Red Hat Security Advisory 2023-7139-01 - An update for samba, evolution-mapi, and openchangeis now available for Red Hat Enterprise Linux 8. Issues addressed include out of bounds read and path disclosure vulnerabilities.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7139.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: samba security, bug fix, and enhancement updateAdvisory ID:        RHSA-2023:7139-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7139Issue date:         2023-11-14Revision:           01CVE Names:          CVE-2022-2127====================================================================Summary: An update for samba, evolution-mapi, and openchangeis now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.The following packages have been upgraded to a later upstream version: samba (4.18.6). (BZ#2190417)Security Fix(es):* samba: out-of-bounds read in winbind AUTH_CRAP (CVE-2022-2127)* samba: infinite loop in mdssvc RPC service for spotlight (CVE-2023-34966)* samba: type confusion in mdssvc RPC service for spotlight (CVE-2023-34967)* samba: spotlight server-side share path disclosure (CVE-2023-34968)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-2127References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2175385https://bugzilla.redhat.com/show_bug.cgi?id=2190417https://bugzilla.redhat.com/show_bug.cgi?id=2218237https://bugzilla.redhat.com/show_bug.cgi?id=2221594https://bugzilla.redhat.com/show_bug.cgi?id=2221600https://bugzilla.redhat.com/show_bug.cgi?id=2222791https://bugzilla.redhat.com/show_bug.cgi?id=2222793https://bugzilla.redhat.com/show_bug.cgi?id=2222794https://bugzilla.redhat.com/show_bug.cgi?id=2222795https://bugzilla.redhat.com/show_bug.cgi?id=2222884https://bugzilla.redhat.com/show_bug.cgi?id=2232564

Red Hat Security Advisory 2023-7139-01

Red Hat Security Advisory 2023-7116-01 - An update for c-ares is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7116.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: c-ares security updateAdvisory ID:        RHSA-2023:7116-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7116Issue date:         2023-11-14Revision:           01CVE Names:          CVE-2022-4904====================================================================Summary: An update for c-ares is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API.Security Fix(es):* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-4904References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2168631

Red Hat Security Advisory 2023-7116-01

Red Hat Security Advisory 2023-7112-01 - An update for shadow-utils is now available for Red Hat Enterprise Linux 8.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7112.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Low: shadow-utils security and bug fix updateAdvisory ID:        RHSA-2023:7112-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7112Issue date:         2023-11-14Revision:           01CVE Names:          CVE-2023-4641====================================================================Summary: An update for shadow-utils is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fix(es):* shadow-utils: possible password leak during passwd(1) change (CVE-2023-4641)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-4641References:https://access.redhat.com/security/updates/classification/#lowhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=1984740https://bugzilla.redhat.com/show_bug.cgi?id=1994269https://bugzilla.redhat.com/show_bug.cgi?id=2012929https://bugzilla.redhat.com/show_bug.cgi?id=2215945

Red Hat Security Advisory 2023-7112-01

Red Hat Security Advisory 2023-7109-01 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8. Issues addressed include an information leakage vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7109.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: linux-firmware security, bug fix, and enhancement updateAdvisory ID:        RHSA-2023:7109-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7109Issue date:         2023-11-14Revision:           01CVE Names:          CVE-2023-20569====================================================================Summary: An update for linux-firmware is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The linux-firmware packages contain all of the firmware files that are required by various devices to operate.Security Fix(es):* hw amd: Return Address Predictor vulnerability leading to information disclosure (CVE-2023-20569)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-20569References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2207625

Red Hat Security Advisory 2023-7109-01

Red Hat Security Advisory 2023-7096-01 - An update for python-cryptography is now available for Red Hat Enterprise Linux 8.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7096.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: python-cryptography security updateAdvisory ID:        RHSA-2023:7096-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7096Issue date:         2023-11-14Revision:           01CVE Names:          CVE-2023-23931====================================================================Summary: An update for python-cryptography is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers.Security Fix(es):* python-cryptography: memory corruption via immutable objects (CVE-2023-23931)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-23931References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2171817https://bugzilla.redhat.com/show_bug.cgi?id=2172404

Red Hat Security Advisory 2023-7096-01

Red Hat Security Advisory 2023-7090-01 - An update for libmicrohttpd is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7090.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libmicrohttpd security updateAdvisory ID:        RHSA-2023:7090-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7090Issue date:         2023-11-14Revision:           01CVE Names:          CVE-2023-27371====================================================================Summary: An update for libmicrohttpd is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:GNU libmicrohttpd is a small C library that makes it easy to run an HTTP server as part of another application.Security Fix(es):* libmicrohttpd: remote DoS (CVE-2023-27371)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-27371References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2174313

Red Hat Security Advisory 2023-7090-01

Red Hat Security Advisory 2023-7083-01 - An update for emacs is now available for Red Hat Enterprise Linux 8. Issues addressed include a code execution vulnerability.

    The following data is constructed from data provided by Red Hat's json file at:https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7083.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: emacs security updateAdvisory ID:        RHSA-2023:7083-01Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2023:7083Issue date:         2023-11-14Revision:           01CVE Names:          CVE-2022-48337====================================================================Summary: An update for emacs is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.Security Fix(es):* emacs: command execution via shell metacharacters (CVE-2022-48337)* emacs: command injection vulnerability in htmlfontify.el (CVE-2022-48339)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Additional Changes:For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-48337References:https://access.redhat.com/security/updates/classification/#moderatehttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/indexhttps://bugzilla.redhat.com/show_bug.cgi?id=2171987https://bugzilla.redhat.com/show_bug.cgi?id=2171989

Red Hat Security Advisory 2023-7083-01

Red Hat Security Advisory 2023-7077-01 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer overflow, denial of service, double free, information leakage, memory leak, null pointer, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

The following data is constructed from data provided by Red Hat's json file at:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7077.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: kernel security, bug fix, and enhancement update  
Advisory ID:        RHSA-2023:7077-01  
Product:            Red Hat Enterprise Linux  
Advisory URL:       https://access.redhat.com/errata/RHSA-2023:7077  
Issue date:         2023-11-14  
Revision:           01  
CVE Names:          CVE-2021-43975  
====================================================================

Summary: 

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: tun: avoid double free in tun_free_netdev (CVE-2022-4744)

* kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-3611, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)

* kernel: out-of-bounds write in qfq_change_class function (CVE-2023-31436)

* kernel: out-of-bounds write in hw_atl_utils_fw_rpc_wait (CVE-2021-43975)

* kernel: Rate limit overflow messages in r8152 in intr_callback (CVE-2022-3594)

* kernel: use after free flaw in l2cap_conn_del (CVE-2022-3640)

* kernel: double free in usb_8dev_start_xmit (CVE-2022-28388)

* kernel: vmwgfx: multiple vulnerabilities (CVE-2022-38457, CVE-2022-40133, CVE-2023-33951, CVE-2023-33952)

* hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)

* kernel: Information leak in l2cap_parse_conf_req (CVE-2022-42895)

* kernel: KVM: multiple vulnerabilities (CVE-2022-45869, CVE-2023-4155, CVE-2023-30456)

* kernel: memory leak in ttusb_dec_exit_dvb (CVE-2022-45887)

* kernel: speculative pointer dereference in do_prlimit (CVE-2023-0458)

* kernel: use-after-free due to race condition in qdisc_graft (CVE-2023-0590)

* kernel: x86/mm: Randomize per-cpu entry area (CVE-2023-0597)

* kernel: HID: check empty report_list in hid_validate_values (CVE-2023-1073)

* kernel: sctp: fail if no bound addresses can be used for a given scope (CVE-2023-1074)

* kernel: hid: Use After Free in asus_remove (CVE-2023-1079)

* kernel: use-after-free in drivers/media/rc/ene_ir.c (CVE-2023-1118)

* kernel: hash collisions in the IPv6 connection lookup table (CVE-2023-1206)

* kernel: ovl: fix use after free in struct ovl_aio_req (CVE-2023-1252)

* kernel: denial of service in tipc_conn_close (CVE-2023-1382)

* kernel: Use after free bug in btsdio_remove due to race condition (CVE-2023-1989)

* kernel: Spectre v2 SMT mitigations problem (CVE-2023-1998)

* kernel: ext4: use-after-free in ext4_xattr_set_entry (CVE-2023-2513)

* kernel: fbcon: shift-out-of-bounds in fbcon_set_font (CVE-2023-3161)

* kernel: out-of-bounds access in relay_file_read (CVE-2023-3268)

* kernel: xfrm: NULL pointer dereference in xfrm_update_ae_params (CVE-2023-3772)

* kernel: smsusb: use-after-free caused by do_submit_urb (CVE-2023-4132)

* kernel: Race between task migrating pages and another task calling exit_mmap (CVE-2023-4732)

* Kernel: denial of service in atm_tc_enqueue due to type confusion (CVE-2023-23455)

* kernel: mpls: double free on sysctl allocation failure (CVE-2023-26545)

* kernel: Denial of service issue in az6027 driver (CVE-2023-28328)

* kernel: lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow (CVE-2023-28772)

* kernel: blocking operation in dvb_frontend_get_event and wait_event_interruptible (CVE-2023-31084)

* kernel: net: qcom/emac: race condition leading to use-after-free in emac_remove (CVE-2023-33203)

* kernel: saa7134: race condition leading to use-after-free in saa7134_finidev (CVE-2023-35823)

* kernel: dm1105: race condition leading to use-after-free in dm1105_remove.c (CVE-2023-35824)

* kernel: r592: race condition leading to use-after-free in r592_remove (CVE-2023-35825)

* kernel: net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075)

* kernel: use-after-free bug in remove function xgene_hwmon_remove (CVE-2023-1855)

* kernel: Use after free bug in r592_remove (CVE-2023-3141)

* kernel: gfs2: NULL pointer dereference in gfs2_evict_inode (CVE-2023-3212)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.

Solution:

https://access.redhat.com/articles/11258

CVEs:

CVE-2021-43975

References:

https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.9_release_notes/index  
https://access.redhat.com/solutions/7027704  
https://bugzilla.redhat.com/show_bug.cgi?id=1975026  
https://bugzilla.redhat.com/show_bug.cgi?id=2024989  
https://bugzilla.redhat.com/show_bug.cgi?id=2037005  
https://bugzilla.redhat.com/show_bug.cgi?id=2073091  
https://bugzilla.redhat.com/show_bug.cgi?id=2112147  
https://bugzilla.redhat.com/show_bug.cgi?id=2133453  
https://bugzilla.redhat.com/show_bug.cgi?id=2133455  
https://bugzilla.redhat.com/show_bug.cgi?id=2139610  
https://bugzilla.redhat.com/show_bug.cgi?id=2147356  
https://bugzilla.redhat.com/show_bug.cgi?id=2148520  
https://bugzilla.redhat.com/show_bug.cgi?id=2149024  
https://bugzilla.redhat.com/show_bug.cgi?id=2151112  
https://bugzilla.redhat.com/show_bug.cgi?id=2151317  
https://bugzilla.redhat.com/show_bug.cgi?id=2156322  
https://bugzilla.redhat.com/show_bug.cgi?id=2165741  
https://bugzilla.redhat.com/show_bug.cgi?id=2165926  
https://bugzilla.redhat.com/show_bug.cgi?id=2166567  
https://bugzilla.redhat.com/show_bug.cgi?id=2168332  
https://bugzilla.redhat.com/show_bug.cgi?id=2173403  
https://bugzilla.redhat.com/show_bug.cgi?id=2173430  
https://bugzilla.redhat.com/show_bug.cgi?id=2173434  
https://bugzilla.redhat.com/show_bug.cgi?id=2173444  
https://bugzilla.redhat.com/show_bug.cgi?id=2174220  
https://bugzilla.redhat.com/show_bug.cgi?id=2174400  
https://bugzilla.redhat.com/show_bug.cgi?id=2175160  
https://bugzilla.redhat.com/show_bug.cgi?id=2175322  
https://bugzilla.redhat.com/show_bug.cgi?id=2175903  
https://bugzilla.redhat.com/show_bug.cgi?id=2176140  
https://bugzilla.redhat.com/show_bug.cgi?id=2177371  
https://bugzilla.redhat.com/show_bug.cgi?id=2177389  
https://bugzilla.redhat.com/show_bug.cgi?id=2178301  
https://bugzilla.redhat.com/show_bug.cgi?id=2181273  
https://bugzilla.redhat.com/show_bug.cgi?id=2181330  
https://bugzilla.redhat.com/show_bug.cgi?id=2182443  
https://bugzilla.redhat.com/show_bug.cgi?id=2183559  
https://bugzilla.redhat.com/show_bug.cgi?id=2184578  
https://bugzilla.redhat.com/show_bug.cgi?id=2185945  
https://bugzilla.redhat.com/show_bug.cgi?id=2186948  
https://bugzilla.redhat.com/show_bug.cgi?id=2187257  
https://bugzilla.redhat.com/show_bug.cgi?id=2188468  
https://bugzilla.redhat.com/show_bug.cgi?id=2189324  
https://bugzilla.redhat.com/show_bug.cgi?id=2192667  
https://bugzilla.redhat.com/show_bug.cgi?id=2192671  
https://bugzilla.redhat.com/show_bug.cgi?id=2193097  
https://bugzilla.redhat.com/show_bug.cgi?id=2193219  
https://bugzilla.redhat.com/show_bug.cgi?id=2209710  
https://bugzilla.redhat.com/show_bug.cgi?id=2213139  
https://bugzilla.redhat.com/show_bug.cgi?id=2213199  
https://bugzilla.redhat.com/show_bug.cgi?id=2213485  
https://bugzilla.redhat.com/show_bug.cgi?id=2213802  
https://bugzilla.redhat.com/show_bug.cgi?id=2214348  
https://bugzilla.redhat.com/show_bug.cgi?id=2215502  
https://bugzilla.redhat.com/show_bug.cgi?id=2215835  
https://bugzilla.redhat.com/show_bug.cgi?id=2215836  
https://bugzilla.redhat.com/show_bug.cgi?id=2215837  
https://bugzilla.redhat.com/show_bug.cgi?id=2217658  
https://bugzilla.redhat.com/show_bug.cgi?id=2218195  
https://bugzilla.redhat.com/show_bug.cgi?id=2218212  
https://bugzilla.redhat.com/show_bug.cgi?id=2218943  
https://bugzilla.redhat.com/show_bug.cgi?id=2221707  
https://bugzilla.redhat.com/show_bug.cgi?id=2223949  
https://bugzilla.redhat.com/show_bug.cgi?id=2225191  
https://bugzilla.redhat.com/show_bug.cgi?id=2225201  
https://bugzilla.redhat.com/show_bug.cgi?id=2225511  
https://bugzilla.redhat.com/show_bug.cgi?id=2230213  
https://bugzilla.redhat.com/show_bug.cgi?id=2236982  
https://issues.redhat.com/browse/RHEL-340

Red Hat Security Advisory 2023-7077-01

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances.

The prerequisites for the manifestation of this issue are:

  *  Logstash  is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format.


  *  Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration.








CVE-2023-46672: Logstash 8.11.1 Security Update (ESA-2023-26)

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters.

**IMPORTANT NOTICE**: DO NOT REPORT VULNERABILITIES SOLELY TO THE AUTHOR OR MARKETPLACE.

We urge you to report any vulnerabilities directly to us. Our mission is to ensure the safety and security of the PrestaShop ecosystem. Unfortunately, many module developers may not always recognize or acknowledge the vulnerabilities in their code, whether due to lack of awareness, or inability to properly evaluate the associated risk, or other reasons.

Given the rise in professional cybercrime networks actively seeking out these vulnerabilities, it's crucial that any potential threats are promptly addressed and the community is informed. The most effective method to do this is by publishing a CVE, like the one provided below.

Should you discover any vulnerabilities, **please report them to us at: report\[@\]security-presta.org** or visit https://security-presta.org for more information.

Every vulnerability report helps make the community more secure, and we are profoundly grateful for any information shared with us.

In the module “Orders (CSV, Excel) Export PRO” (ordersexport) from MyPrestaModules for PrestaShop, an anonymous user can perform SQL injection up to 5.0. Release 5.0 fixed this security issue.

**Summary**

*   **CVE ID**: CVE-2023-40923
*   **Published at**: 2023-11-09
*   **Advisory source**: Friends-Of-Presta.org
*   **Vendor**: PrestaShop
*   **Product**: ordersexport
*   **Impacted release**: < 5.0 (5.0 fixed the vulnerability)
*   **Product author**: MyPrestaModules
*   **Weakness**: CWE-89
*   **Severity**: critical (9.8)

**Description**

Before 5.0, sensitives SQL calls in class send.php can be executed with a trivial http call and exploited to forge a blind SQL injection throught the POST or GET submitted “key” or “save\_setting” variables.

**CVSS base metrics**

*   **Attack vector**: network
*   **Attack complexity**: low
*   **Privilege required**: none
*   **User interaction**: none
*   **Scope**: unchanged
*   **Confidentiality**: high
*   **Integrity**: high
*   **Availability**: high

**Vector string**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

**Possible malicious usage**

*   Obtain admin access
*   Steal/Remove data from the associated PrestaShop
*   Copy/paste data from sensitive tables to FRONT to expose tokens and unlock admins’s ajax scripts
*   Rewrite SMTP settings to hijack emails

**Patch**

    --- a/ordersexport/send.php
    +++ b/ordersexport/send.php
    @@ -170,7 +170,7 @@ try {
         $config = array();
         $config = Tools::unserialize(Configuration::get('GOMAKOIL_EXPORT_ORDERS_SETTINGS','', $default_shop_group_id, $default_shop_id));
         $key = Tools::getValue('key');
    -    Db::getInstance()->delete('exported_order', 'settings="'.trim($key).'"');
    +    Db::getInstance()->delete('exported_order', 'settings="'.pSQL($key).'"');
         unset($config[trim($key)]);
         $config_save =serialize($config);
         Configuration::updateValue('GOMAKOIL_EXPORT_ORDERS_SETTINGS', $config_save, false, $default_shop_group_id, $default_shop_id);
    @@ -314,7 +314,7 @@ try {
           $automatic = Tools::getValue('automatic');
           $not_exported = Tools::getValue('not_exported');
           if(isset($automatic) && $automatic && isset($not_exported) && $not_exported ){
    -        Db::getInstance()->delete('exported_order', 'settings="'.trim(Tools::getValue('save_setting')).'"');
    +        Db::getInstance()->delete('exported_order', 'settings="'.pSQL(Tools::getValue('save_setting')).'"');
           }
           $json['success'] = $ordersexport->l('Data successfully saved!', 'send');
         }
    

**Other recommendations**

*   It’s recommended to upgrade to the latest version of the module **ordersexport**.
*   Upgrade PrestaShop to the latest version to disable multiquery executions (separated by “;”) - be warned that this functionality **WILL NOT** protect your SHOP against injection SQL which uses the UNION clause to steal data.
*   Change the default database prefix ps_ with a new longer, arbitrary prefix. Nevertheless, be warned that this is useless against blackhats with DBA senior skill because of a design vulnerability in DBMS
*   Activate OWASP 942’s rules on your WAF (Web application firewall), be warned that you will probably break your backoffice and you will need to pre-configure some bypasses against this set of rules.

**Timeline**

Date

Action

2022-10-09

Issue discovered during a code reviews by 202 ecommerce

2022-10-10

Contact the author

2022-10-10

The author confirm the latest release is already fixed

2023-08-15

Request a CVE ID

2023-10-11

Received CVE ID

2023-11-09

Publication of this security advisory

**Links**

*   PrestaShop addons product page
*   National Vulnerability Database

**DISCLAIMER:** _The French Association Friends Of Presta (FOP) acts as an intermediary to help hosting this advisory. While we strive to ensure the information and advice provided are accurate, FOP cannot be held liable for any consequences arising from reported vulnerabilities or any subsequent actions taken._

Tag

#js