Red Hat Security Advisory 2022-5620-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: 389-ds:1.4 security update  
Advisory ID:       RHSA-2022:5620-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5620  
Issue date:        2022-07-19  
CVE Names:         CVE-2022-0918 CVE-2022-0996  
====================================================================  
1. Summary:

An update for the 389-ds:1.4 module is now available for Red Hat Enterprise  
Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The  
base packages include the Lightweight Directory Access Protocol (LDAP)  
server and command-line utilities for server administration.

Security Fix(es):

* 389-ds-base: sending crafted message could result in DoS (CVE-2022-0918)

* 389-ds-base: expired password was still allowed to access the database  
(CVE-2022-0996)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2055815 - CVE-2022-0918 389-ds-base: sending crafted message could result in DoS  
2064769 - CVE-2022-0996 389-ds-base: expired password was still allowed to access the database

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.4):

Source:  
389-ds-base-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.src.rpm

aarch64:  
389-ds-base-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-debugsource-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-devel-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-legacy-tools-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-legacy-tools-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-libs-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-libs-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-snmp-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm  
389-ds-base-snmp-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.aarch64.rpm

noarch:  
python3-lib389-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.noarch.rpm

ppc64le:  
389-ds-base-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-debugsource-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-devel-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-legacy-tools-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-legacy-tools-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-libs-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-libs-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-snmp-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm  
389-ds-base-snmp-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.ppc64le.rpm

s390x:  
389-ds-base-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-debugsource-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-devel-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-legacy-tools-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-legacy-tools-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-libs-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-libs-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-snmp-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm  
389-ds-base-snmp-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.s390x.rpm

x86_64:  
389-ds-base-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-debugsource-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-devel-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-legacy-tools-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-legacy-tools-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-libs-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-libs-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-snmp-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm  
389-ds-base-snmp-debuginfo-1.4.3.16-21.module+el8.4.0+15657+e1585ac1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-0918  
https://access.redhat.com/security/cve/CVE-2022-0996  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFjp9zjgjWX9erEAQibcA//e7IoFJtT3qHISfZJUx251gk6a5U6OASl  
lPn3Lj1K0WNjFyC2qKMgO95wsVXGX8ZlFpZk8e7wKZCnIvOhKQr/BHpWx7p4X5Zn  
dngICO7dqyX7Md36ZLXQT3AUFQGslBzUj+iEx3lQHOitF9PBpcqe6TIVRR/Yo2aQ  
mtp5bKR/YzcQZ1AK6R/K5H4d25vjoCoIW5IMtGM5MrLdc5rFFOY35CMOLVU1eqMR  
SfdNdPyt3WGsvmi6BoGDG8Sc+VEX17LqbbkEQRESIeGSiwhjzgp5mJUhiNvQdNNl  
yIYOnPzC8usPYtApHtS/heDtBzdI9OsjIPcuCfUqjTp28T4kmFgMUBB4z9H8WsJZ  
u1G9daAKQkl+Q5Qx/xGJQwOXprHUw6OmWyZhZ7pu9sB4dJV3GdCTry+nMX8suLrn  
E7aizjuY+bofNl2qMe3W0E8AB5GoYE2HqP8Q5MATZgHU5BpqnclO2DCCQlSp7qCV  
IxLUR5WvIBXXj0TehH5FtplsLOmsTdbIyYIkudmIQaUiMnanYqabDC0sUUTC2Gbu  
d1fPl+aPIcOmPBuREParIbgqpuAI7sUJKpP/6jDIrw+2nCMiMni/pRV3etXEPTzk  
fEkVObM9uRQNpDpVZoXCnB9FEI7dpuTAi3Re9cW94iY2NvR4VecVa724coqd7yBm  
FfNJHVck/d0=OWXq  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5620-01

Red Hat Security Advisory 2022-5556-01 - Logging Subsystem 5.4.3 has security updates. Issues addressed include denial of service and out of bounds read vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: Logging Subsystem 5.4.3 - Red Hat OpenShift security update  
Advisory ID:       RHSA-2022:5556-01  
Product:           RHOL  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5556  
Issue date:        2022-07-18  
CVE Names:         CVE-2020-28915 CVE-2021-38561 CVE-2021-40528  
                   CVE-2022-1271 CVE-2022-1621 CVE-2022-1629  
                   CVE-2022-22576 CVE-2022-25313 CVE-2022-25314  
                   CVE-2022-26691 CVE-2022-27666 CVE-2022-27774  
                   CVE-2022-27776 CVE-2022-27782 CVE-2022-29824  
====================================================================  
1. Summary:

Logging Subsystem 5.4.3 - Red Hat OpenShift

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Logging Subsystem 5.4.3 - Red Hat OpenShift

Security Fix(es):

* golang: out-of-bounds read in golang.org/x/text/language leads to DoS  
(CVE-2021-38561)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

For OpenShift Container Platform 4.10 see the following documentation,  
which will be updated shortly, for detailed release notes:

https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html

For Red Hat OpenShift Logging 5.4, see the following instructions to apply  
this update:

https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS

5. JIRA issues fixed (https://issues.jboss.org/):

LOG-2536 - Setting up ODF S3 for loki  
LOG-2640 - [release-5.4] FluentdQueueLengthIncreasing rule failing to be evaluated.  
LOG-2757 - [release-5.4] index rollover cronjob fails on openshift-logging operator  
LOG-2762 - [release-5.4]Events and CLO csv are not collected after running `oc adm must-gather --image=$downstream-clo-image `  
LOG-2780 - Loki cannot send logs after upgrade to 5.4.3 from 5.4.2 with 'http'  
LOG-2781 - OpenShift Logging Dashboard for Elastic Shards shows "active_primary" instead of "active" shards.  
LOG-2786 - [release-5.4] Token not added to Vector config when forwarding logs to Lokistack with Token+CA bundle.  
LOG-2791 - [release-5.4] ElasticSearch operator does not respect referencePolicy when selecting oauth-proxy image

6. References:

https://access.redhat.com/security/cve/CVE-2020-28915  
https://access.redhat.com/security/cve/CVE-2021-38561  
https://access.redhat.com/security/cve/CVE-2021-40528  
https://access.redhat.com/security/cve/CVE-2022-1271  
https://access.redhat.com/security/cve/CVE-2022-1621  
https://access.redhat.com/security/cve/CVE-2022-1629  
https://access.redhat.com/security/cve/CVE-2022-22576  
https://access.redhat.com/security/cve/CVE-2022-25313  
https://access.redhat.com/security/cve/CVE-2022-25314  
https://access.redhat.com/security/cve/CVE-2022-26691  
https://access.redhat.com/security/cve/CVE-2022-27666  
https://access.redhat.com/security/cve/CVE-2022-27774  
https://access.redhat.com/security/cve/CVE-2022-27776  
https://access.redhat.com/security/cve/CVE-2022-27782  
https://access.redhat.com/security/cve/CVE-2022-29824  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkANzjgjWX9erEAQj0ZRAAn4XL+QhuyVQ5G+XzACk10EOuIUfBONR7  
BWzj5OkoIb1x5FMvRAaeUyilnh9klyM0940AG2pmkqNCAtnkTX5SnJJTHAzzJkon  
tg55o71rOhQiOR5DaaqY7PXL/eXE7UP9QmpPK05qVJMklFvgwuNR+ETBcyKC7Yxy  
ic8Chqtt4rLMsYAQRwfsL5rYoL6sssj4yIp/dCgjl2J0hcMnkFejP2nHLuT4npFl  
IoxkWd6ipXEmV7NjtcFgp2rw3v2a45tvt2KhDt9drCMLdckYlMi10tKyr3JfoW/A  
yjzF9JfrEXYv4+ZUaQecKS/hjD9eQtydIF8uGB5gYPmq2qGD6fASXgc2z2FJH23j  
DTEIdJb2R9jqCqZPVB5addeyt/LY6hLi7CG2HOl6uK6p9mmDj/JASPdXVf02qD25  
F7SbfCsFDzvykXbFdXsbszMku92aStFW6c0PlBmDYY93+uAZfj2+QB+at2J8v+4g  
cPEZHrar++fM96ubtP3ABxGqSpCMVErqeGinPN2geDy49ZWMQTjxwRfK3epO9Vkf  
9+JdwuEahDtjo8eZji6djUN1xw5ARftrukS5mqYAlgrcl8EImsFuM2+Y1Boz5w0S  
uUCxE0cXU2oc6x26fy4zKbssvj6tl31qJKZAc39t+xOJYm/F0yit+psNWoNzqx2q  
eBX5tmvYQ+s=9knG  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5556-01

Red Hat Security Advisory 2022-5596-01 - This release of Red Hat build of Quarkus 2.7.6 includes security updates, bug fixes, and enhancements. Issues addressed include a denial of service vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256====================================================================                   Red Hat Security AdvisorySynopsis:          Moderate: Red Hat build of Quarkus 2.7.6 release and security updateAdvisory ID:       RHSA-2022:5596-01Product:           Red Hat build of QuarkusAdvisory URL:      https://access.redhat.com/errata/RHSA-2022:5596Issue date:        2022-07-19CVE Names:         CVE-2020-36518====================================================================1. Summary:An update is now available for Red Hat build of Quarkus. Red Hat ProductSecurity has rated this update as having a security impact of Moderate. ACommon Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability. For moreinformation, see the CVE links in the References section.2. Description:This release of Red Hat build of Quarkus 2.7.6 includes security updates,bugfixes, and enhancements. For more information, see the release notes pagelistedin the References section.Security Fix(es):* CVE-2020-36518 jackson-databind: denial of service via a large depth ofnested objects [quarkus-2]3. Solution:Before applying the update, back up your existing installation, includingallapplications, configuration files, databases and database settings, and soon.The References section of this erratum contains a download link for theupdate.You must be logged in to download the update.4. Bugs fixed (https://bugzilla.redhat.com/):2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects5. References:https://access.redhat.com/security/cve/CVE-2020-36518https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_build_of_quarkus/2.7/https://access.redhat.com/articles/49661816. Contact:The Red Hat security contact is <secalert@redhat.com>. More contactdetails at https://access.redhat.com/security/team/contact/Copyright 2022 Red Hat, Inc.-----BEGIN PGP SIGNATURE-----Version: GnuPG v1iQIVAwUBYuFkTtzjgjWX9erEAQhVwA/9HDoYsZc/1EEAG+m5aEGmL4Y+xh4focYSdXKiKg6BTY/GvdCkxseYf4rGsQqEagQ6eEqJNJHFDY8RJsg/hnhz57W0cUprZzC0HGa6iPBylPII5PBZ0kwjVpezz1onEWJ4TTd19fvlKrL5DCRT4ftlVl4N+ER9l4Ig0NRJ2C12tLs7Qe9U4Wl6+pP5OppxMx1chOH4i3TlRfJDDBLqbzrNnjs4WZvMl5bCKQwzT1l4dMBai2elzkmW4uizkSPrYQ/DYubUk2gctqDb0h5NURMWXC1Pxdiah+uNOgAa+HtNMzob7SkcUTQzO2M+z/8vsDnnOjq4mVAUhBMHKgDJv0d6/YRoyH4HMOeXYBurEbM4TWTCyeeSCCdScMKyKJXlgRf7gm5rVJC77jnB1T/HgrlzgUTtgq/YGk8e5RJqvUgGNSfIjqVP8BnzRoOr05kOemc2591FD+koFF0/Vt8VylMs4S0FRNCKq/bO/uznpR595k8oGTdeHDXJ9zczyIiUQU/J/JNPdTuAVB6c0aaec8wYQ2h75bl/5C8pTsQ3pVidzccmLorNoNKARsEDj8QU8KacvV475oLAA/6LQrOEpKTl3I3EcKX8FhLumjHb6gEYQMuON6RuIS2G3cOERLkRuEMYJpZgOCsIZ1zIiNH+7s85qmtA1R2Zmcbe3FiPyr0wEi8=Tk+0-----END PGP SIGNATURE-------RHSA-announce mailing listRHSA-announce@redhat.comhttps://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5596-01

Red Hat Security Advisory 2022-5532-01 - This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat Fuse 7.10 and includes bug fixes and enhancements, which are documented in the Release Notes document linked in the References. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, information leakage, memory leak, privilege escalation, and traversal vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: Red Hat Fuse 7.11.0 release and security update  
Advisory ID:       RHSA-2022:5532-01  
Product:           Red Hat JBoss Fuse  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5532  
Issue date:        2022-07-07  
CVE Names:         CVE-2020-7020 CVE-2020-9484 CVE-2020-15250  
                   CVE-2020-25689 CVE-2020-29582 CVE-2020-36518  
                   CVE-2021-2471 CVE-2021-3629 CVE-2021-3642  
                   CVE-2021-3644 CVE-2021-3807 CVE-2021-3859  
                   CVE-2021-4178 CVE-2021-22060 CVE-2021-22096  
                   CVE-2021-22119 CVE-2021-22569 CVE-2021-22573  
                   CVE-2021-24122 CVE-2021-25122 CVE-2021-25329  
                   CVE-2021-29505 CVE-2021-30640 CVE-2021-33037  
                   CVE-2021-33813 CVE-2021-35515 CVE-2021-35516  
                   CVE-2021-35517 CVE-2021-36090 CVE-2021-38153  
                   CVE-2021-40690 CVE-2021-41079 CVE-2021-41766  
                   CVE-2021-42340 CVE-2021-42550 CVE-2021-43797  
                   CVE-2021-43859 CVE-2022-0084 CVE-2022-1259  
                   CVE-2022-1319 CVE-2022-21363 CVE-2022-21724  
                   CVE-2022-22932 CVE-2022-22950 CVE-2022-22968  
                   CVE-2022-22970 CVE-2022-22971 CVE-2022-22976  
                   CVE-2022-22978 CVE-2022-23181 CVE-2022-23221  
                   CVE-2022-23596 CVE-2022-23913 CVE-2022-24614  
                   CVE-2022-25845 CVE-2022-26336 CVE-2022-26520  
                   CVE-2022-30126  
====================================================================  
1. Summary:

A minor version update (from 7.10 to 7.11) is now available for Red Hat  
Fuse. The purpose of this text-only errata is to inform you about the  
security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

This release of Red Hat Fuse 7.11.0 serves as a replacement for Red Hat  
Fuse 7.10 and includes bug fixes and enhancements, which are documented in  
the Release Notes document linked in the References.

Security Fix(es):

* fastjson (CVE-2022-25845)

* jackson-databind (CVE-2020-36518)

* mysql-connector-java (CVE-2021-2471, CVE-2022-21363)

* undertow (CVE-2022-1259, CVE-2021-3629, CVE-2022-1319)

* wildfly-elytron (CVE-2021-3642)

* nodejs-ansi-regex (CVE-2021-3807, CVE-2021-3807)

* 3 qt (CVE-2021-3859)

* kubernetes-client (CVE-2021-4178)

* spring-security (CVE-2021-22119)

* protobuf-java (CVE-2021-22569)

* google-oauth-client (CVE-2021-22573)

* XStream (CVE-2021-29505, CVE-2021-43859)

* jdom (CVE-2021-33813, CVE-2021-33813)

* apache-commons-compress (CVE-2021-35515, CVE-2021-35516, CVE-2021-35517,  
CVE-2021-36090)

* Kafka (CVE-2021-38153)

* xml-security (CVE-2021-40690)

* logback (CVE-2021-42550)

* netty (CVE-2021-43797)

* xnio (CVE-2022-0084)

* jdbc-postgresql (CVE-2022-21724)

* spring-expression (CVE-2022-22950)

* springframework (CVE-2021-22096, CVE-2021-22060, CVE-2021-22096,  
CVE-2022-22976, CVE-2022-22970, CVE-2022-22971, CVE-2022-22978)

* h2 (CVE-2022-23221)

* junrar (CVE-2022-23596)

* artemis-commons (CVE-2022-23913)

* elasticsearch (CVE-2020-7020)

* tomcat (CVE-2021-24122, CVE-2021-25329, CVE-2020-9484, CVE-2021-25122,  
CVE-2021-33037, CVE-2021-30640, CVE-2021-41079, CVE-2021-42340,  
CVE-2022-23181)

* junit4 (CVE-2020-15250)

* wildfly-core (CVE-2020-25689, CVE-2021-3644)

* kotlin (CVE-2020-29582)

* karaf (CVE-2021-41766, CVE-2022-22932)

* Spring Framework (CVE-2022-22968)

* metadata-extractor (CVE-2022-24614)

* poi-scratchpad (CVE-2022-26336)

* postgresql-jdbc (CVE-2022-26520)

* tika-core (CVE-2022-30126)

For more details about the security issues, including the impact, CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

3. Solution:

Before applying the update, back up your existing installation, including  
all applications, configuration files, databases and database settings, and  
so on.

Installation instructions are available from the Fuse 7.11.0 product  
documentation page:  
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

4. Bugs fixed (https://bugzilla.redhat.com/):

1838332 - CVE-2020-9484 tomcat: deserialization flaw in session persistence storage leading to RCE  
1887810 - CVE-2020-15250 junit4: TemporaryFolder is shared between all users across system which could result in information disclosure  
1893070 - CVE-2020-25689 wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller  
1893125 - CVE-2020-7020 elasticsearch: not properly preserving security permissions when executing complex queries may lead to information disclosure  
1917209 - CVE-2021-24122 tomcat: Information disclosure when using NTFS file system  
1930291 - CVE-2020-29582 kotlin: vulnerable Java API was used for temporary file and folder creation which could result in information disclosure  
1934032 - CVE-2021-25122 tomcat: Request mix-up with h2c  
1934061 - CVE-2021-25329 tomcat: Incomplete fix for CVE-2020-9484 (RCE via session persistence)  
1966735 - CVE-2021-29505 XStream: remote command execution attack by manipulating the processed input stream  
1973413 - CVE-2021-33813 jdom: XXE allows attackers to cause a DoS via a crafted HTTP request  
1976052 - CVE-2021-3644 wildfly-core: Invalid Sensitivity Classification of Vault Expression  
1977064 - CVE-2021-22119 spring-security: Denial-of-Service (DoS) attack via initiation of Authorization Request  
1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS  
1981407 - CVE-2021-3642 wildfly-elytron: possible timing attack in ScramServer  
1981533 - CVE-2021-33037 tomcat: HTTP request smuggling when used with a reverse proxy  
1981544 - CVE-2021-30640 tomcat: JNDI realm authentication weakness  
1981895 - CVE-2021-35515 apache-commons-compress: infinite loop when reading a specially crafted 7Z archive  
1981900 - CVE-2021-35516 apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive  
1981903 - CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive  
1981909 - CVE-2021-36090 apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive  
2004820 - CVE-2021-41079 tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine  
2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes  
2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients  
2010378 - CVE-2021-3859 undertow: client side invocation timeout raised when calling over HTTP2  
2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure  
2014356 - CVE-2021-42340 tomcat: OutOfMemoryError caused by HTTP upgrade connection leak could lead to DoS  
2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical  
2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling  
2033560 - CVE-2021-42550 logback: remote code execution through JNDI call from within its configuration file  
2034388 - CVE-2021-4178 kubernetes-client: Insecure deserialization in unmarshalYaml method  
2034584 - CVE-2021-22096 springframework: malicious input leads to insertion of additional log entries  
2039903 - CVE-2021-22569 protobuf-java: potential DoS in the parsing procedure for binary data  
2044596 - CVE-2022-23221 h2: Loading of custom classes from remote servers through JNDI  
2046279 - CVE-2022-22932 karaf: path traversal flaws  
2046282 - CVE-2021-41766 karaf: insecure java deserialization  
2047343 - CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors  
2047417 - CVE-2022-23181 tomcat: local privilege escalation vulnerability  
2049778 - CVE-2022-23596 junrar: A carefully crafted RAR archive can trigger an infinite loop while extracting  
2049783 - CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS  
2050863 - CVE-2022-21724 jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes  
2055480 - CVE-2021-22060 springframework: Additional Log Injection in Spring Framework (follow-up to CVE-2021-22096)  
2058763 - CVE-2022-24614 metadata-extractor: Out-of-memory when reading a specially crafted JPEG file  
2063292 - CVE-2022-26336 poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception  
2063601 - CVE-2022-23913 artemis-commons: Apache ActiveMQ Artemis DoS  
2064007 - CVE-2022-26520 postgresql-jdbc: Arbitrary File Write Vulnerability  
2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr  
2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects  
2069414 - CVE-2022-22950 spring-expression: Denial of service via specially crafted SpEL expression  
2072339 - CVE-2022-1259 undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)  
2073890 - CVE-2022-1319 undertow: Double AJP response for 400 from EAP 7 results in CPING failures  
2075441 - CVE-2022-22968 Spring Framework: Data Binding Rules Vulnerability  
2081879 - CVE-2021-22573 google-oauth-client: Token signature not verified  
2087214 - CVE-2022-22976 springframework: BCrypt skips salt rounds for work factor of 31  
2087272 - CVE-2022-22970 springframework: DoS via data binding to multipartFile or servlet part  
2087274 - CVE-2022-22971 springframework: DoS with STOMP over WebSocket  
2087606 - CVE-2022-22978 springframework: Authorization Bypass in RegexRequestMatcher  
2088523 - CVE-2022-30126 tika-core: Regular Expression Denial of Service in standards extractor  
2100654 - CVE-2022-25845 fastjson: autoType shutdown restriction bypass leads to deserialization

5. References:

https://access.redhat.com/security/cve/CVE-2020-7020  
https://access.redhat.com/security/cve/CVE-2020-9484  
https://access.redhat.com/security/cve/CVE-2020-15250  
https://access.redhat.com/security/cve/CVE-2020-25689  
https://access.redhat.com/security/cve/CVE-2020-29582  
https://access.redhat.com/security/cve/CVE-2020-36518  
https://access.redhat.com/security/cve/CVE-2021-2471  
https://access.redhat.com/security/cve/CVE-2021-3629  
https://access.redhat.com/security/cve/CVE-2021-3642  
https://access.redhat.com/security/cve/CVE-2021-3644  
https://access.redhat.com/security/cve/CVE-2021-3807  
https://access.redhat.com/security/cve/CVE-2021-3859  
https://access.redhat.com/security/cve/CVE-2021-4178  
https://access.redhat.com/security/cve/CVE-2021-22060  
https://access.redhat.com/security/cve/CVE-2021-22096  
https://access.redhat.com/security/cve/CVE-2021-22119  
https://access.redhat.com/security/cve/CVE-2021-22569  
https://access.redhat.com/security/cve/CVE-2021-22573  
https://access.redhat.com/security/cve/CVE-2021-24122  
https://access.redhat.com/security/cve/CVE-2021-25122  
https://access.redhat.com/security/cve/CVE-2021-25329  
https://access.redhat.com/security/cve/CVE-2021-29505  
https://access.redhat.com/security/cve/CVE-2021-30640  
https://access.redhat.com/security/cve/CVE-2021-33037  
https://access.redhat.com/security/cve/CVE-2021-33813  
https://access.redhat.com/security/cve/CVE-2021-35515  
https://access.redhat.com/security/cve/CVE-2021-35516  
https://access.redhat.com/security/cve/CVE-2021-35517  
https://access.redhat.com/security/cve/CVE-2021-36090  
https://access.redhat.com/security/cve/CVE-2021-38153  
https://access.redhat.com/security/cve/CVE-2021-40690  
https://access.redhat.com/security/cve/CVE-2021-41079  
https://access.redhat.com/security/cve/CVE-2021-41766  
https://access.redhat.com/security/cve/CVE-2021-42340  
https://access.redhat.com/security/cve/CVE-2021-42550  
https://access.redhat.com/security/cve/CVE-2021-43797  
https://access.redhat.com/security/cve/CVE-2021-43859  
https://access.redhat.com/security/cve/CVE-2022-0084  
https://access.redhat.com/security/cve/CVE-2022-1259  
https://access.redhat.com/security/cve/CVE-2022-1319  
https://access.redhat.com/security/cve/CVE-2022-21363  
https://access.redhat.com/security/cve/CVE-2022-21724  
https://access.redhat.com/security/cve/CVE-2022-22932  
https://access.redhat.com/security/cve/CVE-2022-22950  
https://access.redhat.com/security/cve/CVE-2022-22968  
https://access.redhat.com/security/cve/CVE-2022-22970  
https://access.redhat.com/security/cve/CVE-2022-22971  
https://access.redhat.com/security/cve/CVE-2022-22976  
https://access.redhat.com/security/cve/CVE-2022-22978  
https://access.redhat.com/security/cve/CVE-2022-23181  
https://access.redhat.com/security/cve/CVE-2022-23221  
https://access.redhat.com/security/cve/CVE-2022-23596  
https://access.redhat.com/security/cve/CVE-2022-23913  
https://access.redhat.com/security/cve/CVE-2022-24614  
https://access.redhat.com/security/cve/CVE-2022-25845  
https://access.redhat.com/security/cve/CVE-2022-26336  
https://access.redhat.com/security/cve/CVE-2022-26520  
https://access.redhat.com/security/cve/CVE-2022-30126  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.11.0  
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.11/

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkRNzjgjWX9erEAQg9LQ/9HYM6Ig0vTdDrN6ITdimAnjShWe/4Nyxx  
iZeg/VprKnpSQDRvNKIKUBuiKSggiTY4MZa3dXSJLkS57EyqZiWWTT2ADyN0Z6cm  
+sAQar6GTPg9eyZdMDeuM7plwQQZk8mzSj8aDN2QzHevnmNBlHlVE2MwpZmzVUjo  
O3/UhM4up60Z5Ryyk/4tWRry8wpj7rL9pW3HiVkxdHlDNijaxJ7PerXGItMpVytT  
0IVDwHz3jdJJH3/5uaeippUFu1S+L+75CwIUlvr25YIj3XQ4Sv1vdLvamf8j9P+8  
pVRnRyPl7vh2hXl8p2fby58LBINJKmUOOugeMWo2yoz9B4HQiTUOqXrOTe9nUD+P  
Ntx9YGTX6UhNG562eTAGGrKi0J0rd11FdqVfw12JeXWGqzYRfFW/UdKaRYCUQt24  
9O7FuzAHALe5Bcl7rGtKvbnY2DyLJ4AO3YdbskS502sTFjEfcdPObfQWaYniBBhx  
n8cmjdMB3bdGzpbPt/tlnYFNqdC9MSEn2J8kSlGMWP5Ntj5WYzReTiPAFY42dYpM  
gA4vqWNTn+lRAPm232u4CY9K7cDCz8Qdz22hoS21YulQXV+lDYyeyxCv0SwmG4yO  
rL5Uv5DOSmtH8UHa/vLTHKW7R59uuOLeAumfjRVxj52DJSCUTTGeKjBVTkjkpzq4  
rUyXD0vegnU=m5cz  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5532-01

Red Hat Security Advisory 2022-5526-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: squid:4 security update  
Advisory ID:       RHSA-2022:5526-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5526  
Issue date:        2022-07-07  
CVE Names:         CVE-2021-46784  
====================================================================  
1. Summary:

An update for the squid:4 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

Squid is a high-performance proxy caching server for web clients,  
supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: DoS when processing gopher server responses (CVE-2021-46784)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2100721 - CVE-2021-46784 squid: DoS when processing gopher server responses

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.src.rpm  
squid-4.15-3.module+el8.6.0+15801+8fa20c64.1.src.rpm

aarch64:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.aarch64.rpm  
squid-4.15-3.module+el8.6.0+15801+8fa20c64.1.aarch64.rpm  
squid-debuginfo-4.15-3.module+el8.6.0+15801+8fa20c64.1.aarch64.rpm  
squid-debugsource-4.15-3.module+el8.6.0+15801+8fa20c64.1.aarch64.rpm

ppc64le:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.ppc64le.rpm  
squid-4.15-3.module+el8.6.0+15801+8fa20c64.1.ppc64le.rpm  
squid-debuginfo-4.15-3.module+el8.6.0+15801+8fa20c64.1.ppc64le.rpm  
squid-debugsource-4.15-3.module+el8.6.0+15801+8fa20c64.1.ppc64le.rpm

s390x:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.s390x.rpm  
squid-4.15-3.module+el8.6.0+15801+8fa20c64.1.s390x.rpm  
squid-debuginfo-4.15-3.module+el8.6.0+15801+8fa20c64.1.s390x.rpm  
squid-debugsource-4.15-3.module+el8.6.0+15801+8fa20c64.1.s390x.rpm

x86_64:  
libecap-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-debuginfo-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-debugsource-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
libecap-devel-1.0.1-2.module+el8.1.0+4044+36416a77.x86_64.rpm  
squid-4.15-3.module+el8.6.0+15801+8fa20c64.1.x86_64.rpm  
squid-debuginfo-4.15-3.module+el8.6.0+15801+8fa20c64.1.x86_64.rpm  
squid-debugsource-4.15-3.module+el8.6.0+15801+8fa20c64.1.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-46784  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFj/NzjgjWX9erEAQhUOA//QaRq6JfxhCp5xvfXkTIuDmwHlytCwIxP  
8RtPL3ADqCGI0iyh00YCq44oPOpw8e746a1VeZiB8HbZ4/PcUfCZY7pE/E3B7/ke  
k2Q+oaez4I3w+yZj8hN2OLVl/eBH//tDBXCB0uyg5blcpS56xQjlYfX04ZaKD3WX  
ClbvBvFTNYwu4cmaXTERNgBiD0SiiadHyAAQavJhpWWlGlumxgu0Jxkqus1UbCkR  
PU2Qi5ZKRoxeSzwluKTcz2JJPAgsYJvB/2xzPrygfBfLTqIkPTOTd2rYKxryEE05  
NYuBs4gVkS8cKkMf1wtfiXnc2rXkvpYwrDJtEmkGN5oB8HfC+V4G5EqfTVrhtTI1  
kiIeuEHVFjvNBHX7okZjhCz9Do3c86gVIb8UunUOykPENYk3ijMqRujilB7vM9WY  
chvrMS5xIfFRWr4JpXeq8pBxujCOwnQBUQ9yzCFqQpVYApLECL/7dO/1vbHkwRzw  
6SeDwNddsaB9hjhF2hZlevztdybL8sX3daKYyssQKLkTTXEketM2WBDlqN+j5qs8  
1QZ4AtgyS/2gHyorfY4uK6OtWyOgnOY19+rX3aJRCyE+g/ljQgFtiZWA+KeSWnNp  
Ao66n8lHheDWilf1vCSx0x04RyJ+dtdHH38Dnai4Ta4cMjTRn2CKOYWKFn50BCD3  
1CXNL6QbsSU=hQkc  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5526-01

Red Hat Security Advisory 2022-5542-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: squid security update  
Advisory ID:       RHSA-2022:5542-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:5542  
Issue date:        2022-07-11  
CVE Names:         CVE-2021-46784  
====================================================================  
1. Summary:

An update for squid is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux Workstation (v. 7) - x86_64  
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Squid is a high-performance proxy caching server for web clients,  
supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

* squid: DoS when processing gopher server responses (CVE-2021-46784)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the squid service will be restarted  
automatically.

5. Bugs fixed (https://bugzilla.redhat.com/):

2100721 - CVE-2021-46784 squid: DoS when processing gopher server responses

6. Package List:

Red Hat Enterprise Linux Server (v. 7):

Source:  
squid-3.5.20-17.el7_9.7.src.rpm

ppc64:  
squid-3.5.20-17.el7_9.7.ppc64.rpm  
squid-debuginfo-3.5.20-17.el7_9.7.ppc64.rpm  
squid-migration-script-3.5.20-17.el7_9.7.ppc64.rpm

ppc64le:  
squid-3.5.20-17.el7_9.7.ppc64le.rpm  
squid-debuginfo-3.5.20-17.el7_9.7.ppc64le.rpm  
squid-migration-script-3.5.20-17.el7_9.7.ppc64le.rpm

s390x:  
squid-3.5.20-17.el7_9.7.s390x.rpm  
squid-debuginfo-3.5.20-17.el7_9.7.s390x.rpm  
squid-migration-script-3.5.20-17.el7_9.7.s390x.rpm

x86_64:  
squid-3.5.20-17.el7_9.7.x86_64.rpm  
squid-debuginfo-3.5.20-17.el7_9.7.x86_64.rpm  
squid-migration-script-3.5.20-17.el7_9.7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

ppc64:  
squid-debuginfo-3.5.20-17.el7_9.7.ppc64.rpm  
squid-sysvinit-3.5.20-17.el7_9.7.ppc64.rpm

ppc64le:  
squid-debuginfo-3.5.20-17.el7_9.7.ppc64le.rpm  
squid-sysvinit-3.5.20-17.el7_9.7.ppc64le.rpm

s390x:  
squid-debuginfo-3.5.20-17.el7_9.7.s390x.rpm  
squid-sysvinit-3.5.20-17.el7_9.7.s390x.rpm

x86_64:  
squid-debuginfo-3.5.20-17.el7_9.7.x86_64.rpm  
squid-sysvinit-3.5.20-17.el7_9.7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
squid-3.5.20-17.el7_9.7.src.rpm

x86_64:  
squid-3.5.20-17.el7_9.7.x86_64.rpm  
squid-debuginfo-3.5.20-17.el7_9.7.x86_64.rpm  
squid-migration-script-3.5.20-17.el7_9.7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:  
squid-debuginfo-3.5.20-17.el7_9.7.x86_64.rpm  
squid-sysvinit-3.5.20-17.el7_9.7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2021-46784  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYuFkBtzjgjWX9erEAQiEtw//Sd27/zmHD1P0pBH8YEa1OHqOZh71Jk6A  
1ygjvpLKK5rF/E6CIMpTgAyDAGK4fxyvL+kMr3Kg6xzmC3X8vZ2zT/UIXu2adI+o  
jTds4nBA6+ALHHKSJXZQlWwvzg0U0xyKVgSGkN2+BA9Gvfou+DTpYGluZ95O42Yc  
DQnsgVb0WBVqDb6xQDgPFHBuaPc9xhwEq2GTunJt2Qv0Q/VJvxXJTzcBr8F7F7y7  
ARB974Iwhr5UkqBcQu1Dz80Urdw6VfWLl6lrSfuITD2hvBsy7jLM8Iyegw0bwTx9  
uFjWyyy/QI9uhj1PkYnkKypmFIMGkFeZ2wAisDjUimVgEv0Q6ex+knwxUjIYAI6z  
rlSGRt5QnrI/PkW/Cvz7zyn+SCef2ZBbb5XMZRrCvZ9qK328SUNmqYwSlOmjMLTQ  
cuFeE3SWOiD8+zvag4lyzUfsrCY3ALWiMBIdUGUGtYRFNI3mcG/KwwFAVoE0lCaq  
KOZiThiVmF8YQdWh0pnBDmIQ7emkyXckcdSGNp3yHdxy9GvtwHKOHsFv329M8D/w  
O17ok3yWZ5QZ90QyGMeig+mBhic7p61P6jVEjgZuh4IxOXh/rsjh5Wnqu7MbyDzk  
U4pA+6S5DQ7GFAKvNasK0UiKkVxZth1xOs5gZxnQ+H/7DLgUuP7lOBUfzhOMt69r  
GeTvRNOaiqoüwp  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-5542-01

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors.

**Abstract**

Multiple vulnerabilities allow remote authenticated users to conduct denial-of-service attacks or obtain user credentials via a susceptible version of Synology DiskStation Manager (DSM).

**Affected Products**

Product

Severity

Fixed Release Availability

DSM 6.2

Moderate

Upgrade to 6.2.3-25423 or above.

VS Firmware 2.3

Moderate

Pending

**Mitigation**

None

**Detail**

*   CVE-2022-27610
    *   Severity: Moderate
    *   CVSS3 Base Score: 6.5
    *   CVSS3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
    *   Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25423 allows remote authenticated users to delete arbitrary files via unspecified vectors.

**Acknowledgement**

Qian Chen (@cq674350529) from Codesafe Team of Legendsec at Qi'anxin Group

**Revision**

Revision

Date

Description

1

2020-04-29

Initial public release.

2

2022-07-27

Disclosed vulnerability details.

CVE-2022-27610: Synology_SA_20_06 | Synology Inc.

Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary.

**Crash**

In Rizin of the current version, an integer overflow is found in get\_long\_object(). It further leads to a heap buffer overflow. The attacker can launch the DoS attack with a malformed binary.

**Work environment**

Questions

Answers

OS/arch/bits (mandatory)

Linux 5.18.6-arch1-1

File format of the file you reverse (mandatory)

malformed

Architecture/bits of the file (mandatory)

malformed

rizin -v full output, **not truncated** (mandatory)

rizin 0.5.0 @ linux-x86-64 commit: 74e499a, build: 2022-06-25\_\_09:14:00

**Expected behavior**

run normally

**Actual behavior**

crash

**Steps to reproduce the behavior**

Open the attached file (after unzip) with Rizin.

**Additional Logs, screenshots, source code, configuration dump, ...**

input.zip

ERROR: Undefined type in free\_object (0)
ERROR: Undefined type in get\_object (0x0)
ERROR: Undefined type in get\_object (0x0)
ERROR: Undefined type in get\_object (0x14)
ERROR: Undefined type in get\_object (0x0)
ERROR: Undefined type in get\_object (0x2)
ERROR: Undefined type in get\_object (0x0)
ERROR: Undefined type in get\_object (0x0)
ERROR: Undefined type in get\_object (0x40)
ERROR: Undefined type in get\_object (0x0)
ERROR: Undefined type in get\_object (0x0)
ERROR: Undefined type in get\_object (0x40)
ERROR: Undefined type in get\_object (0x0)
ERROR: Undefined type in get\_object (0x0)
ERROR: Copy not implemented for type 7b
../librz/bin/format/pyc/marshal.c:202:18: runtime error: signed integer overflow: 1162871039 \* 15 cannot be represented in type 'int'
=================================================================
==2965413==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7fa62f4647ff at pc 0x7fa63e73190d bp 0x7fffe4547ef0 sp 0x7fffe4547ee0
WRITE of size 1 at 0x7fa62f4647ff thread T0
    #0 0x7fa63e73190c in get\_long\_object ../librz/bin/format/pyc/marshal.c:219
    #1 0x7fa63e73190c in get\_object ../librz/bin/format/pyc/marshal.c:1099
    #2 0x7fa63e7332e5 in get\_code\_object ../librz/bin/format/pyc/marshal.c:948
    #3 0x7fa63e7305a3 in get\_object ../librz/bin/format/pyc/marshal.c:1054
    #4 0x7fa63e7342a6 in get\_sections\_symbols\_from\_code\_objects ../librz/bin/format/pyc/marshal.c:1204
    #5 0x7fa63e439e26 in symbols ../librz/bin/p/bin\_pyc.c:126
    #6 0x7fa63e30551b in rz\_bin\_object\_set\_items ../librz/bin/bobj.c:419
    #7 0x7fa63e30a21d in rz\_bin\_object\_new ../librz/bin/bobj.c:282
    #8 0x7fa63e2e5ca4 in rz\_bin\_file\_new\_from\_buffer ../librz/bin/bfile.c:277
    #9 0x7fa63e2f2675 in rz\_bin\_open\_buf ../librz/bin/bin.c:283
    #10 0x7fa63e2f3f72 in rz\_bin\_open\_io ../librz/bin/bin.c:341
    #11 0x7fa63c5fe1a3 in core\_file\_do\_load\_for\_io\_plugin ../librz/core/cfile.c:727
    #12 0x7fa63c5fe1a3 in rz\_core\_bin\_load ../librz/core/cfile.c:974
    #13 0x7fa645326b1d in rz\_main\_rizin ../librz/main/rizin.c:1147
    #14 0x7fa64482928f  (/usr/lib/libc.so.6+0x2928f)
    #15 0x7fa644829349 in \_\_libc\_start\_main (/usr/lib/libc.so.6+0x29349)
    #16 0x55c82ec2f964 in \_start (/usr/local/bin/rizin+0x2964)

0x7fa62f4647ff is located 1 bytes to the left of 65799105-byte region \[0x7fa62f464800,0x7fa633324bc1)
allocated by thread T0 here:
    #0 0x7fa6460bfa89 in \_\_interceptor\_malloc /usr/src/debug/gcc/libsanitizer/asan/asan\_malloc\_linux.cpp:69
    #1 0x7fa63e72e907 in get\_long\_object ../librz/bin/format/pyc/marshal.c:205
    #2 0x7fa63e72e907 in get\_object ../librz/bin/format/pyc/marshal.c:1099
    #3 0x7fa63e7332e5 in get\_code\_object ../librz/bin/format/pyc/marshal.c:948
    #4 0x7fa63e7305a3 in get\_object ../librz/bin/format/pyc/marshal.c:1054
    #5 0x7fa63e7342a6 in get\_sections\_symbols\_from\_code\_objects ../librz/bin/format/pyc/marshal.c:1204
    #6 0x7fa63e439e26 in symbols ../librz/bin/p/bin\_pyc.c:126
    #7 0x7fa63e30551b in rz\_bin\_object\_set\_items ../librz/bin/bobj.c:419
    #8 0x7fa63e30a21d in rz\_bin\_object\_new ../librz/bin/bobj.c:282
    #9 0x7fa63e2e5ca4 in rz\_bin\_file\_new\_from\_buffer ../librz/bin/bfile.c:277
    #10 0x7fa63e2f2675 in rz\_bin\_open\_buf ../librz/bin/bin.c:283
    #11 0x7fa63e2f3f72 in rz\_bin\_open\_io ../librz/bin/bin.c:341
    #12 0x7fa63c5fe1a3 in core\_file\_do\_load\_for\_io\_plugin ../librz/core/cfile.c:727
    #13 0x7fa63c5fe1a3 in rz\_core\_bin\_load ../librz/core/cfile.c:974
    #14 0x7fa645326b1d in rz\_main\_rizin ../librz/main/rizin.c:1147
    #15 0x7fa64482928f  (/usr/lib/libc.so.6+0x2928f)

SUMMARY: AddressSanitizer: heap-buffer-overflow ../librz/bin/format/pyc/marshal.c:219 in get\_long\_object
Shadow bytes around the buggy address:
  0x0ff545e848a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff545e848b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff545e848c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff545e848d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0ff545e848e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0ff545e848f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa\[fa\]
  0x0ff545e84900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff545e84910: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff545e84920: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff545e84930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ff545e84940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==2965413==ABORTING

CVE-2022-34612: An integer overflow is found in get_long_object() · Issue #2738 · rizinorg/rizin

By Deeba Ahmed
Researchers have identified as many as eleven critical vulnerabilities in different versions of Nuki Smart Locks. The IT…
This is a post from HackRead.com Read the original post: Critical Vulnerabilities Exposed Nuki Smart Locks to a Plethora of Attack Options

****Researchers have identified as many as eleven critical vulnerabilities in different versions of Nuki Smart Locks.****

The IT security researchers at Manchester, England-based NCC Group have released a technical advisory explaining how Nuki Smart Locks were vulnerable to a plethora of attack possibilities.

It is worth noting that Nuki Home Solutions is a Graz, Austria-based supplier of smart home solutions in Europe. Here is a detailed overview of the eleven flaws in Nuki’s locks.

**Lack of Certificate Validation on TLS Communications**

This flaw is tracked as CVE-2022-32509 and affects Nuki Smart Lock version 3.0. As per the NCC Group research, the company didn’t implement SSL/TLS certificate validation on its Smart lock and Bridge devices. Without SSL/TLS certificate validation, attackers can perform man-in-the-middle attacks and access network traffic sent through an encrypted channel.

**Stack Buffer Overflow Parsing JSON Responses**

Tracked as CVE-2022-32504, this vulnerability affects Nuki Smart Lock 3.0. The issue can allow an attacker to get arbitrary code execution privilege on the device. The flaw is found in the code that implements the JSON objects parsing received from the SSE WebSocket, leading to a stack buffer overflow.

**Stack Buffer Overflow Parsing HTTP Parameters**

As per NCC Group’s technical writeup, the code responsible for overseeing the HTTP API parameter parsing logic causes a stack buffer overflow. It could be exploited to perform arbitrary code execution. This flaw is tracked as CVE-2022-32502 and was discovered in Nuki Bridge version 1.

**Broken Access Controls in the BLE Protocol**

The flaw is tracked as CVE-2022-32507 and affects Nuki Smart Lock 3.0. Research revealed that inadequate access control measures were used in the Bluetooth Low Energy Nuki API implementation, which could allow users to send out high-privilege commands to the Keyturner without being authorized for it.

1.  The Most Commonly Hacked Smart Home Tech
2.  Hackers can unlock a smartphone with fingerprints on glass of water
3.  Smart Lock vulnerability can give hackers full access to Wi-Fi network
4.  Hackers can clone your lock keys by recording clicks from smartphone
5.  Vulnerable smart alarms allowed hackers to track & turn off car engine

**TAG Exposed via Test Points**

This flaw is classified as CVE-2022-32503 and impacts Nuki Keypad. The TAG Exposed issue exposed the JTAG hardware interfaces on the affected devices.

Exploiting this flaw can allow an attacker to use the JTAG boundary scan feature to control code execution on the processor, debug the firmware, and read/alter the internal/external flash memory content. However, the attacker must have physical access to the circuit board to exploit the scan feature.

**Sensitive Information Sent Over an Unencrypted Channel**

This vulnerability is assigned CVE-2022-32510 and impacts Nuki Bridge version 1. The Bridge exposes the HTTP API using an unencrypted channel to access an administrative interface. The attacker can passively gather communication between the HTTP API and a client after accessing any device connected to the local network. A malicious actor can conveniently impersonate a legit user and access the full set of API endpoints.

**WD Interfaces Exposed via Test Points**

Tracked as CVE-2022-32506, the flaw exposed SWD hardware interfaces and was identified in Nuki smart lock 3.0. The attacker can use the SWD debug feature after having physical access to the circuit board, control the processor’s code execution, and debug the firmware.

SWD test points exposed (Image: Ncc Group)

**Denial of Service via Unauthenticated HTTP API Messages**

This flaw is classified as CVE-2022-32508 and impacts Nuki Bridge version 1. The flaw made devices vulnerable to denial of service (DoS) attacks if the attacker used specially crafted HTTP packets. Thus, impacting access to the Bridge and rendering the device unstable.

**Denial of Service via Unauthenticated BLE packets**

Tracked as CVE-2022-32505, this flaw made the impacted devices vulnerable to DoS attack through specially crafted Bluetooth Low energy packets. This could affect Keyturner’s availability and make the device unstable. Most BLE characteristics were found to be vulnerable to this issue.

**Insecure Invite Keys Implementation**

This flaw impacts the Nuki Smart Lock app version 2.22.5.5 (661). The invite token created for identifying a user during an invitation process is used to encrypt/decrypt the invite keys on the Nuki servers. A threat actor can easily take full control of the servers through this flaw and leak sensitive data.

**Opener Name Could Be Overwritten Without Authentication**

The Nuki Opener is impacted by this vulnerability that emerged from an insecure Opener Bluetooth Low energy implementation, allowing malicious actors to change the BLE device name. The device allowed an unauthenticated attacker to change the BLE device name.

**Current status**

The NCC Group informed Nuki about these flaws on 20th April 2022, and the company quickly responded. On 6th May 2022, Nuki contacted NCC Group regarding the progress on fixes. On 9th June 2022, patches were released for all vulnerabilities, after which NCC Group released a technical advisory.

Critical Vulnerabilities Exposed Nuki Smart Locks to a Plethora of Attack Options

A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.

Tag

#dos