CVE-2021-4238 goutils: RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be  
2161274 - CVE-2022-41717 golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-3942 - Whereabouts CNI timesout while iterating exclude range [backport 4.11]  
OCPBUGS-5245 - [release-4.11] OVNK: NAT issue for packets exceeding check_pkt_larger() for NodePort services that route to hostNetworked pods  
OCPBUGS-6492 - Inconsistent user expeience for creating new projects after persmissions have been revoked  
OCPBUGS-6851 - admin ack test nondeterministically does a check post-upgrade  
OCPBUGS-7010 - [release-4.11] Egress FW ACL rules are invalid in dualstack mode  
OCPBUGS-7319 - [4.11] [OVNK] Add support for service session affinity timeout  
OCPBUGS-7330 - When setting allowedRegistries urls the openshift-samples operator is degraded

6. References:

https://access.redhat.com/security/cve/CVE-2021-4238  
https://access.redhat.com/security/cve/CVE-2021-38561  
https://access.redhat.com/security/cve/CVE-2022-2879  
https://access.redhat.com/security/cve/CVE-2022-2880  
https://access.redhat.com/security/cve/CVE-2022-4337  
https://access.redhat.com/security/cve/CVE-2022-4338  
https://access.redhat.com/security/cve/CVE-2022-23521  
https://access.redhat.com/security/cve/CVE-2022-41715  
https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2022-41903  
https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/VhwtzjgjWX9erEAQieJhAAnVRuofPrL8tBs08OpHo0Rj3ZzV/KbN/7  
27r8x4isOS52luUiYXbhOZVyhvD+CO0smH0XyDO4VKgSNq+3c9bn01ManYV0AG6L  
6iHWfYDaiQ3BUhjxblbAjjQb4NvwzOaMUZ+ZUBq7SwBSNDRSvcrZQbkzoNpOqAxd  
LyjaPOiPpinRp+rWO+TEX3/Lh9or4+Ga6LrqtXOWTqY8i/a0JDkX3RxB9I/0HkXa  
4pqyAXADc/Ms7tKjTH3+guLkzDJFyF0XNPYI1lIxNCrBA1raXCB1AZbbdqcMDV8n  
C6scF+X6jdSV4tSZ3xzHP1HCIMNHCoalMhBezpHIBO6thjZABCSM8zaoSi+GfnMc  
hwSYg/M2j9GqgpW1m6cu9HH/UWKkFyNbywtoJi/tF0rfCrcg3sppD9Id5VOUbwOI  
+kYycQIpmMdsFPW5ky87BGjzO3P+bd3W5hNWMUnecuDruZsItu/8XI/KWcFQhMEO  
il6GMPdSFdoCkqcv3QIMfEnDsfEgIhC7LASwcb1JaBvNIsoIuWu8zk7TJrqrNTgd  
nWGcfiUNOuNVaI1IyWRsd3/vZXSzO80PMbMckc7t1ONEbDka0siYGoN5WBrehZ7J  
XcRHqpKQbRgrDwUjL9l6gJ16CoiS3+OCHyl4yIS1yBGadKQZGOqQ7Y54Pfc16rU9  
j4PDiUFOyxc=DjOz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0774-01

Ubuntu Security Notice 5881-1 - It was discovered that Chromium did not properly manage memory. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code via a crafted HTML page. It was discovered that Chromium did not properly manage memory. A remote attacker who convinced a user to install a malicious extension could possibly use this issue to corrupt memory via a Chrome web app.

    ==========================================================================Ubuntu Security Notice USN-5881-1February 21, 2023chromium-browser vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 18.04 LTSSummary:Several security issues were fixed in Chromium.Software Description:- chromium-browser: Chromium web browser, open-source version of ChromeDetails:It was discovered that Chromium did not properly manage memory. A remoteattacker could possibly use these issues to cause a denial of service orexecute arbitrary code via a crafted HTML page. (CVE-2023-0471,CVE-2023-0472, CVE-2023-0473, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699,CVE-2023-0702, CVE-2023-0705)It was discovered that Chromium did not properly manage memory. A remoteattacker who convinced a user to install a malicious extension couldpossibly use this issue to corrupt memory via a Chrome web app.(CVE-2023-0474)It was discovered that Chromium contained an inappropriate implementationin the Download component. A remote attacker could possibly use this issueto spoof contents of the Omnibox (URL bar) via a crafted HTML page.(CVE-2023-0700)It was discovered that Chromium did not properly manage memory. A remoteattacker who convinced a user to engage in specific UI interactions couldpossibly use these issues to cause a denial of service or executearbitrary code. (CVE-2023-0701, CVE-2023-0703)It was discovered that Chromium insufficiently enforced policies. A remoteattacker could possibly use this issue to bypass same origin policy andproxy settings via a crafted HTML page. (CVE-2023-0704)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 18.04 LTS:   chromium-browser                110.0.5481.100-0ubuntu0.18.04.1This update uses a new upstream release, which includes additional bugfixes. In general, a standard system update will make all the necessarychanges.References:   https://ubuntu.com/security/notices/USN-5881-1   CVE-2023-0471, CVE-2023-0472, CVE-2023-0473, CVE-2023-0474,   CVE-2023-0696, CVE-2023-0698, CVE-2023-0699, CVE-2023-0700,   CVE-2023-0701, CVE-2023-0702, CVE-2023-0703, CVE-2023-0704,   CVE-2023-0705Package Information:https://launchpad.net/ubuntu/+source/chromium-browser/110.0.5481.100-0ubuntu0.18.04.1

Ubuntu Security Notice USN-5881-1

Red Hat Security Advisory 2023-0833-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include denial of service, information leakage, and open redirection vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: python3 security update  
Advisory ID:       RHSA-2023:0833-02  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0833  
Issue date:        2023-02-21  
CVE Names:         CVE-2020-10735 CVE-2021-28861 CVE-2022-45061  
====================================================================  
1. Summary:

An update for python3 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Python is an interpreted, interactive, object-oriented programming  
language, which includes modules, classes, exceptions, very high level  
dynamic data types and dynamic typing. Python supports interfaces to many  
system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python: int() type in PyLong_FromString() does not limit amount of digits  
converting text to int leading to DoS (CVE-2020-10735)

* python: open redirection vulnerability in lib/http/server.py may lead to  
information disclosure (CVE-2021-28861)

* Python: CPU denial of service via inefficient IDNA decoder  
(CVE-2022-45061)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1834423 - CVE-2020-10735 python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS  
2120642 - CVE-2021-28861 python: open redirection vulnerability in lib/http/server.py may lead to information disclosure  
2144072 - CVE-2022-45061 Python: CPU denial of service via inefficient IDNA decoder

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64:  
platform-python-debug-3.6.8-48.el8_7.1.aarch64.rpm  
platform-python-devel-3.6.8-48.el8_7.1.aarch64.rpm  
python3-debuginfo-3.6.8-48.el8_7.1.aarch64.rpm  
python3-debugsource-3.6.8-48.el8_7.1.aarch64.rpm  
python3-idle-3.6.8-48.el8_7.1.aarch64.rpm  
python3-tkinter-3.6.8-48.el8_7.1.aarch64.rpm

ppc64le:  
platform-python-debug-3.6.8-48.el8_7.1.ppc64le.rpm  
platform-python-devel-3.6.8-48.el8_7.1.ppc64le.rpm  
python3-debuginfo-3.6.8-48.el8_7.1.ppc64le.rpm  
python3-debugsource-3.6.8-48.el8_7.1.ppc64le.rpm  
python3-idle-3.6.8-48.el8_7.1.ppc64le.rpm  
python3-tkinter-3.6.8-48.el8_7.1.ppc64le.rpm

s390x:  
platform-python-debug-3.6.8-48.el8_7.1.s390x.rpm  
platform-python-devel-3.6.8-48.el8_7.1.s390x.rpm  
python3-debuginfo-3.6.8-48.el8_7.1.s390x.rpm  
python3-debugsource-3.6.8-48.el8_7.1.s390x.rpm  
python3-idle-3.6.8-48.el8_7.1.s390x.rpm  
python3-tkinter-3.6.8-48.el8_7.1.s390x.rpm

x86_64:  
platform-python-3.6.8-48.el8_7.1.i686.rpm  
platform-python-debug-3.6.8-48.el8_7.1.i686.rpm  
platform-python-debug-3.6.8-48.el8_7.1.x86_64.rpm  
platform-python-devel-3.6.8-48.el8_7.1.i686.rpm  
platform-python-devel-3.6.8-48.el8_7.1.x86_64.rpm  
python3-debuginfo-3.6.8-48.el8_7.1.i686.rpm  
python3-debuginfo-3.6.8-48.el8_7.1.x86_64.rpm  
python3-debugsource-3.6.8-48.el8_7.1.i686.rpm  
python3-debugsource-3.6.8-48.el8_7.1.x86_64.rpm  
python3-idle-3.6.8-48.el8_7.1.i686.rpm  
python3-idle-3.6.8-48.el8_7.1.x86_64.rpm  
python3-test-3.6.8-48.el8_7.1.i686.rpm  
python3-tkinter-3.6.8-48.el8_7.1.i686.rpm  
python3-tkinter-3.6.8-48.el8_7.1.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
python3-3.6.8-48.el8_7.1.src.rpm

aarch64:  
platform-python-3.6.8-48.el8_7.1.aarch64.rpm  
python3-debuginfo-3.6.8-48.el8_7.1.aarch64.rpm  
python3-debugsource-3.6.8-48.el8_7.1.aarch64.rpm  
python3-libs-3.6.8-48.el8_7.1.aarch64.rpm  
python3-test-3.6.8-48.el8_7.1.aarch64.rpm

ppc64le:  
platform-python-3.6.8-48.el8_7.1.ppc64le.rpm  
python3-debuginfo-3.6.8-48.el8_7.1.ppc64le.rpm  
python3-debugsource-3.6.8-48.el8_7.1.ppc64le.rpm  
python3-libs-3.6.8-48.el8_7.1.ppc64le.rpm  
python3-test-3.6.8-48.el8_7.1.ppc64le.rpm

s390x:  
platform-python-3.6.8-48.el8_7.1.s390x.rpm  
python3-debuginfo-3.6.8-48.el8_7.1.s390x.rpm  
python3-debugsource-3.6.8-48.el8_7.1.s390x.rpm  
python3-libs-3.6.8-48.el8_7.1.s390x.rpm  
python3-test-3.6.8-48.el8_7.1.s390x.rpm

x86_64:  
platform-python-3.6.8-48.el8_7.1.x86_64.rpm  
python3-debuginfo-3.6.8-48.el8_7.1.i686.rpm  
python3-debuginfo-3.6.8-48.el8_7.1.x86_64.rpm  
python3-debugsource-3.6.8-48.el8_7.1.i686.rpm  
python3-debugsource-3.6.8-48.el8_7.1.x86_64.rpm  
python3-libs-3.6.8-48.el8_7.1.i686.rpm  
python3-libs-3.6.8-48.el8_7.1.x86_64.rpm  
python3-test-3.6.8-48.el8_7.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2020-10735  
https://access.redhat.com/security/cve/CVE-2021-28861  
https://access.redhat.com/security/cve/CVE-2022-45061  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/UNY9zjgjWX9erEAQhZng//ZoG8h4n8lNd97ogZoibajKwk1QGMF4pl  
SlVge+fXLheS9cViTF88TQlu0PCM5FYTZpqntR+l1EzCEMCHexH13AWDw9/J3EX7  
dUoVUrKuT9STXDOjSsBNSMfpey08i8ovPGdWGwbbA6HC4n/MeiX4GiF5HdLsS3SX  
GuUmvrp+kfmS7gt/uF5ti7tpIMWQNCKq/MO5uwUQWyQhcDJK7ri++7kPml30DO98  
rpXFY3U+kf1RR85VhiiwjWjjgNxVEb2d5xKenwmetY2fMKukl627vkA0JF0Okwau  
ex0F13PFlv9x5Cw6d79r56tPggQABDxBZgJvQYzPuC9GNiiSoQQzAmvgN7v8znHZ  
uPd643nvOls/p7cozQh5KtdgTpNoOieWVpjjh2sQP1bJVPY7/M83ZCxFdXCo5ht0  
7yILHEe1OsA3dVGBkbZIIwHTaHEGxOm2CwCxW4sRhtytiuZCo51+B5hWEqDFlRbj  
ahVdGydlNo5lBdF7bGH7KHqRNfB56ZOQqjTcgIo6sEYjXE0JVFe3ZH+zSxo1rzMp  
mj6+jxcBduNtFfFxhV63ezoM5hAILPEK6qdaHJZ8TKF6zXzhqJI4J0x+NSKODlqT  
P9QWUjekFQ75CVqCSneMvCkwdlX6JB2aIUVfTnAaN6P+R/+Jxmk7rKMM1scANRkI  
iypbI8ocO/g=9TCp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0833-01

Red Hat Security Advisory 2023-0888-01 - A security update for 2.13.2-1 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Integration Camel Extension For Quarkus 2.13.2-1 security update  
Advisory ID:       RHSA-2023:0888-01  
Product:           Red Hat Integration  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0888  
Issue date:        2023-02-21  
CVE Names:         CVE-2022-41881 CVE-2022-41946  
====================================================================  
1. Summary:

Red Hat Integration Camel Extensions for Quarkus 2.13.2-1 release and  
security update is now available. The purpose of this text-only errata is  
to inform you about the security issues fixed.

Red Hat Product Security has rated this update as having an impact of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

A security update for 2.13.2-1 is now available. The purpose of this  
text-only errata is to inform you about the security issues fixed.

Security Fix(es):

* codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS  
(CVE-2022-41881)

* postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create  
a temporary file if the InputStream is larger than 2k (CVE-2022-41946)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS  
2153399 - CVE-2022-41946 postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k

5. References:

https://access.redhat.com/security/cve/CVE-2022-41881  
https://access.redhat.com/security/cve/CVE-2022-41946  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=red.hat.integration&version 23-Q1  
https://access.redhat.com/documentation/en-us/red_hat_integration/2023.q1

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY/UNZdzjgjWX9erEAQiIwRAAnZ351u8MK7gF8jnA0mco14GKRqE4qauE  
R1Mr0XPjxzfXNOA/QB6YYePqAKWgKfKuScGxHinRmi7yUpOsPT+6bUMUGXsD2Mrh  
kDCox/PkgIEpW9VxocN87wfcStiJO3BLu2JAoIF4iHNtm9URRDe8DQ8b5kLiHLKP  
pG7ikonYltrhuAgHwhgJA4/CDWnfRjmi2MGm7UMEGcpK/D/HujJzk4xfKj52Qt65  
tpY3QNygYzrfIq0roJgTKao6iu18J0CxjXC1K+dhGWFDXz+JwLj2rRDssI5lShqc  
w3lJtniHPaBgsBcBzQ1qexfkNY9/cTTOsESKuWumvvoZP6Kvsz6pMkz6Lz0NKAI2  
ihWS8E1jgBMxOLvcxLOzRU5G6P2l1MP/Ij5b+j+aQr2yDs7hG3Gqpi3gaFBv8vlR  
YJDY8mSZuDgnenkPL++Owv1kkB7uLcWraahSr7r2UM8oVdrE4PGIhkFZYCXg3gok  
Yg/yZSdhi+QIvXjMZIyF927p1hlA/S53ZWEbq/E6YwqK/7ucJD04Z9Ya3OtyX/1L  
kw+EeS9KmU13ghTxU6ycHDPZAbQfnhMeFS3oAh8HlCG1NB06t/wbMHhiGBbziSM/  
4X69ZvNq4Yl4nNveoYzLKCiE5J7uw9J6kfqtWkVQrWujExThcGVhrTNdnnesFUIO  
90SksFlZXVo=IZtB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0888-01

Attackers are now using multiple types of distributed denial-of-service (DDoS) attacks to take down sites. Here are some ways to defend and protect.

Distributed denial-of-service (DDoS) attacks occur when an individual device, known as a bot, or a network of devices, known as a botnet, is infected with malware. These bots or botnets flood websites with increased traffic volumes over a period of hours or even days in an attempt to take services offline. Recently, hacktivist groups have begun leveraging DDoS attacks to extort site owners for financial, competitive advantage, or political reasons. This can represent a serious threat for enterprise businesses.

Planning and preparation are key to developing an effective DDoS defense. But first you need to understand how these attacks work.

**DDoS Attack Types**

New DDoS attack vectors emerge every day thanks to innovative artificial intelligence (AI) technology and a growing cybercrime ecosystem. But in general, there are three main types of DDoS attacks, each of which encompasses a variety of cyberattacks. The first is known as a volumetric attack, which primarily focuses on bandwidth and is designed to overwhelm the network layer with traffic. For example, domain name server (DNS) amplification attacks leverage open DNS servers to flood a target with DNS response traffic.

Another type of DDoS is a protocol attack, which exploits weaknesses in Layers 3 and 4 of the protocol stack, targeting critical resources. For example, synchronization packet floods (SYN) will consume all available server resources as a way to make servers unavailable.

Finally, a resource layer attack disrupts data transmission between hosts by targeting web application packets. For example, SQL injection attacks will insert malicious code into strings. These strings are subsequently passed to a SQL server to be parsed and executed.

And while these categories can cover a broad range of DDoS attacks, security teams also need to be aware that cybercriminals can compromise their networks by using multiple attack types from different categories.

**Protecting Against, Responding to DDoS Attacks**

When websites or servers go down, companies risk losing sales and customers, incurring high recovery costs and damaging their reputations. In some regions and industry sectors, they may even be subject to penalties and fines. Here are four ways to respond to DDoS attacks.

**1\. Evaluate Your Risks and Make Sure You're Protected**

The first step is to identify the publicly exposed applications within your organization. Make sure you note typical application behavior patterns so you can identify anomalies and respond accordingly. Because DDoS attacks typically spike during peak business seasons, such as the holidays, organizations should look for scalable DDoS protection services with advanced mitigation capabilities. Specific service features include traffic monitoring; adaptive real-time tuning; DDoS protection telemetry, monitoring, and alerting; and access to a rapid response team.

**2\. Get Prepared With a DDoS Response Strategy**

One proactive measure that all companies should take is to develop a rapid response strategy. Start by forming a DDoS rapid response team that knows how to identify, mitigate, and monitor attacks. This team should also be able to work with internal stakeholders and customers.

**3\. Identify Potential Weaknesses**

Use attack simulations to understand how your services will respond in the event of an attack. These simulations should confirm that your services or applications will be able to function normally without disrupting users' experiences, and they should happen during off-business hours or within a staging environment to minimize business impact. When conducting an attack simulation, make sure you identify potential technology and process gaps to inform your DDoS response strategy.

**4\. Respond, Learn, Adapt In the Face of Attacks**

In the event of an actual DDoS attack, contact an established DDoS response team or other technical professionals to conduct your attack investigation and post-attack analysis. This retrospective analysis is especially critical as it can help to clarify whether service or user disruptions were due to a lack of scalable architecture. Focus your evaluation on which applications or services experienced the greatest disruptions, as well as the effectiveness of your DDoS response strategy.

Of course, DDoS attacks are just one type of emerging cyberthreat. For more information on ongoing cybersecurity developments and best practices, check out Microsoft Security Insider.

4 Tips to Guard Against DDoS Attacks

Patch released for bug that poses a critical risk to vulnerable technologies

John Leyden 22 February 2023 at 14:23 UTC

Patch released for bug that poses a critical risk to vulnerable technologies

A security flaw in a bundle anti-malware scanner product has created a serious security risk for some products from networking giant Cisco.

More particularly, a vulnerability in the ClamAV scanning library (tracked as CVE-2023-20032) created a critical security risk for Cisco’s Secure Web Appliance as well as various versions of Cisco Secure Endpoint (including Windows, MacOS, Linux, and cloud).

Cisco released an advisory on the vulnerability – alongside patches for affected products – last week. Although the vulnerability is not under active attack, patching is nonetheless recommended.

The partition scanning buffer overflow vulnerability poses a critical risk to vulnerable technologies.

Catch up with the latest network security news and analysis

As explained in Cisco’s security advisory, a vulnerability in the HFS+ partition file parser of ClamAV creates a mechanism to push malicious code onto either endpoint devices or vulnerable instances of Cisco’s Secure Web Appliance.

The vulnerability, which stems from an absent buffer size check, creates a heap buffer overflow risk in scanning HFS+ partition file. An attacker might be able to create a malicious partition file before offering it up for scanning by ClamAV.

“A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition,” Cisco’s advisory explains.

**Use case**

ClamAV (Clam AntiVirus) is a free software, anti-malware toolkit originally developed for Unix. The technology - acquired by Cisco through an acquisition 10 years ago, has been ported to run on various operating systems including Linux, macOS, and Windows.

One of the main use cases for the technology is on mail servers as a server-side malware-in-email scanner.

However, Cisco has confirmed that neither its Secure Email Gateway nor its Secure Email and Web Manager appliances are vulnerable to this particular security bug.

**Who guards the guards?**

Any vulnerability in a security utility that allows potential miscreants to hack into affected devices show how tools designed to increase security can increase the attack surface exposed to potential attackers.

The security flaw in ClamAV’s HFS+ partition file parser, along with lesser a remote information leak vulnerability (tracked as CVE-2023-20052) in the DMG file parser of the same technology, were both discovered by Google engineer Simon Scannell. Google notified Cisco about security bugs in ClamAV last August.

An advisory by Google, posted on GitHub, offers a full technical run-down of the more serious CVE-2023-20032 vulnerability and its potential exploitation.

“We rate the vulnerability as high severity as the buffer overflow can be triggered when a scan is run with CL\_SCAN\_ARCHIVE enabled, which is enabled by default in most configurations.

“This feature is typically used to scan incoming emails on the backend of mail servers. As such, a remote, external, unauthenticated attacker can trigger this vulnerability,” Cisco’s advisory explains.

A technical blog post by German cybersecurity vendor ONEKEY concludes that the two flaws in ClamAV illustrate that “file format parsing is a difficult and complex endeavor”.

LIKED THIS ARTICLE? Sign up to our new newsletter – Daily Swig Deserialized

Cisco ClamAV anti-malware scanner vulnerable to serious security flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The list of shortcomings is as follows -

CVE-2022-47986 (CVSS score: 9.8) - IBM Aspera Faspex Code Execution Vulnerability
CVE-2022-41223 (CVSS score: 6.8) - Mitel MiVoice Connect Code Injection

Cyber Risk / Patch Management

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The list of shortcomings is as follows -

*   **CVE-2022-47986** (CVSS score: 9.8) - IBM Aspera Faspex Code Execution Vulnerability
*   **CVE-2022-41223** (CVSS score: 6.8) - Mitel MiVoice Connect Code Injection Vulnerability
*   **CVE-2022-40765** (CVSS score: 6.8) - Mitel MiVoice Connect Command Injection Vulnerability

CVE-2022-47986 is described as a YAML deserialization flaw in the file transfer solution that could allow a remote attacker to execute code on the system.

Details of the flaw and a proof-of-concept (PoC) were shared by Assetnote on February 2, a day after which the Shadowserver Foundation said it "picked up exploitation attempts" in the wild.

The active exploitation of the Aspera Faspex flaw comes shortly after a vulnerability in Fortra's GoAnywhere MFT-managed file transfer software (CVE-2023-0669) was abused by threat actors with potential links to the Clop ransomware operation.

CISA also added two flaws impacting Mitel MiVoice Connect (CVE-2022-41223 and CVE-2022-40765) that could permit an authenticated attacker with internal network access to execute arbitrary code.

Exact specifics surrounding the nature of the attacks are unclear. The vulnerabilities were patched by Mitel in October 2022.

In light of in-the-wild exploitation, Federal Civilian Executive Branch (FCEB) agencies are required to apply the necessary updates by March 14, 2023, to secure networks against potential threats.

CISA, in a related development, also released an Industrial Control Systems (ICS) advisory that relates to critical flaws (CVE-2022-26377 and CVE-2022-31813) in Mitsubishi Electric's MELSOFT iQ AppPortal.

"Successful exploitation of these vulnerabilities could allow a malicious attacker to make unidentified impacts such as authentication bypass, information disclosure, denial-of-service, or bypass IP address authentication," the agency said.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

U.S. Cybersecurity Agency CISA Adds Three New Vulnerabilities in KEV Catalog

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

Summary

Zipbomb resource exhaustion in Octopus Server (CVE-2022-2883)

Advisory Number

2023-01

Discovery Date

05 Nov 2022

Patch Release Date

06 Feb 2023

Advisory Release Date

14 Feb 2023

Product

Octopus Server

Operating System

Linux and Microsoft Windows

Severity

Medium

CVE ID

CVE-2022-2883

Customers who have downloaded and installed any of the Octopus Server versions listed below ("Details") are affected.

Please upgrade your Octopus Server immediately to fix this vulnerability.

Customers who have upgraded Octopus Server to version 2022.4.8423 or higher are not affected.

**Severity**

Octopus Deploy has given this vulnerability a medium rating. This rating was given according to the Octopus Deploy severity levels, which ranks vulnerabilities as critical, high, medium, or low severity.

This is our assessment and you should evaluate its applicability to your own environment.

**Details**

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

The versions of Octopus Server affected by this vulnerability are:

*   All 0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x versions
*   All 2018.x.x, 2019.x.x, 2020.x.x, 2021.x.x versions
*   All 2022.1.x, 2022.2.x versions
*   All 2022.3.x versions before 2022.3.11043
*   All 2022.4.x versions before 2022.4.8401

**Fix**

To address this vulnerability, we have released Octopus Server version:

*   2022.3.11043
*   2022.4.8401

The latest versions of Octopus Deploy products can be downloaded from https://octopus.com/downloads and previous versions can be downloaded from https://octopus.com/downloads/previous

**What You Need to Do**

Octopus Deploy recommends that you upgrade to the latest version (2022.4.8423). You can download the latest version of Octopus Server from https://octopus.com/downloads

**If you can't upgrade to the latest version (2022.4.8423):**

If you have feature version...

...then upgrade to this version

0.x.x, 1.x.x, 2.x.x, 3.x.x, 4.x.x

2022.3.11043 or greater

2018.x, 2019.x, 2020.x, 2021.x

2022.3.11043 or greater

2022.1.x, 2022.2.x

2022.3.11043 or greater

2022.3.x

2022.3.11043 or greater

2022.4.x

2022.4.8401 or greater

**Mitigation**

There is no known mitigation for CVE-2022-2883, it is important to upgrade to a fixed version as soon as possible.

**Support**

If you have any questions or concerns regarding this advisory, please contact our support team https://octopus.com/support.

**Exploitation and Public Announcements**

The Octopus Deploy security team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

**Source**

This vulnerability was found by Bartłomiej Górkiewicz

Tag

#dos