Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

CVE-2022-31781: security - [CVE-2022-31781] Apache Tapestry denial of service vulnerability

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild.
Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild.

Of the 84 shortcomings, four are rated Critical, and 80 are rated Important in severity. Also separately resolved by the tech giant are two other bugs in the Chromium-based Edge browser, one of which plugs another zero-day flaw that Google disclosed as being actively exploited in real-world attacks.

Top of the list of this month's updates is CVE-2022-22047 (CVSS score: 7.8), a case of privilege escalation in the Windows Client Server Runtime Subsystem (CSRSS) that could be abused by an attacker to gain SYSTEM permissions.

"With this level of access, the attackers are able to disable local services such as Endpoint Detection and Security tools," Kev Breen, director of cyber threat research at Immersive Labs, told The Hacker News. "With SYSTEM access they can also deploy tools like Mimikatz which can be used to recover even more admin and domain level accounts, spreading the threat quickly."

Very little is known about the nature and scale of the attacks other than an "Exploitation Detected" assessment from Microsoft. The company's Threat Intelligence Center (MSTIC) and Security Response Center (MSRC) have been credited with reporting the flaw.

Besides CVE-2022-22047, two more elevation of privilege flaws have been fixed in the same component — CVE-2022-22026 (CVSS score: 8.8) and CVE-2022-22049 (CVSS score: 7.8) — that were reported by Google Project Zero researcher Sergei Glazunov.

"A locally authenticated attacker could send specially crafted data to the local CSRSS service to elevate their privileges from AppContainer to SYSTEM," Microsoft said in an advisory for CVE-2022-22026.

"Because the AppContainer environment is considered a defensible security boundary, any process that is able to bypass the boundary is considered a change in Scope. The attacker could then execute code or access resources at a higher integrity level than that of the AppContainer execution environment."

Also remediated by Microsoft include a number of remote code execution bugs in Windows Network File System (CVE-2022-22029 and CVE-2022-22039), Windows Graphics (CVE-2022-30221), Remote Procedure Call Runtime (CVE-2022-22038), and Windows Shell (CVE-2022-30222).

The update further stands out for patching as many as 32 issues in the Azure Site Recovery disaster recovery service. Two of these flaws are related to remote code execution and the remaining 30 concern privilege escalation.

"Successful exploitation \[...\] requires an attacker to compromise admin credentials to one of the VMs associated with the configuration server," the company said, adding the flaws do not "allow disclosure of any confidential information, but could allow an attacker to modify data that could result in the service being unavailable."

On top of that, Microsoft's July update also contains fixes for four privilege escalation vulnerabilities in the Windows Print Spooler module (CVE-2022-22022, CVE-2022-22041, CVE-2022-30206, and CVE-2022-30226) after a brief respite in June 2022, underscoring what appears to be a never-ending stream of flaws plaguing the technology.

Rounding off the Patch Tuesday updates are two notable fixes for tampering vulnerabilities in the Windows Server Service (CVE-2022-30216) and Microsoft Defender for Endpoint (CVE-2022-33637) and three denial-of-service (DoS) flaws in Internet Information Services (CVE-2022-22025 and CVE-2022-22040) and Security Account Manager (CVE-2022-30208).

**Software Patches from Other Vendors**

In addition to Microsoft, security updates have also been released by other vendors since the start of the month to rectify several vulnerabilities, including —

*   Adobe
*   AMD
*   Android
*   Apache Projects
*   Cisco
*   Citrix
*   Dell
*   Fortinet
*   GitLab
*   Google Chrome
*   HP
*   Intel
*   Lenovo
*   Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
*   MediaTek
*   Qualcomm
*   SAP
*   Schneider Electric
*   Siemens, and
*   VMware

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Microsoft Releases Fix for Zero-Day Flaw in July 2022 Security Patch Rollout

Windows Internet Information Services Cachuri Module Denial of Service Vulnerability.

CVE-2022-22025

Internet Information Services Dynamic Compression Module Denial of Service Vulnerability.

CVE-2022-22040

Windows Security Account Manager (SAM) Denial of Service Vulnerability.

CVE-2022-30208

Implemented protections on AWS credentials that were not properly protected.

**WDC Tracking Number:** WDC-22009  
**Published:** July 11, 2022

**Last Updated:** July 11, 2022

**Description**

My Cloud Home Firmware 8.7.0-107 is a major release containing updates to help improve the security of your My Cloud Home devices. Numerous changes were made to the operating system to comprehensively improve its security and to upgrade the user experience to support our latest technologies.

The base operating system has been upgraded from an Android based operating system to the Linux operating system to align with security and stability updates from Debian 10 “Buster”.

Additionally, the Linux kernel has been updated to 4.9.266.

Your My Cloud Home device will be automatically updated to reflect the latest firmware version.    

**Product Impact**

**Minimum Fix Version**

**Last Updated**

My Cloud Home

8.7.0-107

July 8, 2022

My Cloud Home Duo

8.7.0-107

July 8, 2022

For more information on the latest security updates, see the release notes.

**Advisory Summary**

A vulnerability in the Linux kernel’s cgroup\_release\_agent\_write was addressed that could lead to escalation of privileges and bypass namespace isolation unexpectedly.  

Addressed an issue in OpenSSL that would make it possible to trigger an infinite loop by crafting a certificate that has invalid elliptic curve parameters. Since certificate parsing takes place before the certificate signature verification process, this could lead to a denial-of-service attack.

**CVE Number:** CVE-2022-0778  

Addressed a memory copy vulnerability in the Linux Wi-Fi driver.  

Addressed a command injection attack that could allow a malicious attacker on the same LAN to carry out a DNS spoofing attack via an unsecured HTTP call. This was done by removing the affected code from the product.

**CVE Number:** CVE-2022-22991, CVE-2022-22994

Reported By: Martin Rakhmanov (@mrakhmanov) working with Trend Micro’s Zero Day Initiative  

A vulnerability was discovered within the parsing of extended attributes (EA) metadata when opening a file in smbd. This vulnerability can be exploited by unauthenticated users if they are allowed write access to file extended attributes. This vulnerability was addressed by removing the "fruit" VFS module from the list of configured VFS objects and by changing EA support configurations.

**CVE Number:** CVE-2021-44142

Reported By: Nguyen Hoang Thach (@hi\_im\_d4rkn3ss) and Billy Jheng Bing-Jhong (@st424204) working with Trend Micro’s Zero Day Initiative  

Addressed multiple FFmpeg vulnerabilities by updating the version to 7:4.1.8-0+deb10u1.

**CVE Number:** CVE-2020-20445, CVE-2020-20446, CVE-2020-20453, CVE-2020-21041, CVE-2020-22015, CVE-2020-22016, CVE-2020-22017, CVE-2020-22019, CVE-2020-22020, CVE-2020-22021, CVE-2020-22022, CVE-2020-22023, CVE-2020-22025, CVE-2020-22026, CVE-2020-22027, CVE-2020-22028, CVE-2020-22029, CVE-2020-22030, CVE-2020-22031, CVE-2020-22032, CVE-2020-22033, CVE-2020-22034, CVE-2020-22035, CVE-2020-22036, CVE-2020-22037, CVE-2020-22049, CVE-2020-22054, CVE-2020-35965, CVE-2021-38114, CVE-2021-38171, CVE-2021-38291  

Addressed multiple FFmpeg vulnerabilities by updating the version to 7:4.1.9-0+deb10u1.  

Implemented firmware signing to prevent malicious modifications to the firmware and verify the firmware’s authenticity and integrity.  

Transitioned to Go’s crypto/tls library for secure communications.  

Enabled several kernel hardening options to make exploits of kernel and userland security bugs more difficult to develop.  

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices. Implemented protections on AWS credentials that were not properly protected..

**CVE Number:** CVE-2022-22997, CVE-2022-22998

Western Digital would like to thank Viettel Cyber Security for reporting this issue.  

Addressed multiple libtiff null pointer dereference vulnerabilities by updating the version to 4.4.0.

**CVE Number:** CVE-2022-0562, CVE-2022-0561, CVE-2022-0865  

Addressed an improper input validation and out-of-bounds write vulnerability in TensorFlow which is an open-source platform for machine learning. An attacker could pass negative values to cause a segmentation fault-based denial-of-service attack. Certain components also did not validate input arguments which could also trigger a denial-of-service attack.

**CVE Number:** CVE-2022-29191, CVE-2022-29213, CVE-2022-29208

CVE-2022-22998: WDC-22009 My Cloud Home Firmware Version 8.7.0-107 | Western Digital

A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor.

**Red Hat Product Security Center**

Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

Product Security Center

CVE-2022-2211: Red Hat Customer Portal - Access to 24x7 support and knowledge

Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition.

CVE-2022-1737

Ubuntu Security Notice 5510-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.

==========================================================================  
Ubuntu Security Notice USN-5510-1  
July 12, 2022

xorg-server, xorg-server-hwe-18.04, xwayland vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 21.10  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in X.Org X Server.

Software Description:  
- xorg-server: X.Org X11 server  
- xwayland: Xwayland X server  
- xorg-server-hwe-18.04: X.Org X11 server

Details:

Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled  
certain inputs. An attacker could use this issue to cause the server to  
crash, resulting in a denial of service, or possibly execute arbitrary  
code and escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
  xserver-xorg-core               2:21.1.3-2ubuntu2.1  
  xwayland                        2:22.1.1-1ubuntu0.1

Ubuntu 21.10:  
  xserver-xorg-core               2:1.20.13-1ubuntu1.2  
  xwayland                        2:21.1.2-0ubuntu1.2

Ubuntu 20.04 LTS:  
  xserver-xorg-core               2:1.20.13-1ubuntu1~20.04.3  
  xwayland                        2:1.20.13-1ubuntu1~20.04.3

Ubuntu 18.04 LTS:  
  xserver-xorg-core               2:1.19.6-1ubuntu4.11  
  xserver-xorg-core-hwe-18.04     2:1.20.8-2ubuntu2.2~18.04.7  
  xwayland                        2:1.19.6-1ubuntu4.11  
  xwayland-hwe-18.04              2:1.20.8-2ubuntu2.2~18.04.7

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5510-1  
  CVE-2022-2319, CVE-2022-2320

Package Information:  
  https://launchpad.net/ubuntu/+source/xorg-server/2:21.1.3-2ubuntu2.1  
  https://launchpad.net/ubuntu/+source/xwayland/2:22.1.1-1ubuntu0.1  
  https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1.2  
  https://launchpad.net/ubuntu/+source/xwayland/2:21.1.2-0ubuntu1.2  
  https://launchpad.net/ubuntu/+source/xorg-server/2:1.20.13-1ubuntu1~20.04.3  
  https://launchpad.net/ubuntu/+source/xorg-server/2:1.19.6-1ubuntu4.11

https://launchpad.net/ubuntu/+source/xorg-server-hwe-18.04/2:1.20.8-2ubuntu2.2~18.04.7

Ubuntu Security Notice USN-5510-1

Ubuntu Security Notice 5508-1 - It was discovered that Python LDAP incorrectly handled certain regular expressions. An remote attacker could possibly use this issue to cause a denial of service.

=========================================================================  
Ubuntu Security Notice USN-5508-1  
July 11, 2022

python-ldap vulnerability  
=========================================================================  
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 21.10  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

Python LDAP could be made to denial of service if it received a specially  
crafted regular expression.

Software Description:  
- python-ldap: LDAP interface module for Python3

Details:

It was discovered that Python LDAP incorrectly handled certain regular expressions.  
An remote attacker could possibly use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
  python3-ldap                    3.2.0-4ubuntu7.1  
  python3-pyldap                  3.2.0-4ubuntu7.1

Ubuntu 21.10:  
  python3-ldap                    3.2.0-4ubuntu5.1  
  python3-pyldap                  3.2.0-4ubuntu5.1

Ubuntu 20.04 LTS:  
  python3-ldap                    3.2.0-4ubuntu2.1  
  python3-pyldap                  3.2.0-4ubuntu2.1

Ubuntu 18.04 LTS:  
  python-ldap                     3.0.0-1ubuntu0.2  
  python-pyldap                   3.0.0-1ubuntu0.2  
  python3-ldap                    3.0.0-1ubuntu0.2  
  python3-pyldap                  3.0.0-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5508-1  
  CVE-2021-46823

Package Information:  
  https://launchpad.net/ubuntu/+source/python-ldap/3.2.0-4ubuntu7.1  
  https://launchpad.net/ubuntu/+source/python-ldap/3.2.0-4ubuntu5.1  
  https://launchpad.net/ubuntu/+source/python-ldap/3.2.0-4ubuntu2.1  
  https://launchpad.net/ubuntu/+source/python-ldap/3.0.0-1ubuntu0.2

Tag

#dos