An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use this flaw to crash the QEMU process on the host causing a denial of service condition.

'2148506?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-4144: Invalid Bug ID

Elon Musk-owned Starlink, WhiteHouse.gov, and the Prince of Wales were targeted by Killnet in apparent retaliation for its support of Ukraine.

Killnet and its band of hacker collaborators are claiming they were able to pull off a trio of symbolic distributed denial-of-service (DDoS) attacks aimed at punishing some of the most critical supporters of Ukraine against the Russian invasion — Elon Musk's Starlink satellite broadband service and the websites of the White House in the US and the Prince of Wales in the UK. 

Researchers at Trustwave were able to find evidence corroborating the Russian-backed threat group's claims. 

Killnet claimed it took down Starlink service on Nov. 18, which has been critical for providing the Ukraine war effort with Internet connectivity. Indeed, Trustwave found Starlink customers on Reddit on the same day complaining they couldn't log in to their accounts for several hours. 

"You've been waiting for this comrades," Killnet posted on Telegram, according to Trustwave. "Collective DDoS attack on Starlink! No one can log into Starlink." 

Other threat groups, and known past Killnet collaborators, also claimed they were involved in the Starlink and other DDoS takedowns, including Anonymous Russian, Msidstress, Radis, Mrai, and Halva. 

**White House, Prince of Wales' Websites Targeted **

Besides Starlink, Killnet also bragged that it was able to successfully run "30 minutes of a test attack" on the White House's website on Nov. 17. 

"Of course, we wanted to take longer, but did not take into account the intensity of the request filtering system," Killnet added. "But!!! The White House was banged up in front of everyone!" 

Trustwave added that the White House uses military-grade protection against DDoS attacks from Automattic. 

Days later, on Nov. 22, the group launched yet another DDoS attack, this time against the Prince of Wales' site, and warned that the UK healthcare system would be next, the Trustwave team reported. Killnet also threatened future attacks against the London Stock Exchange, the British Army, and more. 

Along with its claim of the UK DDoS attack, Killnet added ominously, "today it does not work, perhaps this is due to the supply of high-precision missiles to Ukraine!" 

Although the targets are ambitious, Trustwave said Killnet and its cybercrime cohort aren't advanced enough to pull off more than basic DDoS attacks. 

"We should expect to see more of these low skill attacks from Killnet targeting an ever-growing list of targets that it considers to be in opposition to Russian interests," Trustwave said in its Tuesday report on the Killnet DDoS attacks. "However, it remains to be seen whether the group can graduate to attacks that cause damage, exfiltrate data, or do more than take down a website for a short period of time."

Killnet Gloats About DDoS Attacks Downing Starlink, White House

**SINGAPORE, Nov. 29, 2022 /PRNewswire/ —** CDNetworks, the global-leading CDN (Content Delivery Network) and Edge Service Provider, released its annual State of Web Security Report for H1 2022. The Security Report notes that distributed denial-of-service (DDoS), bot, and Application Programming Interface (API) attacks increased at an alarming rate in H1 2022. Web application attacks also increased over the same period, but at a much slower rate than DDoS attacks. CDNetworks believes this trend shows that security tools focusing on single attacks are no longer effective against today's multiple cyber threat landscape. Leveraging a comprehensive security solution has never played a more important role for businesses and individuals.

**Surging Trend for All Types of Attacks:**

Of particular note are the following indicators noted in the Security Report:

*   The level of DDoS attacks topped 2.09 TBPS, which broke the record level of traffic-induced DDoS attacks.
*   The number of web application attacks increased by 12.56% over the same period last year, reaching 62.8875 million per day.
*   Malicious bot attacks surged 2.27 times over the same period in 2021, with 77.366 billion incidents recorded.
*   The number of API attacks had a 168.80% increase over the same period in 2021, with 9.0865 million API attacks blocked daily in H1 2021.

The Security Report goes on to say that data generated by the CDNetworks' security platform shows that risks of data breaches continue to escalate. This risk stems from the fact that increasing amounts of data and devices are being exposed to the network, making them vulnerable to the dual threat of external attacks and internal breaches. At the same time, API security threats continue to rise at breakneck speed, and the security challenges they present exceed those of traditional webpages. The end result is confirmation that the cybersecurity environment continues to change dramatically.

"As enterprises shift their business to the cloud, we found that some traditional web-protection rules no longer offer the capabilities they once did in combatting today's complex and virulent cyberthreats. What enterprises actually need are security solutions that address cloud and hybrid environments holistically in a comprehensive and systematic security architecture." said Doyle Deng, head of Global Marketing and Product of CDNetworks. "For this reason, we strongly recommend that enterprises adopt CDNetworks' WAAP services to secure their data and their business with more beyond rule-based web protections. Features such as web application firewall, DDoS protection, bot management, and API management capabilities empower enterprise users of our WAAP services to establish a comprehensive cornerstone that has been proven effective in combatting API and web application attacks."

The Security Report also monitored security associated with telecommuting within today's enterprises. As the long-term global impact of COVID-19 takes hold, organizations are starting to accept remote a remote workforce and cloud-based applications as an alternative to on-premise workers. The Security Report compared policies governing centrally managed corporate devices to policies aimed at Bring Your Own Devices (BYODs), which allow employees to use their own devices — phone, laptop, tablet, or other device — to access business applications and data, rather than forcing employees to use company-provided devices for that purpose. The Security Report found that BYOD rules generally lack a clear security management policy, making them vulnerable to targeted hacking attacks. To address this, CDNetworks recommends that enterprises select Enterprise Secure Access (ESA), our zero-trust access solution, to establish a secure, efficient, and easy-to-use hybrid networking environment.

Click here to download State of Web Security Report for H1 2022 or visit at www.cdnetworks.com.

**About CDNetworks  
**As a global-leading CDN (Content Delivery Network) and Edge Service provider, CDNetworks delivers fully integrated cloud and edge computing solutions with unparalleled speed, ultra-low latency, rigorous security and reliability. Our diverse products and services include web performance, media delivery, enterprise applications, cloud security, and colocation services — all of which are designed to spur business innovation.

CDNetworks Releases State of Web Security H1 2022: Attacks Against API Services Surged 168.8%

Ubuntu Security Notice 5747-1 - It was discovered that Bind incorrectly handled large query name when using lightweight resolver protocol. A remote attacker could use this issue to consume resources, leading to a denial of service. It was discovered that Bind incorrectly handled large zone data size received via AXFR response. A remote authenticated attacker could use this issue to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS.

    =========================================================================Ubuntu Security Notice USN-5747-1November 29, 2022bind9 vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESM- Ubuntu 14.04 ESMSummary:Several security issues were fixed in Bind.Software Description:- bind9: Internet Domain Name ServerDetails:It was discovered that Bind incorrectly handled large query name when usinglightweight resolver protocol. A remote attacker could use this issue toconsume resources, leading to a denial of service. (CVE-2016-2775)It was discovered that Bind incorrectly handled large zone data sizereceived via AXFR response. A remote authenticated attacker could use thisissue to consume resources, leading to a denial of service. This issue onlyaffected Ubuntu 16.04 LTS. (CVE-2016-6170)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:  bind9                           1:9.10.3.dfsg.P4-8ubuntu1.19+esm5  lwresd                          1:9.10.3.dfsg.P4-8ubuntu1.19+esm5Ubuntu 14.04 ESM:  bind9                           1:9.9.5.dfsg-3ubuntu0.19+esm9  lwresd                          1:9.9.5.dfsg-3ubuntu0.19+esm9In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5747-1  CVE-2016-2775, CVE-2016-6170

Ubuntu Security Notice USN-5747-1

Red Hat Security Advisory 2022-8626-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.11.17. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: OpenShift Container Platform 4.11.17 packages and security update  
Advisory ID:       RHSA-2022:8626-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8626  
Issue date:        2022-11-28  
CVE Names:         CVE-2022-1705 CVE-2022-27664 CVE-2022-32148  
                   CVE-2022-32189  
====================================================================  
1. Summary:

Red Hat OpenShift Container Platform release 4.11.17 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.11.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Ironic content for Red Hat OpenShift Container Platform 4.11 - noarch  
Red Hat OpenShift Container Platform 4.11 - aarch64, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.11.17. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHBA-2022:8627

Security Fix(es):

* golang: net/http: improper sanitization of Transfer-Encoding header  
(CVE-2022-1705)  
* golang: net/http: handle server errors after sending GOAWAY  
(CVE-2022-27664)  
* golang: net/http/httputil: NewSingleHostReverseProxy - omit  
X-Forwarded-For not working (CVE-2022-32148)  
* golang: math/big: decoding big.Float and big.Rat types can panic if the  
encoded message is too short, potentially allowing a denial of service  
(CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

All OpenShift Container Platform 4.11 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

4. Solution:

See the following documentation, which will be updated shortly for this  
release, for important instructions on how to upgrade your cluster and  
fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html

Details on how to access this content are available at  
https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header  
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working  
2113814 - CVE-2022-32189 golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service  
2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY

6. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-4045 - Placeholder bug for OCP 4.11.0 rpm release

7. Package List:

Red Hat OpenShift Container Platform 4.11:

Source:  
cri-o-1.24.3-6.rhaos4.11.gitc4567c0.el8.src.rpm  
cri-tools-1.24.2-7.el8.src.rpm  
ignition-2.14.0-5.rhaos4.11.el8.src.rpm  
openshift-4.11.0-202211091106.p0.g5658434.assembly.stream.el8.src.rpm

aarch64:  
cri-o-1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64.rpm  
cri-o-debuginfo-1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64.rpm  
cri-o-debugsource-1.24.3-6.rhaos4.11.gitc4567c0.el8.aarch64.rpm  
cri-tools-1.24.2-7.el8.aarch64.rpm  
cri-tools-debuginfo-1.24.2-7.el8.aarch64.rpm  
cri-tools-debugsource-1.24.2-7.el8.aarch64.rpm  
ignition-2.14.0-5.rhaos4.11.el8.aarch64.rpm  
ignition-debuginfo-2.14.0-5.rhaos4.11.el8.aarch64.rpm  
ignition-debugsource-2.14.0-5.rhaos4.11.el8.aarch64.rpm  
ignition-validate-2.14.0-5.rhaos4.11.el8.aarch64.rpm  
ignition-validate-debuginfo-2.14.0-5.rhaos4.11.el8.aarch64.rpm  
openshift-hyperkube-4.11.0-202211091106.p0.g5658434.assembly.stream.el8.aarch64.rpm

ppc64le:  
cri-o-1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le.rpm  
cri-o-debuginfo-1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le.rpm  
cri-o-debugsource-1.24.3-6.rhaos4.11.gitc4567c0.el8.ppc64le.rpm  
cri-tools-1.24.2-7.el8.ppc64le.rpm  
cri-tools-debuginfo-1.24.2-7.el8.ppc64le.rpm  
cri-tools-debugsource-1.24.2-7.el8.ppc64le.rpm  
ignition-2.14.0-5.rhaos4.11.el8.ppc64le.rpm  
ignition-debuginfo-2.14.0-5.rhaos4.11.el8.ppc64le.rpm  
ignition-debugsource-2.14.0-5.rhaos4.11.el8.ppc64le.rpm  
ignition-validate-2.14.0-5.rhaos4.11.el8.ppc64le.rpm  
ignition-validate-debuginfo-2.14.0-5.rhaos4.11.el8.ppc64le.rpm  
openshift-hyperkube-4.11.0-202211091106.p0.g5658434.assembly.stream.el8.ppc64le.rpm

s390x:  
cri-o-1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x.rpm  
cri-o-debuginfo-1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x.rpm  
cri-o-debugsource-1.24.3-6.rhaos4.11.gitc4567c0.el8.s390x.rpm  
cri-tools-1.24.2-7.el8.s390x.rpm  
cri-tools-debuginfo-1.24.2-7.el8.s390x.rpm  
cri-tools-debugsource-1.24.2-7.el8.s390x.rpm  
ignition-2.14.0-5.rhaos4.11.el8.s390x.rpm  
ignition-debuginfo-2.14.0-5.rhaos4.11.el8.s390x.rpm  
ignition-debugsource-2.14.0-5.rhaos4.11.el8.s390x.rpm  
ignition-validate-2.14.0-5.rhaos4.11.el8.s390x.rpm  
ignition-validate-debuginfo-2.14.0-5.rhaos4.11.el8.s390x.rpm  
openshift-hyperkube-4.11.0-202211091106.p0.g5658434.assembly.stream.el8.s390x.rpm

x86_64:  
cri-o-1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64.rpm  
cri-o-debuginfo-1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64.rpm  
cri-o-debugsource-1.24.3-6.rhaos4.11.gitc4567c0.el8.x86_64.rpm  
cri-tools-1.24.2-7.el8.x86_64.rpm  
cri-tools-debuginfo-1.24.2-7.el8.x86_64.rpm  
cri-tools-debugsource-1.24.2-7.el8.x86_64.rpm  
ignition-2.14.0-5.rhaos4.11.el8.x86_64.rpm  
ignition-debuginfo-2.14.0-5.rhaos4.11.el8.x86_64.rpm  
ignition-debugsource-2.14.0-5.rhaos4.11.el8.x86_64.rpm  
ignition-validate-2.14.0-5.rhaos4.11.el8.x86_64.rpm  
ignition-validate-debuginfo-2.14.0-5.rhaos4.11.el8.x86_64.rpm  
openshift-hyperkube-4.11.0-202211091106.p0.g5658434.assembly.stream.el8.x86_64.rpm

Ironic content for Red Hat OpenShift Container Platform 4.11:

Source:  
python-sushy-4.1.3-0.20221107175431.1da4385.el8.src.rpm

noarch:  
python3-sushy-4.1.3-0.20221107175431.1da4385.el8.noarch.rpm  
python3-sushy-tests-4.1.3-0.20221107175431.1da4385.el8.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

8. References:

https://access.redhat.com/security/cve/CVE-2022-1705  
https://access.redhat.com/security/cve/CVE-2022-27664  
https://access.redhat.com/security/cve/CVE-2022-32148  
https://access.redhat.com/security/cve/CVE-2022-32189  
https://access.redhat.com/security/updates/classification/#moderate

9. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY4VYhNzjgjWX9erEAQja3w//SpGVkdh3DbiwJytwD2xygkLQ9lnybO7V  
mbhbYXg25XtJgLt0JwnzQ1QD3DeXud1dSKodJBmsWearHxM+I++MCIYZBmUmpZT3  
7bLFBOYizpqr35G/cYb0QiPyL+HTx0h6ybXnV30YabgS1eaC1Q+002iGlWHOB3UT  
Pk0wMpTc6+VWz7R5G0ywqiA7ymGUjfpxXvpxeLS9dOxPCsbc2W4AX8yck4INbfsj  
iQu66yg8i1jQmhCwZhShR30TR1IA5uZRCL0DewQWtsrpoAje8ZzuCAdo/C85Q8jH  
CK0C29hT0RitSJA7s8nxae9tYOLYhj7r6wotieY9B2FxSf28peL0CrsUJm5JL1G9  
4770bJcZw8a726apeywYmEWHdj/ZWoHLnBik0YFP6k/pGayeuJ2+GqXNL9eev4Ed  
Sp8PZsySPPvbZoJ0iL0t/vPqtzxQObtpkSdqsSie2+veM3mTND+4nMITp/ZQdKSJ  
T+mTY7VaUTy5GXb2+KBCJh5Sxq8viyLWugfcjRVGmViDIMf44UoKrB8h1RdOU+oW  
UC4la3c81/OFyOTDVGPU62UZuxwj2Y7yVN3tiGAEVVhH1FGvgDt/9aNDR7xMcHED  
J7Abv0hZqxH+ii1t9uJxUTp27p/MM+4iRDnt6OovG7SBIgbI5FejRzwjYVm52Jpu  
bXi0txh67oM=1Pf1  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8626-01

Ubuntu Security Notice 5746-1 - Behzad Najjarpour Jabbari discovered that HarfBuzz incorrectly handled certain inputs. A remote attacker could possibly use this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-5746-1November 28, 2022harfbuzz vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:HarfBuzz could be made to crash if it received specially craftedinput.Software Description:- harfbuzz: OpenType text shaping engineDetails:Behzad Najjarpour Jabbari discovered that HarfBuzz incorrectly handledcertain inputs. A remote attacker could possibly use this issue to causea denial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:   libharfbuzz-bin                 1.0.1-1ubuntu0.1+esm1   libharfbuzz0b                   1.0.1-1ubuntu0.1+esm1In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5746-1   CVE-2015-9274

Ubuntu Security Notice USN-5746-1

Debian Linux Security Advisory 5291-1 - Multiple security issues were discovered in MuJS, a lightweight JavaScript interpreter, which could result in denial of service and potentially the execution of arbitrary code.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5291-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffNovember 28, 2022                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : mujsCVE ID         : CVE-2022-30974 CVE-2022-30975 CVE-2022-44789Multiple security issues were discovered in MuJS, a lightweightJavaScript interpreter, which could result in denial of serviceand potentially the execution of arbitrary code.For the stable distribution (bullseye), these problems have been fixed inversion 1.1.0-1+deb11u2.We recommend that you upgrade your mujs packages.For the detailed security status of mujs please refer toits security tracker page at:https://security-tracker.debian.org/tracker/mujsFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmOFDJYACgkQEMKTtsN8TjaAig//ZqldnlH6KJxGSEtnKDeH6ep71yuIrKCTe1D0Y43ZW/NEkwkY9dAXxYO0np5uz7BqTZwgyU17nHuVD9TKvO0shPdMQw1qHI1kza+16w1g5aJ4QWKtURFQjJ7rb/BS3HgGCBRjQ7NVM126WzVNobiBnkrJqab/Bsi7vvZdu7KPubXpc3OivwAa4uA9Dfb7awFoZTTS8eunAH8hKl6/UiY7rTXrQuLBinXeIiNPH38aeEKr+9MWehSRdEPsT8tQoUsE0HYj0pgj+gAu0IZyRwz8O/9mT909N7vUgqHDsTgC0ej5+MTSTM50s5aXMGBOAjQTpx1eRJePylo3T0RhsV/LM2rF9Jx/7PSuiX+ySqYkHJgLll846RxWJfQLHdIY6Nx6Jkk4gAxIFPEa+Skum62zZTg1QUsCHC0sJizhn5Jtlj4EfwusbMDJm734JNkXHZ5kV8zl0piDK4F546p8pB0AuLa2iWiy4kz8TOxwQ6f5h+UrCnWG/jvAtgJw5gADyjmoxsAZMIdKe3Xb4n8fGE8LX1qutYkx2k857ZAJXNrJUPycmcYozy4KOAlf15Aj6vzrXhgEjUFJCppOUMosOi01pMSmC7HhKjnpyuGJwU3auVkHaCemmyck6y6BfZwfxU/gRE4x5GFlIH3GTuWrYENUvpxI4weInZb/xbEWWouwklw=oEne-----END PGP SIGNATURE-----

Debian Security Advisory 5291-1

Red Hat Security Advisory 2022-8652-01 - This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat Fuse 7.11 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include bypass, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Fuse 7.11.1 release and security update  
Advisory ID:       RHSA-2022:8652-01  
Product:           Red Hat JBoss Fuse  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8652  
Issue date:        2022-11-28  
CVE Names:         CVE-2019-8331 CVE-2021-3717 CVE-2021-31684  
                   CVE-2021-44906 CVE-2022-0613 CVE-2022-2048  
                   CVE-2022-2053 CVE-2022-24723 CVE-2022-24785  
                   CVE-2022-24823 CVE-2022-25857 CVE-2022-31129  
                   CVE-2022-31197 CVE-2022-33980 CVE-2022-38749  
                   CVE-2022-41853 CVE-2022-42889  
====================================================================  
1. Summary:

A minor version update (from 7.11 to 7.11.1) is now available for Red Hat  
Fuse. The purpose of this text-only errata is to inform you about the  
security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

This release of Red Hat Fuse 7.11.1 serves as a replacement for Red Hat  
Fuse 7.11 and includes bug fixes and enhancements, which are documented in  
the Release Notes document linked in the References.

Security Fix(es):

* hsqldb: Untrusted input may lead to RCE attack [fuse-7] (CVE-2022-41853)

* io.hawt-hawtio-online: bootstrap: XSS in the tooltip or popover  
data-template attribute [fuse-7] (CVE-2019-8331)

* io.hawt-project: bootstrap: XSS in the tooltip or popover data-template  
attribute [fuse-7] (CVE-2019-8331)

* wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving  
access to all the local users [fuse-7] (CVE-2021-3717)

* json-smart: Denial of Service in JSONParserByteArray function [fuse-7]  
(CVE-2021-31684)

* io.hawt-hawtio-integration: minimist: prototype pollution [fuse-7]  
(CVE-2021-44906)

* urijs: Authorization Bypass Through User-Controlled Key [fuse-7]  
(CVE-2022-0613)

* http2-server: Invalid HTTP/2 requests cause DoS [fuse-7] (CVE-2022-2048)

* snakeyaml: Denial of Service due to missing nested depth limitation for  
collections [fuse-7] (CVE-2022-25857)

* urijs: Leading white space bypasses protocol validation [fuse-7]  
(CVE-2022-24723)

* Moment.js: Path traversal in moment.locale [fuse-7] (CVE-2022-24785)

* netty: world readable temporary file containing sensitive data [fuse-7]  
(CVE-2022-24823)

* jdbc-postgresql: postgresql: SQL Injection in ResultSet.refreshRow() with  
malicious column names [fuse-7] (CVE-2022-31197)

* commons-configuration2: apache-commons-configuration: Apache Commons  
Configuration insecure interpolation defaults [fuse-7] (CVE-2022-33980)

* commons-text: apache-commons-text: variable interpolation RCE [fuse-7]  
(CVE-2022-42889)

* undertow: Large AJP request may cause DoS [fuse-7] (CVE-2022-2053)

* moment: inefficient parsing algorithm resulting in DoS [fuse-7]  
(CVE-2022-31129)

* snakeyaml: Uncaught exception in  
org.yaml.snakeyaml.composer.Composer.composeSequenceNode [fuse-7]  
(CVE-2022-38749)

For more details about the security issues, including the impact, CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including  
all applications, configuration files, databases and database settings, and  
so on.

Installation instructions are available from the Fuse 7.11.1 product  
documentation page:  
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

4. Bugs fixed (https://bugzilla.redhat.com/):

1686454 - CVE-2019-8331 bootstrap: XSS in the tooltip or popover data-template attribute  
1991305 - CVE-2021-3717 wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users  
2055496 - CVE-2022-0613 urijs: Authorization Bypass Through User-Controlled Key  
2062370 - CVE-2022-24723 urijs: Leading white space bypasses protocol validation  
2066009 - CVE-2021-44906 minimist: prototype pollution  
2072009 - CVE-2022-24785 Moment.js: Path traversal  in moment.locale  
2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data  
2095862 - CVE-2022-2053 undertow: Large AJP request may cause DoS  
2102695 - CVE-2021-31684 json-smart: Denial of Service in JSONParserByteArray function  
2105067 - CVE-2022-33980 apache-commons-configuration: Apache Commons Configuration insecure interpolation defaults  
2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS  
2116952 - CVE-2022-2048 http2-server: Invalid HTTP/2 requests cause DoS  
2126789 - CVE-2022-25857 snakeyaml: Denial of Service due to missing nested depth limitation for collections  
2129428 - CVE-2022-31197 postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names  
2129706 - CVE-2022-38749 snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode  
2135435 - CVE-2022-42889 apache-commons-text: variable interpolation RCE  
2136141 - CVE-2022-41853 hsqldb: Untrusted input may lead to RCE attack

5. References:

https://access.redhat.com/security/cve/CVE-2019-8331  
https://access.redhat.com/security/cve/CVE-2021-3717  
https://access.redhat.com/security/cve/CVE-2021-31684  
https://access.redhat.com/security/cve/CVE-2021-44906  
https://access.redhat.com/security/cve/CVE-2022-0613  
https://access.redhat.com/security/cve/CVE-2022-2048  
https://access.redhat.com/security/cve/CVE-2022-2053  
https://access.redhat.com/security/cve/CVE-2022-24723  
https://access.redhat.com/security/cve/CVE-2022-24785  
https://access.redhat.com/security/cve/CVE-2022-24823  
https://access.redhat.com/security/cve/CVE-2022-25857  
https://access.redhat.com/security/cve/CVE-2022-31129  
https://access.redhat.com/security/cve/CVE-2022-31197  
https://access.redhat.com/security/cve/CVE-2022-33980  
https://access.redhat.com/security/cve/CVE-2022-38749  
https://access.redhat.com/security/cve/CVE-2022-41853  
https://access.redhat.com/security/cve/CVE-2022-42889  
https://access.redhat.com/security/updates/classification/#important

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY4UEJdzjgjWX9erEAQg9jw//bHEzcxXGN9kNp1msJRaz6iQEu7dv9TYV  
N1lsrfJEc/fosdjIilTzia9hKhMVvbC6iv6lWGc6s3E9t48vGdSYLHbh+qHnFo7t  
WtrjZnejl53WYwRc70oyeUmXTNrrd9iuATkvkFF6MA024hcJFksuiHmF5/Awa9T8  
sSsLbm5eutvBz1rBDGgcq4fDCFB40YmKsLKhzHrV0SpeZKTCgwNyzvpAVVlsxXhk  
OSSCmda+ZTxkA9+gaTsJqqeBeDgHhSL+PVzWOYuRM6wT49tkwSJHfBs9EgV55IjE  
IVOQm3oGUyMSGBjbbiD8NuYEQkAip8AK0eTIQbaWW4n9geXpw5VOh/E3U8u+a9xY  
h0pAs6ACta+fD3d9hSabTkDDno6NU94bcmKh2rfpNvj6h9UX0Ca0lKMZ25t6zUln  
2OHzLhilUnbOSwnE709NBaEaI4t/aev1TBpeZ1KFpn/6Mdbx6pvjuh76kCHwdg7o  
OVsrvplG6hJ93S5vNNYxwfcL7TFNyWBcHR0Em7D51zZ87HkzYcNh9Ay481BgXGz+  
z2N71zc+h0auaMo5bnL68hMSjFmhiMWZmfy1H8w2Sz6fol8iO/aYI/ddv/8aYP1k  
3ZMY7ygpkvcryPaz7VKixbX7yZNOI2gfXl2zDSvIoOjaajND4ctdidxJ9MeZYj6r  
WzRyyCDzfVo=IsTh  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8652-01

A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.

CVE-2022-4129: Serialize access to sk_user_data with sk_callback_lock

Sunday, 4 December 2022 Sun, 4 Dec '22

7:33 p.m.

\-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-b36cd53dca 2022-12-05 01:32:32.254801 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 35 Version : 6.0.11 Release : 100.fc35 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 6.0.11 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: \* Fri Dec 2 2022 Justin M. Forbes <jforbes(a)fedoraproject.org&gt; \[6.0.11-0\] - drm/i915: fix TLB invalidation for Gen12 video and compute engines (Andrzej Hajda) - l2tp: Serialize access to sk\_user\_data with sk\_callback\_lock (Jakub Sitnicki) - Adjust path to compressed vmlinux kernel image for s390x (Justin M. Forbes) \[2149273\] - Linux v6.0.11 -------------------------------------------------------------------------------- References: \[ 1 \] Bug #2134528 - CVE-2022-4129 kernel: l2tp: missing lock when clearing sk\_user\_data can lead to NULL pointer dereference https://bugzilla.redhat.com/show\_bug.cgi?id=2134528 \[ 2 \] Bug #2147572 - CVE-2022-4139 kernel: i915: Incorrect GPU TLB flush can lead to random memory access https://bugzilla.redhat.com/show\_bug.cgi?id=2147572 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-b36cd53dca' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command\_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------

Tag

#dos